Attackers could have triggered dangerous actions, including controlling smart home devices via Google Home and starting Zoom video calls.
The post Gemini Voice Assistant Hijacked via Messaging Notifications appeared first on SecurityWeek.
Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack
Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue.
The post Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack appeared first on SecurityWeek.
Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks
An attacker could have planted a malicious configuration to execute commands outside the sandbox.
The post Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks appeared first on SecurityWeek.
Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access
Dozens of such keys can be extracted from apps’ decompiled code to gain access to all Gemini endpoints.
The post Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access appeared first on SecurityWeek.
PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
The malware leverages Gemini to analyze on-screen elements and ensure that it remains on the device even after a reboot.
The post PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence appeared first on SecurityWeek.
Weaponized Invite Enabled Calendar Data Theft via Google Gemini
A simple payload allowed attackers to create a new event leaking summaries of the victim’s private meetings.
The post Weaponized Invite Enabled Calendar Data Theft via Google Gemini appeared first on SecurityWeek.
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
GeminiJack is a zero-click Gemini attack that could have been exploited using specially crafted emails, calendar invites, or documents.
The post Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data appeared first on SecurityWeek.
Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results
Researchers found more methods for tricking an AI assistant into aiding sensitive data theft.
The post Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results appeared first on SecurityWeek.
Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation
Zenity has shown how AI assistants such as ChatGPT, Copilot, Cursor, Gemini, and Salesforce Einstein can be abused using specially crafted prompts.
The post Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation appeared first on SecurityWeek.
Browser Extensions Pose Serious Threat to Gen-AI Tools Handling Sensitive Data
LayerX has disclosed an AI chatbot hacking method via web browser extensions it has named ‘man-in-the-prompt’.
The post Browser Extensions Pose Serious Threat to Gen-AI Tools Handling Sensitive Data appeared first on SecurityWeek.
