Google Gemini
Previously harmless Google API keys now expose Gemini AI data
Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such keys while scanning internet pages from organizations in various sectors, and even from Google. The problem occurred when Google introduced its Gemini assistant, and developers started […]
PromptSpy is the first known Android malware to use generative AI at runtime
Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices. In a report today, ESET researcher Lukas Stefanko explains how a new Android malware family named “PromptSpy” is abusing the Google Gemini AI model to help it achieve persistence on infected […]
Google Gemini flaw hijacks email summaries for phishing
Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. Such an attack leverages indirect prompt injections that are hidden inside an email and obeyed by Gemini when generating the message summary. Despite […]
Google says hackers abuse Gemini AI to empower their attacks
Multiple state-sponsored groups are experimenting with the AI-powered Gemini assistant from Google to increase productivity and to conduct research on potential infrastructure for attacks or for reconnaissance on targets. Google’s Threat Intelligence Group (GTIG) detected government-linked advanced persistent threat (APT) groups using Gemini primarily for productivity gains rather than to develop or conduct novel AI-enabled cyberattacks that can […]