SecurityWeek

Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access

The Google API keys, all using the ‘AIza…’ format, can be abused for retroactive privilege escalation: a key that a developer ...

Security study finds thousands of API credentials exposed on the web for years

Researchers scan 10 million websites and uncover thousands of exposed API keys quietly granting access to cloud systems and ...
Infosecurity Magazine

Google API Keys Quietly Gain Access to Gemini on Android Devices

A flaw in Google's API key system has reportedly exposed mobile applications to unintended access to its Gemini AI platform.
heise online

Google's unprotected API keys a security and cost risk due to Gemini AI

Google is working to fix a problem with its API keys after security researchers pointed out possible misuse. This is because the keys for accessing Google's cloud services, such as Maps or Firebase, ...

API Key Leak Exposes AWS, Stripe, OpenAI Credentials Across Thousands of Sites

Researchers found thousands of exposed API keys across 10 million webpages, including AWS, Stripe, and OpenAI credentials left vulnerable in public code.
Dark Reading

Thousands of Mobile Apps Leaking Twitter API Keys

Thousands of mobile apps are leaking Twitter API keys — some of which give adversaries a way to access or take over the Twitter accounts of users of these applications and assemble a bot army for ...
Security Boulevard

The AI Supply Chain is Actually an API Supply Chain: Lessons from the LiteLLM Breach

The recent supply chain attack involving Mercor and the LiteLLM vulnerability serves as a massive wake-up call for enterprise security teams. While the security industry has spent the last year ...