HackedGPT – 7 New Vulnerabilities in GPT-4o and GPT-5 Enables 0-Click Attacks

Seven critical vulnerabilities in OpenAI’s ChatGPT, affecting both GPT-4o and the newly released GPT-5 models, that could allow attackers to steal private user data through stealthy, zero-click exploits. These flaws exploit indirect prompt injections, enabling hackers to manipulate the AI into exfiltrating sensitive information from user memories and chat histories without any user interaction beyond a simple query. The vulnerabilities stem from ChatGPT’s core architecture, which relies on system prompts, memory tools, and web browsing features to deliver contextual responses. However, Tenable researchers found that SearchGPT’s isolation is insufficient, allowing prompt injections to propagate back to ChatGPT.

To read the complete article, see: HackedGPT - 7 New Vulnerabilities in GPT-4o and GPT-5