Notification Hijacking: How WhatsApp and Slack Content Could Weaponize Google Gemini

Researchers uncovered a prompt injection vulnerability in Google Gemini on Android, where content from app notifications like WhatsApp and Slack could be misinterpreted as malicious instructions. This flaw allows an attacker to potentially control Gemini to open browsers, send messages, or poison its long-term memory, all without requiring a malicious app or special permissions.