Latest news with #GeminiCLI
Yahoo
31-07-2025
- Yahoo
Google Gemini security flaw could have let anyone access systems or run code
When you buy through links on our articles, Future and its syndication partners may earn a commission. Gemini could automatically run certain commands that were previously placed on an allow-list If a benign command was paired with a malicious one, Gemini could execute it without warning Version 0.1.14 addresses the flaw, so users should update now A security flaw in Google's new Gemini CLI tool allowed threat actors to target software developers with malware, even exfiltrating sensitive information from their devices, without them ever knowing. The vulnerability was discovered by cybersecurity researchers from Tracebit just days after Gemini CLI was first launched on June 25, 2025. Google released a fix with the version 0.1.14, which is now available for download. Hiding the attack in plain sight Gemini CLI is a tool that lets developers talk to Google's AI (called Gemini) directly from the command line. It can understand code, make suggestions, and even run commands on the user's device. The problem stems from the fact that Gemini could automatically run certain commands that were previously placed on an allow-list. According to Tracebit, there was a way to sneak hidden, malicious instructions into files that Gemini reads, like In one test, a seemingly harmless command was paired with a malicious one that exfiltrated sensitive information (such as system variables or credentials) to a third-party server. Because Gemini thought it was just a trusted command, it didn't warn the user or ask for approval. Tracebit also says the malicious command could be hidden using clever formatting, so users wouldn't even see it happening. "The malicious command could be anything (installing a remote shell, deleting files, etc),' the researchers explained. The attack is not that easy to pull off, though. It requires a little setting up, including having a trusted command on the allow-list, but it could still be used to trick unsuspecting developers into running dangerous code. Google has now patched the problem, and if you're using Gemini CLI, make sure to update to version 0.1.14 or newer as soon as possible. Also, make sure not to run it on unknown, or untrusted code (unless you're in a secure test environment). Via BleepingComputer You might also like Google says Gemini is being misused to launch major cyberattacks Take a look at our guide to the best authenticator app We've rounded up the best password managers
Techday NZ
31-07-2025
- Techday NZ
Tracebit finds major vulnerability in Google Gemini CLI tool
Tracebit has reported the discovery of a vulnerability affecting Google's Gemini CLI, highlighting risks of silent credential theft and unauthorised command execution from untrusted code. The Gemini CLI tool, designed to assist developers in coding with Google Gemini directly from the command line, was released by Google on 25 June. Tracebit identified the vulnerability within two days, describing a combination of improper validation, prompt injection and misleading user experience as enabling the flaw. This allowed potential attackers to execute arbitrary code without the victim's knowledge when inspecting untrusted code, thereby risking the exfiltration of credentials and sensitive data from users' machines to remote servers. Tracebit explained that their blog post reveals a technical method by which an attacker could exploit Gemini CLI. Attackers could achieve silent code execution against users working with untrusted code, and this method might remain hidden from victims due to the exploit's mode of operation. Disclosure and response Tracebit disclosed the vulnerability directly to Google through its Bug Hunters programme. According to a timeline provided by Tracebit, the vulnerability was initially reported to Google's Vulnerability Disclosure Programme (VDP) on 27 June, just two days after Gemini CLI's public release. Upon receipt, Google triaged the vulnerability as a lower priority; however, as the risk became clearer, the classification was upgraded to P1, S1 - the highest priority and most severe status - on 23 July. The Google product team then addressed the vulnerability, releasing an updated version of Gemini CLI (v0.1.14) with a patch on 25 July, followed by an agreed public disclosure on 28 July. During the approximately one-month period between the tool's launch and the deployment of a fix, Tracebit noted that there had been independent discoveries of at least the command validation vulnerability by several other individuals. User impact and mitigation Tracebit has detailed that in the patched version of Gemini CLI, attempts at code injection display the malicious command to users, and require explicit approval for any additional binaries to be executed. This change is intended to prevent the silent execution that the