The Hacker News

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

Research reveals 2,863 public Google API keys can access Gemini endpoints, enabling data exposure and massive billing abuse.

Google's unprotected API keys a security and cost risk due to Gemini AI

Security researchers have found nearly 3000 publicly visible Google API keys authorizing Gemini. This allows abusive access.
InfoWorld

‘Silent’ Google API key change exposed Gemini AI data

API key exploitation is more than hypothetical. In a different context, a student who reportedly exposed a GCP API key on GitHub last June was left nursing a $55,444 bill (later waived by Google) ...

Dev stunned by $82K Gemini bill after unknown API key thief goes to town

Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed A developer says their company is on the hook for more than $82,000 in unauthorized charges after a ...
The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.
Dark Reading

Cybercrooks Scrape OpenAI API Keys to Pirate GPT-4

Yesterday, moderators of the r/ChatGPT Discord channel banned a script kiddie who was freely sharing stolen OpenAI API keys with hundreds of other users. API keys allow developers to integrate ...
CSOonline

Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP

Chrome extensions were spotted leaking sensitive browser data like API keys, secrets, and tokens via unguarded HTTP transmissions and hardcoded spills. Seemingly harmless Chrome extensions aimed at ...
InfoWorld

How to improve API security in ASP.NET Core

Take advantage of authentication and authorization, API keys, rate limiting, CORS, API versioning, and other recommended practices to build secure and robust APIs in ASP.NET Core. Because our APIs ...