The Hacker News

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

Research reveals 2,863 public Google API keys can access Gemini endpoints, enabling data exposure and massive billing abuse.

Google broke up an international spy ring using… Sheets

Such is the case with Google Sheets. Google reports that it disrupted a wide-ranging cyberattack that used the web app as a backdoor to spy on users. Google’s Threat Intelligence Group, working with ...

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI ...
InfoWorld

‘Silent’ Google API key change exposed Gemini AI data

API key exploitation is more than hypothetical. In a different context, a student who reportedly exposed a GCP API key on GitHub last June was left nursing a $55,444 bill (later waived by Google) ...

QuickLens Chrome extension steals crypto, shows ClickFix attack

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...
SecurityWeek

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant

A Chrome vulnerability allowed malicious extensions to hijack the browser’s Gemini Live assistant to spy on users and exfiltrate data.

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC ...

Google says it's stopped a Google Sheets-based 'global espionage campaign', which is about the most exciting thing I think it's ever been used for

The unlikeliest of foes.