ChatGPT data breach, Microsoft Windows Critical Patches, Google Chrome Patch, Samsung Patch and vulnerable home routers

by Garrett Brown | Dec 2, 2025 | Security Alerts | 0 comments

November was a busy security month and a stark reminder that corporate security extends beyond the realm of traditional corporate networks and into the homes and private devices of staff. Several critical updates were released to address zero-day exploits in Microsoft Windows, Samsung phones and the Google Chrome browser. We also learned of a widely hyped breach of OpenAI/ChatGPT data through a 3rd party compromise of Mixpanel. Lastly, we learn of the challenges in maintaining secure home network environments and the potential impact on your businesses.

As always prompt action and user education remain essential to safeguarding your organization.

OpenAI/ChatGPT:

A limited number of OpenAI/ChatGPT users had their data was exposed through a 3rd party analytics platform called Mixpanel.
Data exposed does not include personal data, but does include data that can be used to perpetrate phishing and other schemes.
OpenAI is notifying any users impacted by the breach.

Samsung:

The US government agency in charge of securing infrastructure, CISA, issued a warning about active exploitation of a security vulnerability allowing attackers to install spyware on Samsung flagship phones such as Galaxy S22, S23, and S24 as well as the Z Fold 4 and Z Flip 4. The spyware can access the victim’s browsing history, recording calls and audio, tracking their location, as well as accessing photos, contacts, SMS, call logs, and files. The patch has been available since April but deployment has not been widespread.

Microsoft Windows:

Microsoft disclosed many patches as part of its regular monthly patch cycle. However, this last month included 1 0-day and 2 remote code execution vulnerabilities. This is also the first month that Windows 10, without extended security updates (ESU), will miss critical security patches. Failure to patch these vulnerabilities represents a significant risk to your users and organization.

Chrome:

Google patched a 0-day vulnerability actively under exploitation in its Chrome web browser. Updating is critical to maintaining security of your users and organization.

Home Routers:

Home Internet and Wireless routers are easy targets for attackers. Once compromised they are used to monitor user traffic, redirect traffic and trick users into data disclosure schemes, or execute denial of service attacks against high profile targets to take website and other systems offline. Typically, home users are not technical and do not update or replace their equipment regularly. As a result, many homes use unsupported and outdated internet and wireless routers putting themselves and their employers at risk. This month ASUS and D-Link issued several alerts about unsupported and out of date systems being vulnerable and under exploitation.

What do I need to do?

OpenAI/ChatGPT Data Disclosure: If you have been notified about you or your organizations data being disclosed in the breach. Notify your users and advise them that this information can be used as part of email, text or phone phishing scams to try and trick them into disclosing data or taking unauthorized actions. Regular end user security awareness training is recommended.
Samsung: Users should be advised to update their Samsung phones as soon as possible using these linked instructions.
- Users should install the Google Play Protect app to ensure their systems stay secure ongoing from malicious software. Instructions can be found here.
- If users have reason to believe their systems may be compromised, this article provides good guidance on evaluating your mobile device and if necessary resetting your device.
Microsoft Windows: All Windows systems users should complete the installation of patches when prompted and not delay. Updates can be manually installed following the directions below:
- Microsoft Windows: https://support.microsoft.com/en-us/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a
Google Chrome: Google Chrome has a built-in mechanism for updating itself, however it requires restarting the browser occasionally. Users should be advised to restart their browsers and check the status of their Chrome updates using the linked instructions below. For our clients who subscribe to our security and management tools, updates should be applied automatically.
- Check and update Chrome: https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop
Home Router Security: Advise your home users to evaluate their home networks and ensure they’re using a system that is supported and the keep up-to-date. We recommend using a system that allows for easy administration and updating like many of the Mobile App driven “mesh” systems. Using an ISP provided router is also a good option as the ISP is responsible for updating and replacement as needed. Users should take the following actions to confirm their environments are secure:
- Run a simple browser scan to see if their systems show indications of malicious traffic. Visit the link here. If the result indicates a potential problem, they should take additional steps to check their router and devices on their network.
- Check their home Internet and Wireless routers with their MFG to make sure they’re currently supported and have the latest firmware updates
  - D-Link: https://support.dlink.com/
  - ASUS: https://www.asus.com/rs-en/support/download-center/
  - Netgear: https://www.netgear.com/support/home/downloads
  - Linksys: https://support.linksys.com/kb/article/101-en/
  - eero: https://support.eero.com/hc/en-us/articles/213372343-When-can-I-update-my-network-s-eeroOS#
- We recommend against using TP-Link. More info can be found here.