Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
| 2 Mar 2026 | |
| Written by Gabi Gerber | |
| Attacks & Threats |
| Security Operation Center, Hacking Topics |
Thousands of Public Google Cloud API Keys Exposed with Gemini Access — New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The problem occurs when users enable the Gemini API on a Google Cloud project (i.e., Generative Language API), causing the existing API keys in that project, including those accessible via the website JavaScript code, to gain surreptitious access to Gemini endpoints without any warning or notice. With a valid key, an attacker can access uploaded files, cached data, and even rack up LLM usage charges, Truffle Security said. The issue has since been plugged by Google. Read more
The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft. More...
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's bei… More...
AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strik… More...
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Wi… More...
Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to ne… More...
The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft. More...
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's bei… More...
AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strik… More...
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Wi… More...
Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to ne… More...
