Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.
Not related to the article at all mate.
This article is about how many plugins have Bern discovered to have implemented oath in a very insecure way and simply using them can expose your sensitive info you have linked to your chatgpt account.
IE:
You connect your github account to your chatgpt account (so you can ask chatgpt questions about your private codebase)
You install and use one of many other compromisable weakly implemented plugins
Attacker uses the weak plugin to compromise your whole account and can now access anything you attached to your account, IE they can now access your private git repos you hooked up in step 1…
Most of the attack vectors involve a basic (hard to notice) phish attack on weak oath urls.
The tricky part is the urls truly are and look legit. It isn’t a fake url, it actually links to the legit page, but they added some query params (the part after the ? In the url) that compromise the way it behaves