original vulnerability enabled. For users of the CLI, security is now bolstered by making potentially dangerous prompts visible and requiring activation for certain code actions. The update closes the gap that previously allowed attackers to slip malicious commands past unsuspecting developers. "Our security model for the CLI is centered on providing robust, multi-layered sandboxing. We offer integrations with Docker, Podman, and macOS Seatbelt, and even provide pre-built containers that Gemini CLI can use automatically for seamless protection. For any user who chooses not to use sandboxing, we ensure this is highly visible by displaying a persistent warning in red text throughout their session." (Google VDP Team, July 25th) Google's approach to CLI security leverages containerisation and clear warnings for any users opting out of sandboxing, aiming to mitigate the risks involved in running code from untrusted sources. Tracebit's role in the discovery and reporting of the issue also underlines the importance of rapid, independent security research, particularly as AI-powered tools become central to software development workflows. The company continues to focus on equipping security teams to take an 'assume breach' posture in the face of fast-evolving technologies. The vulnerability and its remediation underscore the need for vigilance when examining and running third-party or untrusted code, especially in tools leveraging AI to assist in software development. Users are advised to update to the latest Gemini CLI version and to use sandboxing features when dealing with unknown sources.
Geeky Gadgets
31-07-2025
- Geeky Gadgets
11 Essential Gemini CLI Pro Tips : Transform Your Development Process
What if you could cut hours of repetitive coding tasks, reduce errors, and supercharge your productivity—all with a single tool? Enter Gemini CLI, a developer's secret weapon that's redefining how we approach software development. Far from being just another command-line interface, Gemini CLI offers a suite of powerful features designed to streamline workflows, automate tedious processes, and foster innovation. Whether you're a seasoned developer or just starting out, mastering Gemini CLI could be the key to unlocking a more efficient and creative way of working. But here's the catch: its true potential lies in knowing how to wield it effectively. In this practical breakdown, Sean Kochel explains 11 pro tips that will help you harness the full power of Gemini CLI. From flexible authentication options to advanced memory management and multimodal capabilities, these insights are designed to elevate your development game. You'll uncover ways to automate tasks with custom commands, experiment safely with checkpoint and restore features, and even optimize your workflows with centralized configurations. Think of this as your roadmap to transforming Gemini CLI from a useful tool into an indispensable ally. Ready to rethink how you code? Let's explore what's possible when you truly master the art of development with Gemini CLI. Gemini CLI Overview 1. Flexible Authentication Options Gemini CLI offers multiple authentication methods to suit diverse user needs, making it easy to get started. You can log in using Google credentials, API keys, or Vertex AI keys, providing flexibility for different security preferences. For developers exploring the platform, the free tier allows up to 1,000 requests per day, allowing experimentation without financial commitment. These options ensure that Gemini CLI integrates smoothly into your existing workflows, regardless of your project requirements. 2. Centralized Configuration with Gemini Markdown File The Gemini Markdown file acts as the central hub for your project configurations. It consolidates app context, development standards, and tool preferences into a single, easily accessible file. By maintaining a master prompt within this file, you can streamline your workflows, eliminate repetitive setup tasks, and ensure consistency across projects. This centralized approach not only saves time but also minimizes errors, making it an essential feature for developers managing multiple projects. 3. Automate Tasks with Custom Commands Automation is a key strength of Gemini CLI, and its custom commands feature allows you to automate repetitive tasks such as testing, debugging, or committing code. By reducing manual intervention, you can focus on solving more complex challenges while minimizing the risk of human error. Custom commands are particularly useful for maintaining efficiency in fast-paced development environments, making sure that routine tasks are handled quickly and accurately. 