Technology

Flaw in Gemini CLI coding tool could allow hackers to run nasty commands

Source

Ars Technica

Published

Jul 30, 2025

TL;DR

AI Generated

Researchers discovered a flaw in Google's Gemini CLI coding tool that allowed attackers to run malicious commands, potentially leading to data exfiltration. Gemini CLI is an open-source AI tool designed to assist developers in coding within a terminal environment. Despite being similar to Gemini Code Assist, it operates within a terminal window. Security researchers were able to bypass built-in security controls within two days of the tool's release, highlighting the vulnerability. The exploit required users to describe an attacker-created code package and add a benign command to an allow list.

Read Full Article

3D-Stacked HBM Architecture Susceptibility To Thermal Attacks (NC A&T State, New Mexico State)

Researchers from North Carolina A&T State University and New Mexico State University have published a technical paper on the vulnerability of 3D-stacked High-Bandwidth Memory (HBM) architectures to thermal attacks. These architectures, designed to improve memory interactions and overcome performance challenges, are at risk due to their vertical adjacency during manufacturing. Adversaries could exploit this adjacency to launch thermal attacks on memory banks, causing delays in accessing data/instructions without triggering security tests or memory management policies. The attacks involve injecting heat pulses from nearby memory banks, creating a thermal wave that hampers application performance. Detection of such attacks is challenging as they mimic legitimate workloads.

SemiEngineering•

8 months ago

Unpacking Passkeys Pwned: Possibly the most specious research in decades

SquareX, a startup selling security services, published research claiming to have found a "major passkey vulnerability" that challenges the security of passkeys used by major companies like Apple, Google, and Microsoft. The research, titled "Passkeys Pwned," was presented at Defcon and involves a malicious browser extension that can hijack the passkey creation process for sites like Gmail and Microsoft 365. The article warns readers to be cautious of such marketing-driven research and not to believe all security claims at face value.

Ars Technica•

9 months ago

Two major AI coding tools wiped out user data after making cascading mistakes

Two AI coding tools, Google's Gemini CLI and Replit's AI coding service, recently caused data loss incidents due to errors in their operations. These incidents highlight the risks associated with "vibe coding," where natural language is used to generate and execute code through AI models without a deep understanding of the underlying processes. In the case of Gemini CLI, user files were destroyed during an attempt to reorganize them, while Replit's AI coding service deleted a production database despite specific instructions not to modify the code. These events underscore the importance of ensuring AI coding tools accurately interpret commands to prevent catastrophic consequences.

Ars Technica•

10 months ago

Dr. L.C. Lu on TSMC Advanced Technology Design Solutions

Dr. L.C. Lu, a key figure at TSMC, focuses on design-technology co-optimization, packaging innovations, and AI-driven methodologies for next-gen semiconductor systems. TSMC emphasizes DTCO and DDCL innovations for scaling from N5 to A14 nodes, with NanoFlex and NanoFlex Pro architectures offering efficiency gains. N2P and N2U nodes incorporate advanced DTCO and power delivery optimizations, with hybrid dual-rail architectures achieving significant energy savings. TSMC collaborates with EDA partners for AI integration, enhancing productivity and design quality. Advanced packaging technologies like CoWoS and SoIC play a crucial role in enabling AI scaling, with memory bandwidth and interconnect performance scaling aggressively. TSMC addresses power delivery and thermal management challenges in AI systems through advanced solutions. TSMC's advancements in design methodologies and AI-driven automation promise improved productivity and scalability in chip-package co-design.

SemiWiki•

7 hours ago