Techly NewsGet the app

Get the latest tech news

Flaw in Gemini CLI coding tool could allow hackers to run nasty commands


Beware of coding agents that can access your command window.

Researchers needed less than 48 hours with Google’s new Gemini CLI coding agent to devise an exploit that made a default configuration of the tool surreptitiously exfiltrate sensitive data to an attacker-controlled server. Tracebit founder and CTO Sam Cox said in an email that he limited the severity of the command he chose to have silently executed strictly for demonstration purposes, since its output was concise enough to fit on a few lines. Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of Hackers

Hackers

Photo of flaw

flaw

Photo of gemini

gemini

Related news:

News photo

Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware

News photo

Flaw in Gemini CLI AI coding assistant allowed stealthy code execution

News photo

Hackers steal images from women's dating safety app that vets men

« Apple Expands Video Shopping Service to India After US Launch
Track how much money AIPAC spent to buy Congress »