Threat hunters find Google API keys still usable 23 minutes after deletion
Plenty of time for cyber crims to grab data or hit you with a giant bill
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Plenty of time for cyber crims to grab data or hit you with a giant bill
Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive Exclusive Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to steal API keys and access tokens, and the vendors who run agents didn’t disclose the problem.…
Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.…
And the iOS titan doesn't seem that bothered with this data leaking out Last week, Apple began requiring iOS developers justify the use of a specific set of APIs that could be used for device fingerprinting. Yet the iGiant doesn't appear to be making much effort to ensure that Google, Meta, and Spotify comply with the rules, it's claimed.…
Infosec folk aren’t thrilled that if you poke APIs enough, you learn AI's secrets Boffins have managed to pry open closed AI services from OpenAI and Google with an attack that recovers an otherwise hidden portion of transformer models.…
With more than 1,500 tokens exposed, research highlights importance of securing supply chains in AI and ML The API tokens of tech giants Meta, Microsoft, Google, VMware, and more have been found exposed on Hugging Face, opening them up to potential supply chain attacks. …
No security alert fatigue here Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.…
Oh, serve me ads, lots of ads, under clouded eyes above, just fence me in Google in the next few days plans to begin testing fenced frames, a proposed web API to help its Privacy Sandbox ad technologies meet commitments to privacy of a sort.…