Bleeping Computer

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such ...
SiliconANGLE

JumpCloud resets admin API keys after unspecified ‘ongoing incident’

Cloud directory-as-a-service provider JumpCloud Inc. has reset admin application programming interface keys for customers due to an unspecified “ongoing incident.” Exactly what the ongoing incident is ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

In short:Security researcher Aonan Guan hijacked AI agents from Anthropic, Google, and Microsoft via prompt injection attacks on their GitHub Actions integrations, stealing API keys and tokens in each ...
Searchenginejournal.com

Security Researcher: WordPress 7.0 Could Trigger Rush To Steal AI API Keys

Oliver Sild, founder of Patchstack WordPress security company, shared concerns about the security of AI API keys in WordPress 7.0, sharing that there “will be an absolute rush by hackers to steal API ...
GIGAZINE

Researchers have confirmed that leaked Google API keys may remain usable for approximately 23 minutes after deletion.

API keys are authentication credentials that apps and services use to access APIs such as Google Cloud, and if they are leaked, they can be misused by third parties. Typically, when developers notice ...
Forbes

How Attackers Are Using APIs To Target Your Business

In January 2023, a large telecommunications company suffered a breach, compromising over 37 million customer accounts. The criminals responsible gained access to an array of personally identifiable ...