4. Efficient Memory Management Gemini CLI's memory management capabilities enable you to store and recall decisions, solutions, and context for future use. This feature ensures that you don't have to repeatedly solve the same problems, allowing for greater continuity across projects. By using memory management, you can maintain a more efficient and streamlined development process, saving valuable time and resources. How to Use Gemini CLI Correctly for Faster, Smarter Software Development Watch this video on YouTube. Discover other guides from our vast content that could be of interest on Gemini CLI. 5. Experiment Safely with Checkpoint and Restore Experimentation is a critical part of development, and Gemini CLI supports this with its checkpoint and restore functionality. This feature allows you to save your progress at specific points and revert to these checkpoints if needed. By providing a safety net, Gemini CLI enables you to test new ideas and approaches without jeopardizing your existing work, fostering innovation while maintaining project stability. 6. Embrace Test-Driven Development (TDD) Test-driven development (TDD) is made more accessible with Gemini CLI, which simplifies the process of creating tests before implementing features. This approach improves code reliability, reduces debugging time, and ensures that your software functions as intended. By integrating TDD into your workflow, you can deliver higher-quality software with fewer errors, enhancing both user satisfaction and project outcomes. 7. Use Multimodal Capabilities One of Gemini CLI's standout features is its multimodal support, which allows you to incorporate visual inputs into your workflows. For example, you can use image-based debugging or UI design to enhance problem-solving accuracy. This capability is particularly valuable for developers working on complex interfaces or visual elements, providing a more comprehensive approach to tackling development challenges. 8. Streamline Workflows with File References The file referencing feature in Gemini CLI enables you to point to specific project files for audits or evaluations. This is especially useful for adhering to UI/UX guidelines, database schemas, and testing conventions. By referencing files directly, you can ensure compliance with development standards, improve project quality, and maintain consistency across your work. 9. Optimize Context Management Efficient context management is crucial for maintaining productivity, particularly in large-scale projects. Gemini CLI offers tools to compress or clear context as needed, reducing token usage and improving response quality. By optimizing how context is managed, you can handle complex projects more effectively, making sure smoother interactions with the tool and better overall performance. 10. Balance Automation with Auto-Accept Modes Gemini CLI provides three levels of auto-accept modes—None, Safe, and All (YOLO mode)—allowing you to adjust the level of automation based on task sensitivity. For routine operations, the All mode can save significant time, while the Safe mode offers a more cautious approach for critical workflows. These options give you the flexibility to balance automation with control, making sure that tasks are completed efficiently without compromising quality. 11. Gain Full Visibility with a Large Context Window With support for up to 1 million tokens, Gemini CLI's large context window provides comprehensive project visibility. This feature allows you to analyze your entire project in one view, improving decision-making and reducing errors. It is particularly beneficial for managing complex, multi-faceted development efforts, allowing you to maintain a clear overview of your work and make informed decisions. Maximize the Potential of Gemini CLI Gemini CLI is a powerful tool designed to empower developers by streamlining workflows, enhancing productivity, and reducing costs. By using features such as flexible authentication, custom commands, memory recall, and a large context window, you can transform Gemini CLI into a reliable development partner. Whether you are automating tasks, managing context, or experimenting with new ideas, Gemini CLI equips you with the tools needed to succeed in today's fast-paced development landscape. Media Credit: Sean Kochel Filed Under: AI, Guides, Top News Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
Geeky Gadgets
22-07-2025
- Business
- Geeky Gadgets
How Vibe-Kanban Makes Managing AI Coding Assistants Effortless
