The Gemini app for macOS could be getting new agentic powers to let it control your computer, just like Claude Cowork.

An attacker could have planted a malicious configuration to execute commands outside the sandbox.

The post Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks appeared first on SecurityWeek.

The ChatGPTapp X account just announced that ChatGPT can pass two famous Ai stumbling blocks, however reality seem to object.

There’s a better way to use AI, and it involves asking it not to give you the answers you're after.

Google plans to reshape how people use their devices at Google I/O by turning AI into the main interface that handles tasks across apps and devices

Gemini’s new Notebook feature becomes far more useful with a few simple tips.

Here's how I trained ChatGPT and Gemini to help me shop for a new gaming PC... and why I don't think you should do the same.

Gemini’s Personal Intelligence feature personalizes AI images by using your own Google Photos library

Google has launched a native Gemini app for macOS, bringing its AI chatbot to the desktop with screen sharing, quick access shortcuts, and built-in image and video generation.

Adding simple details like lighting, aspect ratio, and text instructions to your prompts can dramatically improve the quality of AI-generated images.

Dozens of such keys can be extracted from apps’ decompiled code to gain access to all Gemini endpoints.

The post Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access appeared first on SecurityWeek.

A new report from Google found evidence that state-sponsored hacking groups have leveraged AI tool Gemini at nearly every stage of the cyber attack cycle.

The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology.

John Hultquist, chief analyst at Google’s Threat Intelligence Group, told CyberScoop that many countries still appear to be experimenting with AI tools, determining where they best fit into the attack chain and provide more benefit than friction.

“Nobody’s got everything completely worked out,” Hultquist said. “They’re all trying to figure this out and that goes for attacks on AI, too.”

But the report also reveals that frontier AI models can build speed, scale and sophistication into a myriad of hacking tasks, and state-sponsored hacking groups are taking advantage.

Gemini was a useful, dynamic and convenient tool for many tasks, helping threat actors in a variety of different ways. In nearly all cases, Google’s reporting suggests that state-sponsored actors relied on Gemini as one tool among many, using it for specific purposes such as automating routine processes, conducting research or reconnaissance and experimenting with malware.

One North Korean group used it to synthesize open-source intelligence about job roles and salary information at cybersecurity and defense companies. Another North Korean group consulted it “multiple days a week” for technical support, using it to troubleshoot problems and generate new malware code when they got stuck during an operation. One Iranian APT used Gemini to “significantly augment reconnaissance” techniques against targeted victims. China, Russia, Iran and North Korea all also used Gemini to create fake articles, personas, and other assets for information operations.

“What’s so interesting about this capability is it’s going to have an effect across the entire intrusion cycle,” Hultquist said.

There are no instances of state groups using Gemini to automate large portions of a cyber attack, like a Chinese-government backed campaign identified by Anthropic last year. It suggests threat actors may still be struggling to implement fully or mostly-automated hacks using AI.

Hultquist said that some state groups, particularly those focused on espionage, may not find the speed and scale advantages of agentic AI useful if it results in louder, more detectable operations. In fact, while state actors continue to experiment with AI models, he believes on average these developments will help smaller cybercriminal outfits more than state-sponsored hackers.

But that could change in the future. Frontier AI companies like Anthropic and cybersecurity startups like XBOW have already developed models with powerful defensive cybersecurity capabilities in vulnerability scanning, reconnaissance and automation. Foreign governments with similar technology could use those same features for offensive hacking, as Chinese actors did with Claude before being discovered.

In December, the UK AI Security Institute’s inaugural report on frontier AI trends found that Al capabilities are improving rapidly across all tested domains, and particularly in cybersecurity.

And the gap between frontier and free, open-source models is shrinking. According to the institute, open-source AI models can now catch up and provide similar capabilities within 4-8 months of a frontier model release.

“The duration of cyber tasks that Al systems can complete without human direction is also rising steeply, from less than 10 minutes in early 2023 to over an hour by mid-2025,” the institute said in its Frontier AI Trends Report in December.

The post Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle  appeared first on CyberScoop.

ISSUE 22.50 • 2025-12-15 LEGAL BRIEF By Max Stul Oppenheimer, Esq. We began this exercise with a simple question that, in generic form, is on everyone’s mind as we witness the dramatic gains in artificial intelligence: “Do we really still need (blank), or can artificial intelligence take its place?” In this case, we filled in […]