Google Gemini Tricked Into Showing Phishing Message Hidden in Email

The weakness was found by Marco Figueroa and reported through Mozilla’s 0Din bug bounty program, which focuses on gen-AI vulnerabilities.

The researcher’s hack involves sending the targeted user an email that, in addition to a benign lure text, contains a phishing message that is written with white font on a white background, making it invisible to the target.

This phishing message, which needs to be wrapped inside tags, instructs Gemini to include the message at the end of its response.

To read the complete article see: Security Week :link: