Red Hat Security Advisory 2024-7821-03 - An update for skopeo is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7821.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: skopeo security updateAdvisory ID:        RHSA-2024:7821-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7821Issue date:         2024-10-09Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for skopeo is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7821-03

Red Hat Security Advisory 2024-7820-03 - An update for podman is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7820.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: podman security updateAdvisory ID:        RHSA-2024:7820-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7820Issue date:         2024-10-09Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for podman is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7820-03

Red Hat Security Advisory 2024-7819-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7819.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: buildah security updateAdvisory ID:        RHSA-2024:7819-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7819Issue date:         2024-10-09Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for buildah is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7819-03

Red Hat Security Advisory 2024-7818-03 - An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7818.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: containernetworking-plugins security updateAdvisory ID:        RHSA-2024:7818-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7818Issue date:         2024-10-09Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7818-03

Red Hat Security Advisory 2024-7812-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7812.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: Red Hat JBoss Enterprise Application Platform 7.4 security updateAdvisory ID:        RHSA-2024:7812-03Product:            Red Hat JBoss Enterprise Application PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7812Issue date:         2024-10-08Revision:           03CVE Names:          CVE-2024-47561====================================================================Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.Security Fix(es):* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2024-47561References:https://access.redhat.com/security/updates/classification/#criticalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2316116

Red Hat Security Advisory 2024-7812-03

Red Hat Security Advisory 2024-7811-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7811.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: Red Hat JBoss Enterprise Application Platform 7.4 Security updateAdvisory ID:        RHSA-2024:7811-03Product:            Red Hat JBoss Enterprise Application PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7811Issue date:         2024-10-08Revision:           03CVE Names:          CVE-2024-47561====================================================================Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.Security Fix(es):* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2024-47561References:https://access.redhat.com/security/updates/classification/#criticalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2316116

Red Hat Security Advisory 2024-7811-03

Red Hat Security Advisory 2024-7599-03 - Red Hat OpenShift Container Platform release 4.16.16 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, integer overflow, and out of bounds write vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7599.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.16.16 bug fix and security update  
Advisory ID:        RHSA-2024:7599-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7599  
Issue date:         2024-10-09  
Revision:           03  
CVE Names:          CVE-2023-3462  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.16.16 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.16.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.16.16. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:7602

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html

Security Fix(es):

* glibc: Out of bounds write in iconv may lead to remote code execution  
(CVE-2024-2961)  
* Hashicorp/vault: Vault’s LDAP Auth Method Allows for User Enumeration  
(CVE-2023-3462)  
* openssl: Possible denial of service in X.509 name checks (CVE-2024-6119)  
* path-to-regexp: Backtracking regular expressions cause ReDoS  
(CVE-2024-45296)  
* libexpat: Negative Length Parsing Vulnerability in libexpat  
(CVE-2024-45490)  
* libexpat: Integer Overflow or Wraparound (CVE-2024-45491)  
* libexpat: integer overflow (CVE-2024-45492)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.16/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-3462

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228020  
https://bugzilla.redhat.com/show_bug.cgi?id=2273404  
https://bugzilla.redhat.com/show_bug.cgi?id=2306158  
https://bugzilla.redhat.com/show_bug.cgi?id=2308615  
https://bugzilla.redhat.com/show_bug.cgi?id=2308616  
https://bugzilla.redhat.com/show_bug.cgi?id=2308617  
https://bugzilla.redhat.com/show_bug.cgi?id=2310908  
https://issues.redhat.com/browse/OCPBUGS-31878  
https://issues.redhat.com/browse/OCPBUGS-35850  
https://issues.redhat.com/browse/OCPBUGS-36816  
https://issues.redhat.com/browse/OCPBUGS-37654  
https://issues.redhat.com/browse/OCPBUGS-37689  
https://issues.redhat.com/browse/OCPBUGS-38687  
https://issues.redhat.com/browse/OCPBUGS-38797  
https://issues.redhat.com/browse/OCPBUGS-39377  
https://issues.redhat.com/browse/OCPBUGS-41709  
https://issues.redhat.com/browse/OCPBUGS-41905  
https://issues.redhat.com/browse/OCPBUGS-42012  
https://issues.redhat.com/browse/OCPBUGS-42015  
https://issues.redhat.com/browse/OCPBUGS-42057  
https://issues.redhat.com/browse/OCPBUGS-42113  
https://issues.redhat.com/browse/OCPBUGS-42382

Red Hat Security Advisory 2024-7599-03

Red Hat Security Advisory 2024-7590-03 - Red Hat OpenShift Container Platform release 4.12.67 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, open redirection, and out of bounds write vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7590.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.12.67 bug fix and security update  
Advisory ID:        RHSA-2024:7590-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7590  
Issue date:         2024-10-09  
Revision:           03  
CVE Names:          CVE-2024-2961  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.67 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.67. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:7592

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* glibc: Out of bounds write in iconv may lead to remote code execution  
(CVE-2024-2961)  
* webob: WebOb's location header normalization during redirect leads to  
open redirect (CVE-2024-42353)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-2961

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2273404  
https://issues.redhat.com/browse/OCPBUGS-38610  
https://issues.redhat.com/browse/OCPBUGS-41585  
https://issues.redhat.com/browse/OCPBUGS-41600  
https://issues.redhat.com/browse/OCPBUGS-41854  
https://issues.redhat.com/browse/OCPBUGS-41881  
https://issues.redhat.com/browse/OCPBUGS-42161  
https://issues.redhat.com/browse/OCPBUGS-42166

Red Hat Security Advisory 2024-7590-03

Red Hat Security Advisory 2024-7457-03 - An update for mod_jk is now available for Red Hat Enterprise Linux 9.4. Issues addressed include denial of service and information leakage vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7457.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: mod_jk bug fix update  
Advisory ID:        RHSA-2024:7457-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7457  
Issue date:         2024-10-08  
Revision:           03  
CVE Names:          CVE-2024-46544  
====================================================================

Summary: 

An update for mod_jk is now available for Red Hat Enterprise Linux 9.4.

Description:

The mod_jk module is an Apache HTTP Server plug-in that enables the Apache HTTP Server to connect with the Apache Tomcat servlet engine.

Bug Fix(es):

* Rebase to upstream 1.2.50 release (JIRA:RHEL-58855)

Security fix(es):

* mod_jk: information Disclosure / DoS (CVE-2024-46544) (JIRA:RHEL-59800)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-46544

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2314194  
https://issues.redhat.com/browse/RHEL-58855

Red Hat Security Advisory 2024-7457-03

Chatbot companion platform muah.ai was hacked and had its chatbot prompts stolen.

A hacker has stolen a massive database of users’ interactions with their sexual partner chatbots, according to 404 Media.

The breached service, Muah.ai, describes itself as a platform that lets people engage in AI-powered companion NSFW chat, exchange photos, and even have voice chats.

As you can imagine, data like this is very sensitive, so the site assures customers that communications are encrypted and says it doesn’t sell any data to third parties.

Absolute privacy promised

The stolen data, however, tells a different story. It includes chatbot prompts that reveal users’ sexual fantasies. These prompts are in turn linked to email addresses, many of which appear to be personal accounts with users’ real names.

Mauh.ai says it believes in freedom of speech and to uphold that right, it says:

> “AI technology should be for everyone, and its use case to be decided by each mature, individual adult. So that means we don’t actively censor or filter AI. So any topic can be discussed without running into a wall.”

Unfortunately, that means that filth is created to satisfy the needs of some sick users, and some of the data contains horrifying explicit references to children.

Presumably those users in particular don’t want their fantasies to be discovered, which is exactly what might happen if they are connected to your email address.

The hacker describes the platform as “a handful of open-source projects duct-taped together.” Apparently, it was no trouble at all to find a vulnerability that provided access to the platform’s database.

The administrator of Muah.ai says the hack was noticed a week ago and claims that it must be sponsored by the competitors in the “uncensored AI industry.” Which, who knew, seems to be the next big thing.

The administrator also said that Muah.ai employs a team of moderation staff that suspend and delete ALL child-related chatbots on its card gallery (where users share their creations), Discord, Reddit, etc, But in reality, when two people posted about a reportedly underage AI character on the site’s Discord server, 404 Media claims a moderator told the users to not “post that shit” here, but to go “DM each other or something.”

Muah.ai is just one example of a new breed of uncensored AI apps that offer hundreds of role-play scenarios with chatbots, and others designed to behave like a long-term romantic companion.

404 Media says it tried to contact dozens of people included in the data, including users who wrote prompts that discuss having underage sex. Not surprisingly, none of those people responded to a request for comment.

**Innovation before security**

Emerging platforms like these are often rushed into existence because there is money to be made. Unfortunately, that usually happens at the expense of security and privacy, so here are some things to bear in mind:

*   Don’t trust AI platforms that promise privacy and encryption just because they say so
*   Don’t login with your Google/Facebook/Microsoft credentials or by using your regular email address or phone number
*   Remember that anything you put online, including a service that promises privacy, has a risk of being made public

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Tag

#vulnerability