Hackers Exploit Google Gemini Flaw Using Malicious Messages from WhatsApp, Slack, and SMS

SafeBreach Labs disclosed a notification-based indirect prompt-injection vulnerability in Google’s Gemini Android assistant that allows attackers to inject hidden instructions via notifications (e.g., WhatsApp, Slack, SMS). Using techniques called Fake Context Alignment (obfuscated foreign-text and muted clickable links), researchers showed attackers can bypass Google’s prior mitigations to trigger tool calls, control smart-home devices, open URLs or apps, and abuse memory/scheduling for persistent effects; Google implemented classifier and security updates by November 2025.