Oktacron - Cyber Security RSS Feeds History

OpenAI’s New Enterprise Security Mode Locks Down ChatGPT Against Prompt Injection

cyberexpress Feb 18, 2026 Cyber News

OpenAI deployed two security features targeting prompt injection attacks that exploit AI systems' growing connectivity to external networks and applications. Lockdown Mode and Elevated Risk labels, announced last week, represent a shift from relying solely on model training to implementing deterministic show more ...

infrastructure controls that physically prevent data exfiltration regardless of prompt manipulation. What You Need to Know About the Lockdown Mode Lockdown Mode is an optional security setting designed for high-risk users including executives and security teams at prominent organizations who require protection against advanced threats. The feature tightly constrains how ChatGPT interacts with external systems through deterministic restrictions that eliminate attack surfaces prompt injection exploits. The mode's core protection mechanism limits web browsing to cached content only. No live network requests leave OpenAI's controlled network, preventing attackers from tricking ChatGPT into sending sensitive conversation data to external servers. This addresses scenarios where malicious websites contain hidden instructions designed to manipulate AI into exfiltrating confidential information through browsing activity. Additional restrictions disable capabilities that cannot provide "strong deterministic guarantees of data safety." ChatGPT responses cannot include images, Deep Research and Agent Mode are disabled, users cannot approve Canvas-generated code for network access, and the system cannot download files for data analysis, though manually uploaded files remain usable. Workspace administrators on ChatGPT Enterprise, Edu, Healthcare and Teachers plans activate Lockdown Mode by creating specialized roles through Workspace Settings. Admins retain granular control over which apps and specific actions remain available even when Lockdown Mode is engaged. The Compliance API Logs Platform provides visibility into app usage, shared data and connected sources. OpenAI said Lockdown Mode is not necessary for most users. The feature targets a small subset of highly security-conscious individuals who face elevated targeting risk and handle exceptionally sensitive organizational data. The company plans consumer availability in coming months following the enterprise rollout. Also read: OpenAI Launches Trusted Access for Cyber to Expand AI-Driven Defense While Managing Risk All About Elevated Risk Labels Complementing Lockdown Mode's preventative approach, Elevated Risk labels provide transparency about features introducing unresolved security vulnerabilities. The standardized labeling system appears across ChatGPT, ChatGPT Atlas and Codex whenever users enable network-related capabilities that may increase exposure. In Codex, OpenAI's coding assistant, developers can grant network access so the system can look up documentation or interact with websites. The settings screen now displays an Elevated Risk label explaining what changes when network access is enabled, what threats it introduces and when that access is appropriate. The labels represent educational signals rather than prohibitions, empowering users to make informed decisions about risk acceptance. OpenAI stated it will remove Elevated Risk labels as security advances mitigate identified threats, and will continue updating which features carry labels to best communicate risk. The dynamic labeling approach acknowledges that some network-related capabilities introduce risks current industry mitigations do not fully address. The security enhancements build on existing protections including sandboxing, protections against URL-based data exfiltration, monitoring and enforcement systems, and enterprise controls like role-based access and audit logs. The layered approach reflects recognition that as AI systems become more capable and connected, single-point security controls prove insufficient. An Effort to Negate Prompt Injection Attacks Prompt injection attacks manipulate AI systems by embedding malicious instructions in external content that conversational models process. When ChatGPT accesses web pages, reads documents or interacts with third-party applications, attackers can hide commands within that content designed to override the system's intended behavior. Successful attacks extract conversation history, connected app data or sensitive organizational information without user awareness. The vulnerability stems from language models' inability to reliably distinguish between legitimate instructions from system prompts and malicious instructions embedded in user-supplied or externally sourced content. Traditional security measures focusing on input validation and output filtering have proven inadequate because sophisticated prompt injection techniques can bypass content-level filters. OpenAI's infrastructure-level restrictions in Lockdown Mode sidestep this challenge by physically preventing the actions attackers attempt to trigger. Rather than trusting the model to refuse malicious requests, the system architecture makes those requests impossible to execute regardless of prompt manipulation sophistication.

Attackers Deploy Dormant Backdoors in Ivanti EPMM to Bypass Patching of Latest 0-Days

cyberexpress Feb 18, 2026 Vulnerability News

Threat actors weaponized two Ivanti zero-days so quickly that security teams discovered web shells already installed on servers—using arithmetic expansion in bash scripts to slip past authentication entirely. Researchers at Palo Alto Network's Unit 42 documented widespread exploitation of two Ivanti EPMM show more ...

vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, which revealed attackers moving from initial reconnaissance to deploying persistent backdoors designed to survive patching cycles. The critical vulnerabilities affecting Ivanti Endpoint Manager Mobile allow unauthenticated remote code execution through a deceptively simple bash arithmetic expansion trick that transforms mobile device management infrastructure into attacker-controlled command posts. Palo Alto Networks' Cortex Xpanse identified over 4,400 EPMM instances exposed on the public internet, representing massive attack surface across state and local government, healthcare, manufacturing, professional services and high-technology sectors in the United States, Germany, Australia and Canada. CISA added CVE-2026-1281 to its Known Exploited Vulnerabilities catalog, signaling the threat's severity and requiring federal agencies to patch by February 1. Also read: Ivanti Patches Two Zero-Days in Mobile Manager After Attackers Exploit Vulnerable Systems Exploitation Chain and Attack Patterns of Ivanti EPMM Bugs The exploitation leverages legacy bash scripts Apache uses for URL rewriting in EPMM's In-House Application Distribution and Android File Transfer features. Both vulnerabilities score 9.8 on the CVSS scale, meaning attackers need no credentials, no user interaction and no complex preconditions—just a malicious HTTP GET request to gain complete server control. The technical mechanics reveal sophisticated abuse of bash's arithmetic expansion feature. Attackers send HTTP requests to vulnerable endpoints like /mifs/c/appstore/fob/ with specially crafted parameters. The attack manipulates how bash resolves variables during arithmetic operations by setting one parameter to point to another variable name, then embedding malicious commands inside that second variable as an array index. When the vulnerable script attempts arithmetic comparison using the first variable, bash automatically resolves it by looking up the second variable. Inside that variable, attackers nest their payload within array index notation. Bash executes the command while resolving the array, achieving code execution through what appears to be simple variable comparison. Unit 42 observed multiple attack patterns demonstrating both automated scanning and targeted operations. Reconnaissance attempts used simple sleep commands to verify vulnerability—if servers paused exactly five seconds before returning errors, attackers confirmed they achieved remote code execution and immediately followed up with malicious payloads. Reverse shell attempts established outbound connections to attacker-controlled servers, with captured traffic showing commands like ncat connecting to IP addresses on ports 443 and 8443. These connections give attackers interactive terminal access to compromised systems, enabling manual exploration and privilege escalation. Web shell installations proved particularly concerning. Attackers deployed lightweight JSP web shells with innocuous names like 401.jsp, 403.jsp and 1.jsp at the filepath /mi/tomcat/webapps/mifs/. If web servers run as root or Administrator—common in EPMM deployments—attackers gain full administrative control. The web shells enable persistent access that survives reboots and provides backup entry points if other access methods get discovered. Malware download campaigns demonstrated coordination with broader criminal infrastructure. Some attacks attempted to bypass authentication and immediately download second-stage payloads. One campaign involved installing the Nezha monitoring agent, an open-source server monitoring tool, with special parameters that fetched from Gitee if victims were located in China—maximizing victim reach across geographic boundaries. Botnet activity emerged as attackers integrated compromised EPMM servers into larger criminal networks. The combination of web shells, reverse shells and monitoring agents suggests attackers aim to transform enterprise mobile management platforms into nodes within distributed attack infrastructure rather than pursuing single-target objectives. The exploitation timeline reveals threat actors' acceleration capabilities. Organizations that hadn't patched within days of disclosure found their systems already compromised with dormant backdoors installed. These backdoors remain hidden until attackers need them, potentially surviving patch deployment if organizations fail to hunt for indicators of compromise before remediation. Fixes Available Ivanti released RPM scripts providing temporary mitigation for affected versions. Organizations running versions 12.5.0.x, 12.6.0.x and 12.7.0.x should deploy RPM 12.x.0.x, while those on 12.5.1.0 and 12.6.1.0 require RPM 12.x.1.x. Applying patches requires no downtime and causes no functional impact. However, Ivanti warns that upgrading to new versions requires reinstalling the RPM since patches don't persist across version changes. The permanent fix arrives with version 12.8.0.0, scheduled for release later in Q1 2026. Organizations suspecting compromise should not attempt cleaning affected systems. Ivanti recommends either restoring EPMM from known-good backups taken before exploitation or rebuilding appliances and migrating data to replacement systems. Post-restoration, administrators must reset passwords for local EPMM accounts, LDAP and KDC service accounts, revoke and replace public certificates, and reset passwords for all internal and external service accounts configured with EPMM. The comprehensive password reset reflects how deeply attackers can infiltrate once they achieve initial code execution. Unit 42 provided XQL queries enabling Cortex XDR customers to hunt for exploitation signs. One query parses EPMM logs for HTTP requests matching exploitation URI parameters, extracting version numbers to help security teams identify vulnerable software. A second query analyzes firewall logs for traffic patterns consistent with exploitation attempts. Organizations with internet-facing management interfaces must adopt assumed breach mentality, treating these vulnerability disclosures as potential compromise requiring immediate forensic investigation alongside patching efforts.

