<ul><li>Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations.</li><li>The SSRF vulnerability exists in the pictureproxy.php file of ChatGPT, allowing attackers to inject crafted URLs and make arbitrary requests.</li><li>Veriti researchers noted over 10,000 attack attempts within a week, primarily targeting government organizations in the US.</li><li>Misconfigured Intrusion Prevention Systems and Web Application Firewalls left 35% of the analyzed companies unprotected.</li></ul>

ChatGPT SSRF bug quickly becomes a favorite attack vector

Discover more