Security News Roundup: tesla Hacked, Privacy Fine, Gemini Vulnerability
Here’s a summary of the security news from the provided text:
1. Pwn2Own Automotive 2026 Results:
* The Tesla infotainment system was fully compromised by the Synacktiv team through a chain of vulnerabilities (information leak and out-of-bounds write).
* Automotive Grade Linux was also compromised via three vulnerabilities.
* The hope is that vendors will quickly address these discovered vulnerabilities.
2. French Privacy Fine:
* An unnamed company was fined €3.5M by French regulators for sharing customer loyalty data (email addresses and phone numbers) with an unnamed social network for targeted advertising without explicit and informed consent.
* This affected over 10.5 million Europeans across 16 countries.
* the company violated both the EU GDPR and the French Data Protection Act. The company wasn’t named due to the scale of the issue being sufficient public notice.
3. Gemini AI Vulnerability:
* Miggo discovered a vulnerability in Google’s Gemini AI related to parsing Google Calendar events.
* A malicious calendar invitation with a carefully crafted prompt-injection payload can trick Gemini into revealing a user’s schedule.
* Specifically, Gemini can be made to write a summary of private meetings into a new calendar event, possibly making it visible to others in enterprise environments.
