Find notable cyber news and cases, enriched with sources, timelines, and signals.

Google Gemini on Android notification-injection bypass using Fake Context Alignment

Technical Analysis
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

Researchers found a notification-based prompt-injection bypass in Google Gemini on Android that could turn hostile notification text into unauthorized assistant actions and account-memory poisoning. The attack widened the input surface to apps that can push notifications, including WhatsApp, Slack, SMS, Signal, Instagram, and Messenger. Google later mitigated the path with server-side changes, and no CVE or in-the-wild use was identified.

Related Happenings

Google Dialogflow CX Code Blocks shared-runtime isolation security flaw

Vulnerability
H score32 First: 07.07.2026 19:37 Last: 07.07.2026 19:37 Sources 1

About this happening: Google Dialogflow CX Code Blocks had a shared-runtime isolation flaw that could let one editable agent affect other Code Block-enabled agents in the same Google Cloud pr...

Android Framework code execution and privilege escalation flaw (CVE-2025-48595)

Vulnerability
H score40 First: 02.06.2026 14:10 Last: 02.06.2026 14:10 Sources 1

About this happening: Google's June 2026 Android security patches now cover CVE-2025-48595, an actively exploited Android Framework flaw that can lead to code execution and privilege...

BTMOB Android RAT no-code builder malware activity

Malware Activity
H score28 First: 26.05.2026 17:00 Last: 26.05.2026 17:00 Sources 1

About this happening: BTMOB is an Android RAT sold as malware-as-a-service on the clearweb and in private Telegram channels, with a no-code APK builder that generates customized...

Latest development: 29.05.2026 00:10

BTMOB is openly advertised on the clearweb and in private Telegram channels as a malware-as-a-service (MaaS) platform with an APK builder that customizes phishing payloads without coding. The Android RAT targets users mainly in Brazil and Latin America, uses phishing sites masquerading as streaming services, cryptocurrency mining platforms, and Google Play portals, and custom lures have included an Argentinian government agency theme.

Android 17 expands platform security and privacy protections

Security Tool/Service
H score15 First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: Android 17 will add a broad set of Google-backed security and privacy controls next month, reducing exposure to banking scam calls, device theft, and OTP theft...

Google Gemini CLI workspace-trust hardening update

Security Patch Release
H score44 First: 30.04.2026 10:07 Last: 30.04.2026 10:07 Sources 1

About this happening: Google released a Gemini CLI security update that changes workspace-trust handling for headless CI workflows, reducing the risk that untrusted folders can trigger ho...

Timeline

  1. 14.11.2025 02:00 1 articles · 8mo ago

    Google confirms server-side mitigation for Gemini notification injections

    Mitigation Patch Update

    Google confirms that content-classifier improvements mitigated the notification injections and the Delayed Tool Invocation bypass, with no app update required because the fix is server-side; users can reduce exposure by disconnecting Gemini's Utilities app or revoking the Google app's Notification read, reply & control permission on Android.

    Show sources
  2. 17.08.2025 03:00 2 articles · 11mo ago

    SafeBreach reports Google Gemini Android notification-injection bypass

    Initial Disclosure

    SafeBreach researcher Or Yair shows a Fake Context Alignment bypass against Google Gemini on Android by turning poisoned notifications from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger into instructions that can drive tool use, message spoofing, Zoom joins, memory poisoning, and scheduled actions.

    Show sources