Google Gemini Vulnerability Enables Hidden Phishing in Gmail
Originally Published 6 months ago — by CyberSecurityNews
Security researchers have discovered a vulnerability in Google Gemini for Workspace that allows attackers to embed hidden malicious instructions in emails, which can manipulate the AI assistant to display fake security warnings and facilitate credential theft and social engineering attacks. The attack exploits the AI's processing of crafted HTML and CSS to hide instructions, affecting multiple Google Workspace products and potentially enabling AI-driven worms. Organizations are advised to implement mitigation strategies such as HTML sanitization and user awareness training.