What if managing multiple AI coding assistants felt as effortless as sketching ideas on a whiteboard? For developers juggling tools like Claude Code, Gemini CLI, and AMP, the reality often involves a tangled web of workflows, misaligned tasks, and scattered updates. Enter Vibe-Kanban—a innovative platform that promises to redefine how you orchestrate AI-driven coding projects. With its centralized task management, real-time progress tracking, and seamless integrations, Vibe-Kanban is not just another productivity tool; it's a bold leap toward making AI collaboration intuitive and efficient. Imagine a workspace where every coding assistant works in harmony, delivering results faster and with fewer headaches. In this feature, World of AIexplore how Vibe-Kanban enables developers to streamline workflows and supercharge productivity. From assigning tasks to specific AI agents based on their unique strengths to deploying code with a single click, the platform offers a suite of tools designed to simplify even the most complex projects. You'll discover how Vibe-Kanban bridges the gap between creativity and execution, allowing you to focus on what truly matters: building great software. Whether you're curious about its real-time tracking capabilities, seamless GitHub integration, or customizable interface, this deep dive will leave you rethinking what's possible in AI-assisted development. After all, innovation thrives where chaos is tamed. Improving AI Workflow Management Centralized Orchestration for Enhanced Workflow Management Vibe-Kanban introduces a unified system to efficiently manage multiple AI coding agents. By assigning tasks to specific agents based on their unique capabilities, you can ensure optimal performance for every project. The platform supports both parallel and sequential task execution, allowing you to tackle even the most complex workflows with confidence. Real-time tracking is a core feature, categorizing tasks into clear stages such as 'To-Do,' 'In Progress,' and 'Done.' This provides a transparent overview of your project's progress, helping you identify bottlenecks and maintain momentum. With Vibe-Kanban, managing AI agents becomes an intuitive and streamlined process, allowing you to focus on achieving your development goals. Watch this video on YouTube. Streamlined Features to Boost Productivity Vibe-Kanban is designed to simplify your development process by minimizing repetitive tasks and enhancing efficiency. Its key features include: Single-click deployment: Quickly test and deploy code on development servers, saving valuable time and effort. Quickly test and deploy code on development servers, saving valuable time and effort. Centralized configuration management: Maintain consistent settings across all coding agents, reducing the risk of errors and inconsistencies. Maintain consistent settings across all coding agents, reducing the risk of errors and inconsistencies. Quick setup: Install the platform effortlessly using and npx commands, making sure a hassle-free onboarding experience. These features work together to create a streamlined environment where you can focus on critical aspects of your projects rather than getting bogged down by routine tasks. Vibe-Kanban AI Coding Assistant Workflow Manager Watch this video on YouTube. Stay informed about the latest in AI coding assistant by exploring our other resources and articles. Intuitive Task and Project Management Managing tasks and projects with Vibe-Kanban is both intuitive and efficient. The platform allows you to create new projects or link existing repositories, integrating seamlessly with your current workflow. Tasks can be assigned to AI agents based on their expertise, and their progress is tracked in real-time for maximum transparency. Additional capabilities include: Reviewing and approving changes before deployment to ensure quality control. Creating pull requests directly through GitHub integration, simplifying collaboration and version management. These features ensure that your projects remain organized, on track, and aligned with your development objectives. Flexible Integration and Customization Options Vibe-Kanban is built with flexibility and adaptability in mind, making it a versatile tool for developers. Its seamless integration with GitHub allows you to manage repositories, track changes, and create pull requests without leaving the platform. This eliminates the need to switch between multiple tools, saving time and reducing complexity. Customization options further enhance the user experience: Customizable themes: Tailor the interface to match your preferences, creating a more user-friendly and visually appealing workspace. Tailor the interface to match your preferences, creating a more user-friendly and visually appealing workspace. Compatibility with code editors: Work seamlessly with your preferred development tools, making sure a smooth and efficient workflow. These features make Vibe-Kanban adaptable to a wide range of development environments and individual preferences. Comprehensive Cross-Platform Support and Agent Compatibility Vibe-Kanban is designed to be accessible to developers across various operating systems, including macOS, Linux, and Windows. This cross-platform support ensures that you can use the platform regardless of your preferred development environment. Currently, Vibe-Kanban is compatible with AI coding agents such as Claude Code, Gemini CLI, and AMP. Plans are underway to expand compatibility to additional agents, further enhancing its versatility and appeal. This broad support