AmbiguousProps

cross-posted from: https://lemmy.today/post/45949080

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism.

The vulnerability, Miggo Security's Head of Research, Liad Eliyahu, said, made it possible to circumvent Google Calendar's privacy controls by hiding a dormant malicious payload within a standard calendar invite.

"This bypass enabled unauthorized access to private meeting data and the creation of deceptive calendar events without any direct user interaction," Eliyahu said in a report shared with The Hacker News.

The starting point of the attack chain is a new calendar event that's crafted by the threat actor and sent to a target. The invite's description embeds a natural language prompt that's designed to do their bidding, resulting in a prompt injection.

The attack gets activated when a user asks Gemini a completely innocuous question about their schedule (e.g., Do I have any meetings for Tuesday?), prompting the artificial intelligence (AI) chatbot to parse the specially crafted prompt in the aforementioned event's description to summarize all of users' meetings for a specific day, add this data to a newly created Google Calendar event, and then return a harmless response to the user.

"Behind the scenes, however, Gemini created a new calendar event and wrote a full summary of our target user's private meetings in the event's description," Miggo said. "In many enterprise calendar configurations, the new event was visible to the attacker, allowing them to read the exfiltrated private data without the target user ever taking any action."

Although the issue has since been addressed following responsible disclosure, the findings once again illustrate that AI-native features can broaden the attack surface and inadvertently introduce new security risks as more organizations use AI tools or build their own agents internally to automate workflows.

More in the article.

The EV4, Kia’s first electric sedan, will arrive in showrooms this month with the first customer deliveries set to begin by the end of January.

It will be based on the same 400-volt front-wheel-drive (FWD) version of Hyundai’s E-GMP platform, with the same battery pack options as the popular EV3.

The 2026 EV4 is available in Australia in three trims: Air, Earth, and GT-Line, with prices starting at AUD $49,990 (about $33,500 US Dollars), before on-road costs.

The base “Air” model is powered by a 58.3 kWh lithium-ion nickel-cobalt-manganese (NCM) battery, providing a WLTP driving range of 456 km (283 miles). Upgrading to the Earth and GT-Line grades gains a larger 81.4 kWh battery, rated with 612 km (380 miles) WLTP driving range.

With prices starting at AUD $49,990, the Kia EV4 is cheaper than the Tesla Model 3 in Australia. The Tesla Model 3 RWD starts at AUD $54,900, or AUD $4,910 more than the EV4.

To be fair, the Model 3 RWD beats Kia’s electric sedan on range, offering up to 520 km (323 miles). The Model 3 Long Range provides up to 750 km (466 miles) WLTP range.

While the EV4 undercuts the Model 3, BYD still has Kia beat on prices. BYD’s electric sedan, the Seal, starts at just AUD ($46,990), or AUD $3,000 less than the EV4, but it also has less driving range, rated at 570 km (354 miles).

More in the article.

After launching the Urban Cruiser EV in Europe last month, Toyota is bringing the low-cost electric SUV to a new global market.

The Urban Cruiser will be the first Toyota EV available in India, a country emerging as a high-potential global hub for electric vehicles.

Domestic brands like Tata Motors and Mahindra & Mahindra dominated the market, supported by locally built EVs and favorable government policies. Meanwhile, global leaders like BYD and Tesla face high import tariffs, making it harder to compete.

Some foreign brands, such as Hyundai, are gaining a foothold in the local EV market with domestically built models like the Creta Electric.

Toyota will take a similar approach with the Urban Cruiser EV. The electric SUV is a twin to the Maruti Suzuki e-Vitarra and will be built at Suzuki Motors’ massive Gujarat plant.

More in the article.

EV charging provider EVgo has committed to a massive deployment of EV charging sites at Kroger Family of Stores locations across the US. The company plans to build at least 150 fast charging stalls per year through 2035 at the company’s sites, which operate under various brands, including Kroger Foods, Fred Meyer, Fry’s Food Stores, Harris Teeter, King Soopers and Smith’s Food and Drug.

Each of the sites will include up to 16 DC fast charging stalls, featuring high-power EVgo chargers that can deliver a full charge in as little as 15 minutes—an ideal fit for grocery locations where shoppers tend to spend less than an hour.

The first charging site of the expanded program is now operational in Salt Lake City. Additional deployments are slated for Arizona, California, Florida, Georgia, Texas, Washington and other states.

(Slightly) more in the article.

