Cyberdudebivash

  CyberDudeBivash Threat Intelligence Report — Sept 2025 By Bivash Kumar Nayak (CyberDudeBivash Founder) cyberdudebivash.com | cyberbivash.blogspot.com | cryptobivash.code.blog  Introduction: The Silent Threat in AI Agents AI assistants and agents like ChatGPT with Gmail/Drive connectors promise productivity — but also open new attack surfaces . In August 2025, researchers revealed a critical zero-click flaw : attackers could exfiltrate sensitive Gmail/Drive data by planting malicious prompts in linked content (docs, calendar invites, emails). The danger: zero-click exploitation — no victim interaction required, only the connector enabled.  Timeline of the Vulnerability Early 2025 : Researchers note AI agents executing hidden prompts in uploaded docs. Aug 2025 : Public disclosure by Zenity Labs & others on connector abuse. Attack vector : Malicious Google Drive doc / Gmail invite with hidden instructions → ChatGPT connector executes them...