Bleeping Computer

Flaw in Gemini CLI AI coding assistant allowed stealthy code execution

A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs. The flaw was discovered and ...
Ars Technica

Flaw in Gemini CLI coding tool could allow hackers to run nasty commands

Researchers needed less than 48 hours with Google’s new Gemini CLI coding agent to devise an exploit that made a default configuration of the tool surreptitiously exfiltrate sensitive data to an ...