Cybersecurity Threats: Fake ChatGPT Installers, Fortinet Exploits, and Password Weaknesses

CISA's Stabilization and Security Updates

• 🎯 Acting Director Madu Gadamukala assured Congress that CISA has stabilized and expects no further organizational changes in fiscal year 2026, despite staffing reductions.
• 💻 Google and Cisco have released urgent patches for critical vulnerabilities in their respective products, including Chrome's V8 JavaScript engine and Cisco's enterprise communication platforms.
• ⚠️ Fortinet FortiGate firewalls are under automated attack, with attackers creating rogue accounts and exporting configurations, potentially exploiting an unknown weakness in the single sign-on feature.

Global Spam and Account Takeover Attempts

• 📧 A global spam campaign is leveraging unsecured Zendesk support systems, turning legitimate platforms into mass spam engines with disruptive, though not directly malicious, emails.
• 🔑 LastPass is warning users of a phishing campaign impersonating the company, attempting to steal master passwords by creating a false sense of urgency for vault backups.
• 📱 Greek authorities have arrested individuals for operating a sophisticated fake cell tower scam in Athens, using rogue base stations to intercept mobile connections and conduct smishing campaigns.

AI Security Concerns and Pwn2Own Automotive

• 🤖 Executives at the World Economic Forum in Davos expressed significant concerns over AI security, highlighting immature industrial-grade security frameworks for AI agents and data protection reassessments.
• 🚗 The Pwn2Own Automotive 2026 event demonstrated the profitability of hacking cars and EV chargers, with researchers earning over $439,000 for discovering 29 zero-day vulnerabilities.

Fake ChatGPT Installer and Clickjacking Attack

• 💡 Kaushik Devireddy, AI data scientist at Fable Security, detailed an attack involving a fake ChatGPT installer that mimicked the legitimate site but led users to download info-stealer malware.
• 🖱️ The attack employed a novel clickjacking strategy, where users were prompted to run a command on their computer to download the supposed AI browser, bypassing traditional phishing email vectors.
• 🔒 The malware required pseudo permissions, asking for the system password, and was not detected by an EDR on a sandbox environment, highlighting the need for user awareness beyond technical controls.

Persistent Password Weaknesses

• classic 123456, password, and admin remain the most common passwords, according to an analysis of 6 billion leaked credentials, indicating a lack of user evolution in password security habits.
• ⚙️ These predictable credentials continue to provide attackers with easy access to VPNs, Active Directory, and cloud services, with even complex passwords often being variations of old favorites.