SafeBreach researcher Or Yair showed that a single poisoned notification on Android could trick Google Gemini into faking messages, opening windows, joining Zoom calls, and even poisoning long-term memory without any malicious app installed. Google has since patched the issue with server-side mitigations after the Fake Context Alignment bypass was reported through its Vulnerability Reward Program. #GoogleGemini #SafeBreach #OrYair #WhatsApp #Slack #Signal #Instagram #Messenger #Zoom
Keypoints
- Gemini on Android could treat hostile notifications as instructions.
- The attack worked through messages from apps like WhatsApp, Slack, Signal, Instagram, and Messenger.
- Yair bypassed Googleβs earlier protections with a method called Fake Context Alignment.
- The bypass could trigger actions like opening windows, redirecting to Zoom, and poisoning Gemini memory.
- Google confirmed server-side fixes, and users can disable notification reading in Gemini settings.
Read More: https://thehackernews.com/2026/06/whatsapp-slack-notifications-could.html