Google Gemini indirect prompt injection via calendar invites security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Researchers disclosed a Google Gemini vulnerability in which a malicious calendar invite could use indirect prompt injection to bypass authorization guardrails and expose private meeting data through Google Calendar. The flaw matters because it could create deceptive calendar events and leak schedule details without direct user interaction.
Related Happenings
Microsoft Teams adds lobby labeling and separate admission for third-party bots
Security Tool/Service
First: 09.03.2026 19:12
Last: 09.03.2026 19:12
Sources 1
About this happening:
**Microsoft Teams** is adding **automatic lobby labels** for **external third-party bots**, making it harder for non-human participants to blend in and reducing accidental admissi...
Microsoft Teams adds lobby labeling and separate admission for third-party bots
Security Tool/ServiceAbout this happening: **Microsoft Teams** is adding **automatic lobby labels** for **external third-party bots**, making it harder for non-human participants to blend in and reducing accidental admissi...
Google API keys Gemini single-service privilege escalation privilege-escalation flaw
Vulnerability
First: 26.02.2026 22:55
Last: 26.02.2026 22:55
Sources 1
About this happening:
**Google API keys** exposed in public code became a **Gemini authentication weakness**, allowing copied keys to reach **private data** and incur **API charges** on victim accounts...
Google API keys Gemini single-service privilege escalation privilege-escalation flaw
VulnerabilityAbout this happening: **Google API keys** exposed in public code became a **Gemini authentication weakness**, allowing copied keys to reach **private data** and incur **API charges** on victim accounts...
Google Gemini leaked API key mitigation
Advisory/Mitigation
First: 26.02.2026 22:55
Last: 26.02.2026 22:55
Sources 1
About this happening:
**Google** is rolling out **mitigations for leaked API keys** that can reach **Gemini API** data, reducing the risk of unauthorized access and usage charges. New **AI Studio keys*...
Google Gemini leaked API key mitigation
Advisory/MitigationAbout this happening: **Google** is rolling out **mitigations for leaked API keys** that can reach **Gemini API** data, reducing the risk of unauthorized access and usage charges. New **AI Studio keys*...
Android click-fraud trojans using TensorFlow.js to automate hidden ad taps
Malware Activity
First: 22.01.2026 00:07
Last: 22.01.2026 00:07
Sources 1
About this happening:
The **Android click-fraud trojan family** now uses **TensorFlow.js** to identify and tap ad elements on **Android devices**, making fraudulent clicks more adaptive and harder to s...
Android click-fraud trojans using TensorFlow.js to automate hidden ad taps
Malware ActivityAbout this happening: The **Android click-fraud trojan family** now uses **TensorFlow.js** to identify and tap ad elements on **Android devices**, making fraudulent clicks more adaptive and harder to s...
Google Gemini Calendar invite prompt-injection leak path
Technical Analysis
First: 20.01.2026 19:50
Last: 20.01.2026 19:50
Sources 1
How related:
Researchers at Miggo Security, an Application Detection & Response (ADR) platform, found that they could trick Gemini into leaking Calendar data by passing the assistant natural language instructions:
About this happening:
A **Calendar invite prompt-injection** technique can make **Google Gemini** leak **private meeting details**, turning a routine scheduling query into a data-exposure path. The iss...
Google Gemini Calendar invite prompt-injection leak path
Technical AnalysisHow related: Researchers at Miggo Security, an Application Detection & Response (ADR) platform, found that they could trick Gemini into leaking Calendar data by passing the assistant natural language instructions:
About this happening: A **Calendar invite prompt-injection** technique can make **Google Gemini** leak **private meeting details**, turning a routine scheduling query into a data-exposure path. The iss...
Timeline
-
19.01.2026 19:21 2 articles · 4mo ago
Google Gemini indirect prompt injection disclosure
Initial DisclosureResearchers disclosed that a malicious calendar invite could use indirect prompt injection against Google Gemini to bypass authorization guardrails, trigger Gemini to summarize a target user's schedule, and write private meeting details into a newly created Google Calendar event that could be visible to the attacker; the issue was addressed following responsible disclosure.
Show sources
- Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites — thehackernews.com — 19.01.2026 19:21
- Gemini AI assistant tricked into leaking Google Calendar data — www.bleepingcomputer.com — 20.01.2026 19:50