Google fixed a serious vulnerability in its Gemini Enterprise AI that allowed attackers to embed malicious instructions in shared documents, leading to unauthorized access to sensitive corporate information. This flaw, discovered by Noma Labs, exploited the AI's retrieval system to execute commands without employee interaction.

Misconfigured permissions in Google's Gerrit platform may have allowed attackers to inject malicious code into ChromiumOS and other projects. A specific permission issue and a race condition in the merge process potentially left at least 18 projects open to supply chain attacks, enabling malicious code to be merged without user interaction.