The Hacker News

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private ...
Bitdefender

Leaked Google API keys can unlock Gemini API access and surprise bills

Google Cloud API keys have long appeared in public JavaScript to power Maps, YouTube embeds, analytics and Firebase features. Historically, many teams treated those strings as “ok to expose,” mainly ...
Bleeping Computer

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such ...
cybernews

Hackers can exploit thousands of exposed Google API keys to access Gemini and steal data

Websites leak Google API keys. Apps leak Google API keys. Even code repositories are full of them. What used to be a nuisance is now letting attackers access your Gemini and sensitive data, security ...
Infosecurity-magazine.com

Vibe-Coded Moltbook Exposes User Data, API Keys and More

A self-styled social networking platform built for AI agents contained a misconfigured database which allowed full read and write access to all data, security researchers have revealed. Moltbook was ...
cryptopolitan

10,000 users’ OpenAI API keys have found stolen by fake Chrome AI extension

A Chrome extension posing as an AI assistant exposed more than 10,000 users, secretly harvesting OpenAI API keys and sending data to attacker-controlled servers. Researchers say at least 459 API keys ...
CoinTelegraph

Viral AI assistant ‘Clawdbot’ risks leaking private messages, credentials

Cybersecurity researchers have raised red flags about a new artificial intelligence personal assistant called Clawdbot, warning it could inadvertently expose personal data and API keys to the public.
Mashable

Microsoft warns that an OpenAI API is being abused as a backdoor for 'espionage'

On Monday, Microsoft Detection and Response Team (DART) researchers warned that an OpenAI API was being abused as a backdoor for malware. The researchers concluded that bad actors were using the novel ...
Visual Studio Magazine

VS Code Expands AI Flexibility with Bring Your Own Key

Microsoft announced expanded AI model support in Visual Studio Code through a new Bring Your Own Key (BYOK) capability that lets developers connect models from different providers by entering their ...
Beebom

How to Access Claude 3 API for Opus and Sonnet Models (With Examples)

Anthropic is offering $5 worth of free API access to users and developers. You can start using the API for Opus and Sonnet models. However, API access for the smallest Haiku model is not available yet ...
Search Engine Land

Google clarifies API key process for local inventory feeds

After months of merchant frustration over securing the required API key for website-reported local inventory feeds via Google Tag Manager, Google has now confirmed a straightforward process: Why we ...