Responsible AI at Scale Demands Cyber Readiness, Experts at India AI Impact Summit Warn

cyberexpress Feb 18, 2026 Cyber Essentials

At the India AI Impact Summit 2026, the spotlight turned to a critical question: how do we scale artificial intelligence without scaling risk? During a high-level panel discussion titled “Responsible AI at Scale: Governance, Integrity, and Cyber Readiness for a Changing World,” leaders from government, show more ...

cybersecurity, public policy, and academia gathered to examine what it truly takes to deploy AI safely and responsibly. The session brought together Sanjay Seth, Minister of State for Defence; Lt Gen Rajesh Pant, Former National Cyber Security Coordinator of India; Beenu Arora, Co-Founder & CEO of Cyble; Jay Bavisi, Founder and Chairman of EC-Council; Carly Ramsey, Director & Head of Public Policy (APJC) at Cloudflare; Dr. Subi Chaturvedi, Global SVP & Chief Corporate Affairs and Public Policy Officer at InMobi; and Anna Sytnik, Associate Professor at St. Petersburg State University. The discussion was moderated by Vineet, Founder & Global President of CyberPeace. Opening the session, Rekha Sharma, Member of Rajya Sabha, set the tone by emphasizing the importance of balancing AI-driven innovation with governance, integrity, and long-term societal trust. As India positions itself as a key voice in shaping global AI policy, the message from the panel was clear — responsible AI at scale requires not just ambition, but strong governance frameworks and serious cyber readiness. Responsible AI at Scale Requires Governance and Real Security Testing While governance frameworks were widely discussed, one of the most practical interventions came from Beenu. Drawing from his early career in penetration testing, he reminded the audience that AI systems must be challenged before they are trusted. “I think my final take is based upon how I started my career, which was trying to hack them on a penetration test,” he said. That early experience shaped his recommendation for enterprises, academia, and governments building AI systems today. “For enterprises or any academia, I think red teaming — which is basically trying to hack your AI infrastructure, AI models, or AI assumptions, or stress testing them from a security standpoint — is going to be most critical,” he explained. In simple terms, if organizations are serious about Responsible AI at Scale, they must actively try to break their own systems before adversaries do. Red teaming AI models, infrastructure, and assumptions is not an aggressive move — it is a responsible one. Beenu stressed that this urgency stems from where the ecosystem currently stands. “Especially at these stages where we are still building up the entire security infrastructure around here,” he noted, pointing to the fragility of evolving AI security systems. His conclusion was direct and policy-relevant: “That would be my biggest recommendation for enterprises and governments also.” The Deepfake Reality: AI Threats Are Already Industrialized To highlight the urgency, Beenu shared a personal example of how AI-powered threats are no longer theoretical. “Three years ago, my chief of staff got a WhatsApp call mimicking my own voice, asking to process a transaction. She got suspicious and eventually figured out this was a deepfake call.” What was once a novelty is now operating at scale. “On average, we are seeing around 70 to 100 thousand new deepfake audio calls in our systems — and many of them are very, very sophisticated. In fact, many are bypassing our own detection.” The implication is stark: AI-driven deception is becoming industrialized. Deepfake audio and video are no longer fringe experiments — they are operational tools used in real-world attack chains. Beenu further highlighted the financial consequences: “Today, we have had companies who lost millions of dollars because of a deepfake video on a Zoom or Teams call asking someone to do something.” These incidents illustrate a structural shift. AI is no longer just a productivity enabler — it is an active component in modern cyberattacks. AI Governance Must Match the Speed of Innovation The broader discussion reinforced that Responsible AI at Scale cannot rely on policy statements alone. It requires adaptive AI governance that reflects national priorities, socio-economic diversity, and security realities. International AI standards must be contextualized. Transparency must be embedded into system design. Accountability must be clearly assigned. And cyber readiness cannot be postponed until after deployment. The panel agreed that innovation and oversight must move together. If governance lags too far behind technological advancement, trust erodes. Building AI Security Infrastructure Before Scaling Further A key takeaway from the summit was that innovation and security cannot operate on separate tracks. As AI adoption expands across defense, finance, healthcare, and public services, AI security infrastructure must evolve just as quickly. Responsible AI at Scale means: Stress-testing AI systems continuously Strengthening cyber resilience frameworks Embedding transparency into AI models Preparing institutions for large-scale AI risks India’s ambition to shape global AI norms depends not only on technological capability, but also on credibility and trust. The discussion made one thing clear that scaling AI responsibly is not about slowing progress. It is about strengthening it. And as Beenu stressed out, rigorously testing AI systems today may be the most responsible step toward protecting societies tomorrow.

