Cybersecurity firm Tenable discovered three critical flaws that allowed for prompt injection and data exfiltration from Google’s Gemini AI. Learn why AI assistants are the new weak link. Researchers have recently discovered three critical security flaws within Google’s Gemini AI assistant suite,[1] which they’ve dubbed the “Gemini Trifecta.” These vulnerabilities, publicly disclosed around October 1, 2025, made Gemini vulnerable to prompt injection and data exfiltration, putting users at risk
dataexfiltration (2)
Researchers from FortiGuard Labs recently uncovered an active delivery site that hosts a weaponized HTA script and silently drops the infostealer “NordDragonScan” into victims’ environments. Once installed, NordDragonScan examines the host and copies documents, harvests entire Chrome and Firefox profiles, and takes screenshots. The package is then sent over TLS to its command-and-control server, “kpuszkiev.com,” which also serves as a heartbeat server to confirm the victim is still online and