VulnHub

Real-time Cybersecurity News

Back to all threats

Fake ChatGPT Atlas Browser Used in ClickFix Attack to Steal Passwords

Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Actively Exploited
CriticalMalware

Summary

Cybersecurity researchers have identified a serious attack involving a fake ChatGPT Atlas browser, which is being used in ClickFix attacks to steal user passwords. This highlights the increasing threat posed by such malicious tactics in the cybersecurity landscape.

Original Article Summary

Cybersecurity researchers have uncovered a critical ChatGPT Atlas browser attack, confirming the danger of the ongoing surge in the ClickFix threat.

Impact

ChatGPT Atlas browser, ClickFix threat

In the Wild

Yes

Timeline

Newly disclosed

Remediation

Users should avoid downloading or using unverified browser extensions and ensure their passwords are strong and unique. Regularly updating passwords and enabling two-factor authentication is also recommended.

Read Original Article

Related Coverage

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

Security Affairs

A hacking campaign has been targeting GlobalProtect logins and scanning SonicWall APIs since December 2, 2025. The attack is significant due to its scale, involving over 7,000 IP addresses linked to a German hosting provider, indicating a coordinated effort that poses a serious threat to the security of affected systems.

Dec 6, 2025

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

The Hacker News

Over 30 security vulnerabilities have been identified in AI-powered Integrated Development Environments (IDEs), collectively termed IDEsaster. These vulnerabilities combine prompt injection techniques with legitimate features, allowing for potential data exfiltration and remote code execution, posing significant risks to developers and organizations using these tools.

Dec 6, 2025

Your smart home is at risk - 6 ways to protect your devices from attack

Latest news

This article discusses the cybersecurity risks associated with smart home devices and emphasizes the importance of minimizing entry points to enhance security. It highlights the growing concern over vulnerabilities in smart home technology and the potential for unauthorized access and attacks.

Dec 6, 2025

Attackers hit React defect as researchers quibble over proof

CyberScoop

The article discusses a React vulnerability that has been reportedly exploited by attackers, leading to a debate among researchers about the existence of concrete evidence for these attacks. While some researchers claim to have seen proof of concepts demonstrating the exploit, others argue that there is insufficient evidence of actual attacks occurring, complicating the response efforts.

Dec 5, 2025

Barts Health NHS discloses data breach after Oracle zero-day hack

BleepingComputer

Barts Health NHS Trust has reported a data breach involving the Clop ransomware group, which exploited a vulnerability in the Oracle E-business Suite software to steal files from their database. This incident highlights the ongoing risks associated with unpatched software vulnerabilities and the potential for significant data loss in healthcare organizations.

Dec 5, 2025

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

The Hacker News

A new zero-click attack has been identified that targets the Perplexity Comet browser, allowing malicious emails to delete all contents of a user's Google Drive. This technique exploits the automation capabilities of the browser when connected to Gmail and Google Drive, posing a significant risk to users' data security.

Dec 5, 2025