Zero-Day in Dell RecoverPoint Exploited by Chinese Hacker Group

cyberexpress Feb 18, 2026 Firewall Daily

A critical zero-day vulnerability, tracked as CVE-2026-22769, is being actively exploited in Dell Technologies’ RecoverPoint for Virtual Machines. According to Mandiant and Google Threat Intelligence Group (GTIG), the flaw carries a perfect score severity score of 10, and has been weaponized by a Chinese threat show more ...

cluster, identified as UNC6201. Dell RecoverPoint for Virtual Machines is designed to manage backup and disaster recovery for VMware virtual machines. However, exploitation of CVE-2026-22769 enables unauthenticated attackers to gain access to the underlying system and maintain root-level persistence through a hardcoded credential weakness. How CVE-2026-22769 Was Exploited During multiple incident response engagements, Mandiant and GTIG determined that UNC6201 had been exploiting CVE-2026-22769 since at least mid-2024. The vulnerability stems from hardcoded default credentials embedded in configuration files associated with Apache Tomcat Manager on Dell RecoverPoint appliances. Investigators found the credentials in /home/kos/tomcat9/tomcat-users.xml. Using these credentials, attackers could authenticate to the Tomcat Manager interface and deploy malicious WAR files via the /manager/text/deploy endpoint. In observed cases, this resulted in the installation of a SLAYSTYLE web shell. Also read: Chinese Hackers Weaponize Claude AI to Execute First Autonomous Cyber Espionage Campaign at Scale Web logs stored in /home/kos/auditlog/fapi_cl_audit_log.log revealed suspicious requests to /manager, particularly PUT /manager/text/deploy?path=/<MAL_PATH>&update=true. Uploaded WAR files were typically located in /var/lib/tomcat9, with compiled artifacts found in /var/cache/tomcat9/Catalina. Analysts were advised to investigate Tomcat logs under /var/log/tomcat9/, including Catalina events such as org.apache.catalina.startup.HostConfig.deployWAR. The earliest confirmed exploitation of CVE-2026-22769 dates back to mid-2024. UNC6201’s Malware Evolution: From BRICKSTORM to GRIMBOLT The campaign tied to UNC6201 shows a notable evolution in tooling. Initially, attackers deployed BRICKSTORM malware. However, in September 2025, investigators observed older BRICKSTORM binaries being replaced with a newly identified backdoor called GRIMBOLT. GRIMBOLT, written in C# and compiled using native ahead-of-time (AOT) compilation, represents a tactical shift. Unlike traditional .NET software that relies on just-in-time (JIT) compilation, native AOT binaries are compiled directly to machine code. Introduced to .NET in 2022, this method enhances performance on resource-constrained appliances like Dell RecoverPoint systems and complicates static analysis by eliminating common intermediate language (CIL) metadata. GRIMBOLT was also packed with UPX and provided remote shell capabilities while using the same command-and-control infrastructure previously associated with BRICKSTORM. Investigators could not determine whether the shift to GRIMBOLT was pre-planned or a reaction to incident response efforts by Mandiant and other industry partners. Persistence mechanisms were established by modifying a legitimate shell script, /home/kos/kbox/src/installation/distribution/convert_hosts.sh, which executes at boot via rc.local. The attackers appended the backdoor path to this script to ensure continued access. Broader VMware Pivoting and New Tactics Beyond exploiting CVE-2026-22769 in Dell