The Next Web

LinkedIn is secretly scanning your browser for 6,000 extensions, and you weren’t told

LinkedIn runs a hidden JavaScript script called Spectroscopy that silently probes over 6,000 Chrome extensions and collects ...
Hacker

Claude Code Security Analysis: Understanding the CVE-2026-21852 API Key Exfiltration ...

Shekar Munirathnam is a Senior Advanced Cyber Security Architect specializing in Identity and Access Management and Enterprise Security Architecture ...
CPO Magazine

Researchers Warn Benign Google API Keys Could be Exploited to Rack Up Gemini AI Bills

Researchers with Truffle Security are warning that old and seemingly benign Google API keys might now be weaponized by threat actors after gaining Gemini AI authorization permissions, in a destructive ...
The Hacker News

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private ...
CSOonline

‘Silent’ Google API key change exposed Gemini AI data

Google Cloud API keys, normally used as simple billing identifiers for APIs such as Maps or YouTube, could be scraped from websites to give access to private Gemini AI project data, researchers from ...
Windows Report

Hackers Could Exploit Exposed Google API Keys to Access Gemini AI

Google is facing renewed security scrutiny after researchers revealed that publicly exposed API keys can be abused to access Gemini AI services. The issue centers on Google API keys embedded in client ...
Bleeping Computer

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such ...
thecyberexpress

AI-Coded Moltbook Platform Exposes 1.5 Mn API Keys Through Database Misconfiguration

Viral social network “Moltbook” built entirely by artificial intelligence leaked authentication tokens, private messages and user emails through missing security controls in production environment.
Contract Pharma

API Manufacturing: Key Trends Reshaping the Global Market

Active pharmaceutical ingredients (APIs) form the backbone of modern medicine, driving the efficacy and safety of countless therapeutic products. According to a recent report by MarketsandMarkets, the ...
Infosecurity-magazine.com

Vibe-Coded Moltbook Exposes User Data, API Keys and More

A self-styled social networking platform built for AI agents contained a misconfigured database which allowed full read and write access to all data, security researchers have revealed. Moltbook was ...
cryptopolitan

10,000 users’ OpenAI API keys have found stolen by fake Chrome AI extension

A Chrome extension posing as an AI assistant exposed more than 10,000 users, secretly harvesting OpenAI API keys and sending data to attacker-controlled servers. Researchers say at least 459 API keys ...