ChatGPT Crawler Vulnerability Let Attackers Trigger DDoS Attack On Any Websites
OpenAI’s ChatGPT API has been found to have a significant crawler vulnerability that enables attackers to launch Distributed Denial of Service (DDoS) attacks on arbitrary websites. This vulnerability is a significant concern for both web administrators and enterprises since it poses substantial risks to website availability. According to Benjamin Flesch the vulnerability lies within the ChatGPT API, specifically in how it handles HTTP POST requests directed at the endpoint https://chatgpt.com/backend-api/attributions. The API is designed to process a list of hyperlinks passed through the URLs parameter.
Hackers game out infowar against China with the US Navy
Picture this: It’s 2030 and China’s furious with Taiwan after the island applies to the UN to be recognized as an independent state. After deciding on a full military invasion, China attempts to first cripple its rebellious neighbor’s critical infrastructure. That’s the scenario set up as a wargame exercise by the US Naval War College, which invited technology specialists, infrastructure experts, and hardcore hackers to study the problem. Last August, at the Black Hat and DEF CON security conferences in Las Vegas, players were separated into teams and during a three-hour session tried to stress-test Taiwanese infrastructure and look for weaknesses.
AI tool GeoSpy analyzes images and identifies locations in seconds
It’s just become even more important to be conscious about the pictures we post online. GeoSpy is an Artificial Intelligence (AI) supported tool that can derive a person’s location by analyzing features in a photo like vegetation, buildings, and other landmarks. And it can do so in seconds based on one picture. Graylark Technologies who makes GeoSpy says it’s been developed for government and law enforcement. But the investigative journalists from 404 Media report that the tool has also been used for months by members of the public, with many making videos marveling at the technology, and some asking for help with stalking specific women.
The New Face of Ransomware: Key Players and Emerging Tactics of 2024
The on-going battle law enforcement agencies worldwide fight against ransomware gangs got off to a fast start. The year’s first action took place on February 20, when international law enforcement agencies seized control of LockBit’s administration environment, including its primary Dedicated/Data Leak Site (DLS). To rub some additional salt in LockBit’s wound, authorities retained the familiar look of LockBit’s site but replaced victim-related content with press releases, indictments, and updates about the operation’s takedown. LockBit managed to resume operations shortly afterward, releasing another version of its ransomware (v4/4.0) in December, but the incident damaged its reputation and caused unease among affiliates and partners.
Major Cybersecurity Vendors’ Credentials Found on Dark Web
Thousands of account credentials belonging to major cybersecurity vendors on the dark web have been discovered by threat intelligence firm Cyble. In a January 22 report where Cyble researchers shared their findings, they said they found credentials for at least 14 security providers. The credentials have been leaked since the start of the year 2025. They were likely pulled from infostealer logs and then sold on cybercrime marketplaces in bulk for as little as $10. The exposed data range from internal accounts to customer access across web and cloud environments, suggesting that both the security vendors’ customers and staff have been compromised.
Trump Pardons Founder of Silk Road Website
President Donald Trump announced Tuesday that he had pardoned Ross Ulbricht, the founder of Silk Road, an underground website for selling drugs. Ulbricht had been sentenced to life in prison in 2015 after a high-profile prosecution that highlighted the role of the internet in illegal markets. Trump posted on Truth Social, his social media website, that he had spoken to Ulbricht’s mother on his first full day in office. “It was my pleasure to have just signed a full and unconditional pardon of her son, Ross,” he wrote. “The scum that worked to convict him were some of the same lunatics who were involved in the modern day weaponization of government against me.” Trump called Ulbricht’s prison sentence “ridiculous.” He had promised to help Ulbricht during a speech at the Libertarian Party National Convention last May.