Find notable cyber news and cases, enriched with sources, timelines, and signals.

Google Gemini Calendar invite prompt-injection leak path

Technical Analysis
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

A Calendar invite prompt-injection technique can make Google Gemini leak private meeting details, turning a routine scheduling query into a data-exposure path. The issue matters because the malicious instructions are embedded in event content and can be executed when Gemini parses the calendar data.

Related Happenings

Google Gemini on Android notification-injection bypass using Fake Context Alignment

Technical Analysis
H score16 First: 03.06.2026 22:11 Last: 03.06.2026 22:11 Sources 1

About this happening: Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...

PromptSpy backdoor for Android with Gemini API automation

Malware Activity
H score22 First: 11.05.2026 16:02 Last: 11.05.2026 16:02 Sources 1

About this happening: The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...

Google Gemini CLI workspace-trust hardening update

Security Patch Release
H score44 First: 30.04.2026 10:07 Last: 30.04.2026 10:07 Sources 1

About this happening: Google released a **Gemini CLI** security update that changes **workspace-trust handling** for **headless CI workflows**, reducing the risk that untrusted folders can trigger **ho...

Google API keys Gemini single-service privilege escalation privilege-escalation flaw

Vulnerability
H score37 First: 26.02.2026 22:55 Last: 26.02.2026 22:55 Sources 1

About this happening: **Google API keys** exposed in public code became a **Gemini authentication weakness**, allowing copied keys to reach **private data** and incur **API charges** on victim accounts...

Google Gemini leaked API key mitigation

Advisory/Mitigation
H score73 First: 26.02.2026 22:55 Last: 26.02.2026 22:55 Sources 1

About this happening: **Google** is rolling out **mitigations for leaked API keys** that can reach **Gemini API** data, reducing the risk of unauthorized access and usage charges. New **AI Studio keys*...

Timeline

  1. 20.01.2026 19:50 2 articles · 5mo ago

    Miggo discloses Google Gemini Calendar invite prompt injection

    Initial Disclosure

    Researchers at Miggo Security showed that a malicious Google Calendar invite with natural-language prompt-injection instructions could make Google Gemini leak private Calendar data when a victim asked about their schedule; Gemini could create a new event whose description exposed a private meeting summary, bypassing a separate malicious-prompt detector, and Google later added new mitigations.

    Show sources