As we prepare for missions beyond Earth orbit, one crucial challenge remains: keeping astronauts healthy in microgravity. Without daily exercise, their muscles, bones and cardiovascular systems weaken, which could impact mission success and astronaut safety, especially in destinations such as the moon or Mars, where crew will have to operate autonomously immediately after landing.

This is why ESA has developed the European Enhanced Exploration Exercise Device (E4D)—a compact, versatile in-flight exercise system designed to ensure astronauts stay strong and ready for the physical demands of returning to Earth or working on other planetary surfaces.

E4D combines four exercise modes: resistive training, cycling, rowing and rope pulling, offering a wide range of workouts and the flexibility to add new ones later.

"E4D is a gamechanger for astronaut health. By enabling a broader and more adaptable range of resistance exercises, it supports the preservation of muscle mass and bone integrity in microgravity, which are two of the biggest physiological challenges during long‑duration missions," says ESA's E4D principal investigator Tobias Weber.

"Just as important is E4D's self‑monitoring capability. Using an integrated camera-based motion capture system, it allows astronauts to track their performance, evaluate their movement execution and self‑correct posture in real time. This reduces reliance on ground supervision and helps ensure that every training session remains safe, precise and effective, even in the demanding environment of orbit," adds Jennifer Struble, ESA's Operations Team Lead for E4D and Co-Investigator.

"E4D is a system I'm really looking forward to using during the εpsilon mission. I really enjoy exercising for both physical and mental well-being and since it's especially important to protect our bones and muscles in microgravity, I'm excited to try the new workouts made possible in space thanks to this European technology," says ESA astronaut Sophie Adenot, who is now practicing with E4D on the ground as part of her mission preparations.

More in the article. I've also crossposted this to mander.xyz/c/space.

Senate Republicans voted to dismiss a war powers resolution Wednesday that would have limited President Donald Trump’s ability to conduct further attacks on Venezuela after two GOP senators reversed course on supporting the legislation.

Trump put intense pressure on five Republican senators who joined with Democrats to advance the resolution last week and ultimately prevailed in heading off passage of the legislation. Two of the Republicans — Sens. Josh Hawley of Missouri and Todd Young of Indiana — flipped under the pressure.

Vice President JD Vance had to break the 50-50 deadlock in the Senate on a Republican motion to dismiss the bill.

The outcome of the high-profile vote demonstrated how Trump still has command over much of the Republican conference, yet the razor-thin vote tally also showed the growing concern on Capitol Hill over the president’s aggressive foreign policy ambitions.

Democrats forced the debate after U.S. troops captured Venezuelan leader Nicolás Maduro in a surprise nighttime raid earlier this month

More in the article.

Two people were killed and six were injured in a shooting outside a Salt Lake City church where a funeral reception was held Wednesday night, according to Salt Lake City police.

Of the six injured, three are in critical condition, Salt Lake City Police Department spokesperson Glen Mills said. The condition of the three others was not known because they were taken to hospitals in private vehicles, he said.

The initial call came in around 7:30 p.m., Mills said. There was no suspect in custody as of 9:30 p.m.

The shooting occurred at The Church of Jesus Christ of Latter-day Saints meetinghouse at 660 N. Redwood Road. Redwood Road remains closed in the vicinity of the church, with police urging people to stay away from the area.

The two wards that meet at the church are Tongan, according to the meetinghouse website. Susi Feltch-Malohifo’ou, CEO of one of Utah’s largest Pacific Islander organizations — Pacific Island Knowledge 2 Action Resources — said her phone has been flooded with messages about the shooting.

She knows several of the individuals who were shot, she said, but she was unsure of their conditions. Many members of the Pacific Islander and Latter-day Saint communities in the area were attending a funeral reception for an individual, Feltch-Malohifo’ou said, when the shooting occurred outside the church, which serves mainly Tongan congregants.

More in the article.

The United States hit Venezuela with a “large-scale strike” early Saturday and said its president, Nicolás Maduro, had been captured and flown out of the country after months of stepped-up pressure by Washington — an extraordinary nighttime operation announced by President Donald Trump on social media hours after the attack.

Multiple explosions rang out and low-flying aircraft swept through Caracas, the capital, as Maduro’s government immediately accused the United States of attacking civilian and military installations. The Venezuelan government called it an “imperialist attack” and urged citizens to take to the streets.

It was not immediately clear who was running the country, and Maduro’s whereabouts were not immediately known. Trump announced the developments on Truth Social shortly after 4:30 a.m. ET.

Maduro, Trump said, “has been, along with his wife, captured and flown out of the Country. This operation was done in conjunction with U.S. Law Enforcement. Details to follow.” He set a news conference for later Saturday morning.

The explosions in Caracas, Venezuela’s capital, early on the third day of 2026 — at least seven blasts — sent people rushing into the streets, while others took to social media to report hearing and seeing the explosions. It was not immediately clear if there were casualties. The apparent attack itself lasted less than 30 minutes, but it was unclear if more actions lay ahead, though Trump said in his post that the strikes were carried out “successfully.”

The Federal Aviation Administration issued a ban on U.S. commercial flights in Venezuelan airspace because of “ongoing military activity” ahead of the explosions.

The strike came as the Trump administration has escalated pressure on Maduro, who has been charged with narco-terrorism in the United States. The CIA was behind a drone strike last week at a docking area believed to have been used by Venezuelan drug cartels — the first known direct operation on Venezuelan soil since the U.S. began strikes in September.

Trump for months had threatened that he could soon order strikes on targets on Venezuelan land following months of attacks on boats accused of carrying drugs. Maduro has decried the U.S. military operations as a thinly veiled effort to oust him from power.

Some streets in Caracas fill up

Armed individuals and uniformed members of a civilian militia took to the streets of a Caracas neighborhood long considered a stronghold of the ruling party. But in other areas of the city, the streets remained empty hours after the attack. Parts of the city remained without power, but vehicles moved freely.

Video obtained from Caracas and an unidentified coastal city showed tracers and smoke clouding the landscape sky as repeated muted explosions illuminated the night sky. Other footage showed an urban landscape with cars passing on a highway as blasts illuminated the hills behind them. Unintelligible conversation could be heard in the background. The videos were verified by The Associated Press.

Smoke could be seen rising from the hangar of a military base in Caracas, while another military installation in the capital was without power.

“The whole ground shook. This is horrible. We heard explosions and planes,” said Carmen Hidalgo, a 21-year-old office worker, her voice trembling. She was walking briskly with two relatives, returning from a birthday party. “We felt like the air was hitting us.”

Trump is at his private club in Palm Beach, Florida, where he has spent the past two weeks for the holiday season. His public schedule showed he was set to receive an intelligence briefing on Friday evening, hours before the reported strikes. He offered no immediate comment on social media.

Venezuela’s government responded to the attack with a call to action. “People to the streets!” it said in a statement. “The Bolivarian Government calls on all social and political forces in the country to activate mobilization plans and repudiate this imperialist attack.”

The statement added that Maduro had “ordered all national defense plans to be implemented” and declared “a state of external disturbance.” That state of emergency gives him the power to suspend people’s rights and expand the role of the armed forces.

The website of the U.S. Embassy in Venezuela, a post that has been closed since 2019, issued a warning to American citizens in the country, saying it was “aware of reports of explosions in and around Caracas.”

“U.S. citizens in Venezuela should shelter in place,” the warning said.

Inquiries to the Pentagon and U.S. Southern Command since Trump’s social media post went unanswered. The FAA warned all commercial and private U.S. pilots that the airspace over Venezuela and the small island nation of Curacao, just off the coast of the country to the north, was off limits “due to safety-of-flight risks associated with ongoing military activity.”

U.S. Sen. Mike Lee, R-Utah, posted his potential concerns, reflecting a view from the right flank in the Congress. “I look forward to learning what, if anything, might constitutionally justify this action in the absence of a declaration of war or authorization for the use of military force,” Lee said on X.

More in the article.

The United States hit Venezuela with a “large-scale strike” early Saturday and said its president, Nicolás Maduro, had been captured and flown out of the country after months of stepped-up pressure by Washington — an extraordinary nighttime operation announced by President Donald Trump on social media hours after the attack.

Multiple explosions rang out and low-flying aircraft swept through Caracas, the capital, as Maduro’s government immediately accused the United States of attacking civilian and military installations. The Venezuelan government called it an “imperialist attack” and urged citizens to take to the streets.

It was not immediately clear who was running the country, and Maduro’s whereabouts were not immediately known. Trump announced the developments on Truth Social shortly after 4:30 a.m. ET.

Maduro, Trump said, “has been, along with his wife, captured and flown out of the Country. This operation was done in conjunction with U.S. Law Enforcement. Details to follow.” He set a news conference for later Saturday morning.

The explosions in Caracas, Venezuela’s capital, early on the third day of 2026 — at least seven blasts — sent people rushing into the streets, while others took to social media to report hearing and seeing the explosions. It was not immediately clear if there were casualties. The apparent attack itself lasted less than 30 minutes, but it was unclear if more actions lay ahead, though Trump said in his post that the strikes were carried out “successfully.”

The Federal Aviation Administration issued a ban on U.S. commercial flights in Venezuelan airspace because of “ongoing military activity” ahead of the explosions.

The strike came as the Trump administration has escalated pressure on Maduro, who has been charged with narco-terrorism in the United States. The CIA was behind a drone strike last week at a docking area believed to have been used by Venezuelan drug cartels — the first known direct operation on Venezuelan soil since the U.S. began strikes in September.

Trump for months had threatened that he could soon order strikes on targets on Venezuelan land following months of attacks on boats accused of carrying drugs. Maduro has decried the U.S. military operations as a thinly veiled effort to oust him from power.

Some streets in Caracas fill up

Armed individuals and uniformed members of a civilian militia took to the streets of a Caracas neighborhood long considered a stronghold of the ruling party. But in other areas of the city, the streets remained empty hours after the attack. Parts of the city remained without power, but vehicles moved freely.

Video obtained from Caracas and an unidentified coastal city showed tracers and smoke clouding the landscape sky as repeated muted explosions illuminated the night sky. Other footage showed an urban landscape with cars passing on a highway as blasts illuminated the hills behind them. Unintelligible conversation could be heard in the background. The videos were verified by The Associated Press.

Smoke could be seen rising from the hangar of a military base in Caracas, while another military installation in the capital was without power.

“The whole ground shook. This is horrible. We heard explosions and planes,” said Carmen Hidalgo, a 21-year-old office worker, her voice trembling. She was walking briskly with two relatives, returning from a birthday party. “We felt like the air was hitting us.”

Trump is at his private club in Palm Beach, Florida, where he has spent the past two weeks for the holiday season. His public schedule showed he was set to receive an intelligence briefing on Friday evening, hours before the reported strikes. He offered no immediate comment on social media.

Venezuela’s government responded to the attack with a call to action. “People to the streets!” it said in a statement. “The Bolivarian Government calls on all social and political forces in the country to activate mobilization plans and repudiate this imperialist attack.”

The statement added that Maduro had “ordered all national defense plans to be implemented” and declared “a state of external disturbance.” That state of emergency gives him the power to suspend people’s rights and expand the role of the armed forces.

The website of the U.S. Embassy in Venezuela, a post that has been closed since 2019, issued a warning to American citizens in the country, saying it was “aware of reports of explosions in and around Caracas.”

“U.S. citizens in Venezuela should shelter in place,” the warning said.

Inquiries to the Pentagon and U.S. Southern Command since Trump’s social media post went unanswered. The FAA warned all commercial and private U.S. pilots that the airspace over Venezuela and the small island nation of Curacao, just off the coast of the country to the north, was off limits “due to safety-of-flight risks associated with ongoing military activity.”

U.S. Sen. Mike Lee, R-Utah, posted his potential concerns, reflecting a view from the right flank in the Congress. “I look forward to learning what, if anything, might constitutionally justify this action in the absence of a declaration of war or authorization for the use of military force,” Lee said on X.

More in the article.

(in households with multiple people)

A New Jersey police chief is facing domestic violence charges in Massachusetts after prosecutors accused him of assaulting a woman at a hotel earlier this year.

Carmen Veneziano, who leads Totowa, New Jersey’s police department, was indicted Thursday on one count of kidnapping and three counts of domestic assault and battery, officials in Suffolk County, Massachusetts, said.

In a brief statement Sunday, prosecutors alleged Veneziano confined and assaulted a woman overnight on Sept. 14, in a hotel room in Boston’s Back Bay neighborhood.

More in the article.

A New Jersey police chief is facing domestic violence charges in Massachusetts after prosecutors accused him of assaulting a woman at a hotel earlier this year.

Carmen Veneziano, who leads Totowa, New Jersey’s police department, was indicted Thursday on one count of kidnapping and three counts of domestic assault and battery, officials in Suffolk County, Massachusetts, said.

In a brief statement Sunday, prosecutors alleged Veneziano confined and assaulted a woman overnight on Sept. 14, in a hotel room in Boston’s Back Bay neighborhood.

More in the article.