Lucene search
+L

570 matches found

GithubExploit
GithubExploit
added 2026/02/22 8:24 a.m.179 views

gemini-exploit

Project Demo - Totally Legitimate Software Overview This...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/19 5:52 p.m.10 views

PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence

Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google's generative artificial intelligence AI chatbot, as part of its execution flow and achieves persistence. The malware has been codenamed PromptSpy by ESET. The malware is equipped to...

6.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/18 10:10 a.m.8 views

Scammers use fake “Gemini” AI chatbot to sell fake “Google Coin”

Scammers have found a new use for AI: creating custom chatbots posing as real AI assistants to pressure victims into buying worthless cryptocurrencies. We recently came across a live "Google Coin" presale site featuring a chatbot that claimed to be Google's Gemini AI assistant. The bot guided...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/16 12:0 a.m.15 views

AI Arms and Influence: Frontier Models Exhibit Sophisticated Reasoning in Simulated Nuclear Crises

Today's leading AI models engage in sophisticated behaviour when placed in strategic competition. They spontaneously attempt deception, signaling intentions they do not intend to follow; they demonstrate rich theory of mind, reasoning about adversary beliefs and anticipating their actions; and th...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/12 5:57 p.m.12 views

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence AI model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber...

8.8CVSS8.1AI score0.80906EPSS
Exploits35
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.7 views

Security Assessment of Intel TDX with Support for Live Migration

In the second and third quarters of 2025, Google collaborated with Intel to conduct a security assessment of Intel Trust Domain Extensions TDX, extending Google's previous review and covering major changes since Intel TDX Module 1.0 - namely support for Live Migration and Trusted Domain TD...

5.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/09 3:17 p.m.10 views

AI chat app leak exposes 300 million messages tied to 25 million users

An independent security researcher uncovered a major data breach affecting Chat & Ask AI, one of the most popular AI chat apps on Google Play and Apple App Store, with more than 50 million users. The researcher claims to have accessed 300 million messages from over 25 million users due to an...

5.6AI score
Exploits0
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.13 views

Google Gemini Enterprise 安全漏洞

Google Gemini Enterprise is a generative AI platform developed by Google, Inc. of the United States. There is a security vulnerability in Google Gemini Enterprise, which stems from the use of predictable Google Cloud Storage bucket names. This vulnerability may allow attackers to preemptively tak...

9.1CVSS5.8AI score0.00253EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.7 views

Whispers of Wealth: Red-Teaming Google's Agent Payments Protocol Via Prompt Injection

Large language model LLM based agents are increasingly used to automate financial transactions, yet their reliance on contextual reasoning exposes payment systems to prompt-driven manipulation. The Agent Payments Protocol AP2 aims to secure agent-led purchases through cryptographically verifiable...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/24 9:15 a.m.7 views

CVE-2026-0755

gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS6.5AI score0.03336EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 4:16 a.m.9 views

CVE-2026-0755

gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS0.03336EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 3:26 a.m.4 views

CVE-2026-0755

gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS6.3AI score0.03336EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/23 3:26 a.m.4 views

CVE-2026-0755 gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability

gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS6.5AI score0.03336EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 3:26 a.m.38 views

CVE-2026-0755

CVE-2026-0755 affects the gemini-mcp-tool, specifically the execAsync method. The flaw is an OS command injection (CWE-78) caused by insufficient validation of user-supplied input before it is used in a system call, enabling unauthenticated remote code execution. Attackers could run arbitrary cod...

9.8CVSS6.5AI score0.03336EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 3:26 a.m.35 views

CVE-2026-0755 gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability

gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS0.03336EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.9 views

Google Gemini MCP Tool operating system command injection vulnerability

Google Gemini MCP Tool is a tool component developed by Google Inc., based on large model context protocols. Google Gemini MCP Tool has a vulnerability related to operating system command injection. This vulnerability stems from the execAsync method, which executes system calls without verifying...

9.8CVSS7.5AI score0.03336EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/21 8:56 a.m.167 views

context_compaction

Google ADK Context Compaction POC A proof of concept demonstr...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/19 5:21 p.m.45 views

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The vulnerability, Miggo Security's Head of Research, Liad...

9.2CVSS7.7AI score0.00537EPSS
Exploits0
HackRead
HackRead
added 2026/01/19 1:35 p.m.10 views

Google Gemini AI Tricked Into Leaking Calendar Data via Meeting Invites

Cybersecurity researchers at Miggo Security found a flaw in Google Gemini that uses calendar invites to steal private data. Learn how this silent attack bypasses security...

5.4AI score
Exploits0
OSV
OSV
added 2026/01/16 8:42 a.m.6 views

BIT-KIBANA-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector

External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...

8.6CVSS6.6AI score0.00417EPSS
Exploits1References5
Rows per page
Query Builder