makes it an ideal choice for developers working in diverse and dynamic environments. Secure Setup and Best Practices Getting started with Vibe-Kanban is straightforward. To begin, ensure that is installed on your system, along with the AI coding agents you plan to use. For a secure development process, it is recommended to set up the platform in a protected environment. This focus on security underscores Vibe-Kanban's commitment to providing a reliable and robust solution for developers. By adhering to best practices, you can maximize the platform's potential while safeguarding your projects and data. This ensures a smooth and secure development experience from start to finish. Empowering Developers with Vibe-Kanban Vibe-Kanban is more than just a tool; it is a comprehensive solution for managing AI coding assistants effectively. With features like real-time task tracking, parallel task execution, and seamless GitHub integration, it simplifies workflows and enhances productivity. Its cross-platform support and compatibility with multiple AI agents make it a versatile addition to any developer's toolkit. Whether you're managing small-scale projects or tackling complex workflows, Vibe-Kanban equips you with the tools and capabilities needed to stay organized, efficient, and focused on achieving your development goals. Media Credit: WorldofAI Filed Under: AI, Top News Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
Arabian Post
08-07-2025
- Business
- Arabian Post
Google's Gemini CLI Widens Access to Cutting‑Edge AI
Google has released Gemini CLI, a terminal‑based interface that brings the Gemini 2.5 Pro model directly into developers' shell environments, offering a powerful AI‑driven coding assistant alongside content generation and research capabilities. Sign‑in with a personal Google account grants users a free Gemini Code Assist licence, entitling them to an industry‑leading free tier of 60 model requests per minute and up to 1,000 requests per day—previously priced around $200/month for equivalent access elsewhere. Gemini CLI combines open‑source transparency with expansive language model power, including a one‑million‑token context window. It integrates Google Search for real‑time grounding and optional multimedia generation via Imagen and Veo. Delivered under Apache 2.0 licence, it supports Windows, macOS and Linux. Users can audit or extend its functionality, thanks to community‑driven standards like MCP and the GEMINI. md prompt protocol. This move positions Google as an accessible alternative to established tools such as Claude Code, GitHub Copilot and OpenAI Codex. Industry analyses note Gemini CLI's free offering matches or exceeds payment‑based plans: Claude Code's $200 'Max' tier provides roughly 200–800 prompts every five hours, while Gemini's allowance grants far more daily usage. ADVERTISEMENT Google's Senior Product Director Ryan Salva emphasised that the CLI delivers 'the most direct path from your prompt to our model,' noting its versatility beyond code tasks—encompassing content creation, research, troubleshooting and workflow automation. Despite enthusiast reactions, some early adopters report mixed experiences. A Hacker News post flagged confusion over environment variable naming when authenticating with Workspace accounts. On Reddit's r/ClaudeAI, users contrasted Gemini CLI with Claude Code—some criticising Gemini's initial responsiveness, while others appreciated its planning capabilities. One Reddit user commented: 'Gemini CLI is buggy right now. It's going to take a few iterations before it's a viable competitor.' Another noted: 'Spent about 20 minutes with it. Surprisingly slow and dumb… Gemini CLI is downright trash.' However, a counter‑view on developer blogs praised the tool's CLI‑centric design. A Medium piece highlighted the parsimony of the interface—omitting GUIs in favour of efficient terminal workflows—and underlined the generous free limits as a substantive differentiator. This launch arrives amid a shift in the AI‑coding market, where what were once premium, paid tiers are increasingly being offered for free or heavily discounted. Platforms such as Perplexity, ChatGPT and Anthropic have each introduced $200/month 'premium' offerings. Gemini CLI's zero‑cost access poses a competitive challenge to this emerging pricing structure. Google's rollout follows the March 2025 release of Gemini 2.5 Pro, which introduced advanced reasoning capabilities and the integration of multistep 'Deep Think' planning, supported by a massive token window—features that underpin the CLI's functionality. As Gemini CLI moves from preview to broader adoption, developers are watching for improvements in stability, Workspace account support and clarity around post‑quota pricing. Google has not detailed plans for paid tiers beyond the free allocation. Meanwhile, the open‑source model positions both Google and the community to iterate rapidly.
