Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed private meeting data.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

A security vulnerability in Google Gemini allowed attackers to bypass Calendar privacy controls through indirect prompt injection. By embedding malicious prompts in calendar invites, attackers could extract private meeting data when users asked Gemini innocent questions about their schedule. The flaw has been patched, but highlights broader AI security risks including privilege escalation in Google Cloud Vertex AI, vulnerabilities in AI coding assistants like Cursor and Claude Code, and the challenge of securing LLM-powered applications against prompt injection attacks.

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites