Recent research by SafeBreach has uncovered a significant vulnerability in Google's Gemini voice assistant that allowed cyber attackers to use indirect prompt injections via messaging notifications. This vulnerability, named Fake Context Alignment, enabled malicious actors to manipulate Gemini's response context through notifications from popular apps like WhatsApp, Slack, and SMS. These messages could inject harmful instructions without users realizing, bypassing Google's security measures. SafeBreach's findings included the ability to embed hidden commands in foreign languages or muted hyperlinks, which Gemini processed without vocalizing them. This posed a particular danger in hands-free situations, such as when driving, where voice interaction is crucial. The potential actions attackers could trigger were serious, ranging from controlling smart home devices to crafting fraudulent messages appearing to come from trusted contacts. The vulnerability was disclosed to Google in August 2025 and patched in November 2025 with improvements in content classification. SafeBreach shared these details to highlight ongoing risks associated with prompt injection attacks and to encourage more robust defenses against context manipulation. The organization stressed the need for vendors to rethink AI systems' trust and context parsing capabilities to enhance user safety, urging a move beyond localized mitigations. Videos demonstrating the vulnerability in action on platforms like Zoom and Google Home have been released by SafeBreach.