RecoverPoint, UNC6201 expanded its operations into VMware environments. Although the initial access vector was not confirmed, the actor is known to target edge appliances such as VPN concentrators. Mandiant documented the creation of “Ghost NICs,” temporary network interfaces added to virtual machines on ESXi servers. These interfaces enabled stealthy pivoting into internal and SaaS infrastructure. In compromised vCenter appliances, analysts recovered iptables commands executed via the SLAYSTYLE web shell. These commands implemented Single Packet Authorization (SPA) by: Monitoring port 443 for a specific hexadecimal string Adding the source IP to an approved list Allowing connections to port 10443 if the IP was listed Redirecting traffic from port 443 to 10443 for 300 seconds This redirection mechanism facilitated covert access while limiting exposure. Indicators of Compromise Linked to CVE-2026-22769 and UNC6201 Several malware samples and network indicators were tied to the campaign: GRIMBOLT Files support — SHA256: 24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c out_elf_2 — SHA256: dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591 SLAYSTYLE default_jsp.java — SHA256: 92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a BRICKSTORM Samples SHA256: aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878 splisten — SHA256: 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df Additional hashes: 320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035 45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830 Network Indicators C2 Endpoint: wss://149.248.11.71/rest/apisession C2 IP: 149.248.11.71 YARA rules released by GTIG include: G_APT_BackdoorToehold_GRIMBOLT_1 G_Hunting_BackdoorToehold_GRIMBOLT_1 G_APT_BackdoorWebshell_SLAYSTYLE_4

Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto

darkreading Feb 18, 2026 Feed

A convincing presale site for phony "Google Coin" features an AI assistant that engages victims with a slick sales pitch, funneling payment to attackers.

Dell's Hard-Coded Flaw: A Nation-State Goldmine

darkreading Feb 18, 2026 Feed

A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware.

Singapore & Its 4 Major Telcos Fend Off Chinese Hackers

darkreading Feb 18, 2026 Feed

After detecting a zero-day attack, the country's effective response was attributed to the tight relationship between its government and private industry.

A CISO's Playbook for Defending Data Assets Against AI Scraping

darkreading Feb 18, 2026 Feed

Discover a strategic approach to govern scraping risks, balance security with business growth, and safeguard intellectual capital from automated data harvesting.

Threat Intelligence Has a Human-Shaped Blind Spot

darkreading Feb 18, 2026 Feed

How I realized what I was taught to about threat intelligence was missing something crucial.

Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot

darkreading Feb 18, 2026 Feed

CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.

Fed agencies ordered to patch Dell bug by Saturday after exploitation warning

cyware Feb 18, 2026 Cybercrime

Dell and Google released notices on Tuesday about CVE-2026-22769, warning that a sophisticated Chinese actor has been targeting the bug since at least mid-2024.

Texas sues TP-Link, alleging it allows China to hack into routers

cyware Feb 18, 2026 Cybercrime

Attorney General Ken Paxton announced the lawsuit on Monday and said it is the first of several that will be filed this week against companies affiliated with China's government.