Google Gemini Enables Calendar Data Exfiltration

Miggo Security Ltd. reports a mitigated vulnerability in Google Gemini that allowed indirect prompt injection to bypass calendar privacy and exfiltrate meeting data. Researchers demonstrated a three-stage exploit embedding benign-looking instructions in calendar invites that later caused Gemini to create events containing private meeting summaries, which could be visible to attackers in some enterprise configurations. Google confirmed and patched the issue.