GovInfoSecurity

Codex Bug Let Repo Files Execute Hidden Commands

OpenAI patched a command injection flaw in its Codex CLI tool that let attackers run arbitrary commands on developer machines ...
Ars Technica

Flaw in Gemini CLI coding tool could allow hackers to run nasty commands

Researchers needed less than 48 hours with Google’s new Gemini CLI coding agent to devise an exploit that made a default configuration of the tool surreptitiously exfiltrate sensitive data to an ...