Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Google Antigravity critical prompt-injection RCE flaw

Vulnerability
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

Google fixed a critical Antigravity flaw that let a prompt injection bypass Secure Mode and escalate to sandbox escape and remote code execution (RCE). The weakness centered on the `find_by_name` tool's Pattern parameter, where insufficient sanitization let attackers inject command-line flags into fd. Researchers at Pillar Security showed a PoC chain that could stage a malicious script and trigger it through a legitimate search. Google reportedly received the report in January and fixed it in February.

Related Happenings

Open-source admin tool zero-day 2FA bypass exploitation wave

Exploitation Wave
First: 11.05.2026 18:45 Last: 11.05.2026 18:45 Sources 1

About this happening: Google identified a **mass vulnerability exploitation operation** using a **zero-day 2FA bypass** against a **popular open-source, web-based system administration tool**, creating...

Open Happening

Popular open-source web-based system administration tool zero-day 2FA-bypass security flaw

Vulnerability
First: 11.05.2026 16:00 Last: 11.05.2026 16:00 Sources 1

About this happening: An **AI-assisted zero-day** in a **popular open-source web-based system administration tool** created a **2FA-bypass** risk before the flaw was closed by the vendor. **GTIG** said...

Open Happening

Google GTIG analysis of adversary AI use for exploit development and attack orchestration

Technical Analysis
First: 11.05.2026 16:00 Last: 11.05.2026 16:00 Sources 1

About this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...

Open Happening

Google Looker Studio cross-tenant SQL injection flaws SQL injection flaw

Vulnerability
First: 10.03.2026 15:20 Last: 10.03.2026 15:20 Sources 1

About this happening: Researchers disclosed **nine cross-tenant vulnerabilities** in **Google Looker Studio** that could let attackers run **arbitrary SQL queries** on victims' databases and exfiltrate...

Open Happening

Gemini Enterprise zero-click indirect prompt injection security flaw

Vulnerability
First: 10.12.2025 14:05 Last: 10.12.2025 14:05 Sources 1

About this happening: **Google Gemini Enterprise** and **Vertex AI Search** were patched after researchers found a **zero-click indirect prompt injection** flaw that could **exfiltrate sensitive corpor...

Open Happening

Timeline

  1. 21.04.2026 13:52 2 articles · 1mo ago

    Google Antigravity critical prompt-injection RCE flaw

    Initial Disclosure

    Researchers found that a prompt-injection path in **Google Antigravity** could turn a file-search helper into code execution before security checks ran. Google received the report in **January** and patched the flaw in **February**.

    Show sources
    Open in new tab