CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Google API Keys Expose Gemini AI Data

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Google API keys, previously considered harmless, now expose Gemini AI data due to a privilege escalation. Researchers found nearly 3,000 exposed keys across various sectors, including Google itself. These keys can authenticate to Gemini AI and access private data, potentially leading to significant financial losses for victims. New research from Truffle Security and Quokka has revealed the extent of this issue, with thousands of API keys embedded in client-side code and Android apps. Google has implemented measures to block leaked API keys and notify affected parties.

Timeline

  1. 26.02.2026 22:55 2 articles · 2d ago

    Google API Keys Expose Gemini AI Data

    Researchers discovered that Google API keys, previously harmless, now expose Gemini AI data. Nearly 3,000 keys were found exposed across various sectors. Google has classified the issue as a privilege escalation and is implementing measures to block leaked keys and notify affected parties. New research from Truffle Security and Quokka has revealed the extent of this issue, with thousands of API keys embedded in client-side code and Android apps. A Reddit user claimed $82,314.44 in charges due to a stolen Google Cloud API key.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Exposed Secrets in JavaScript Bundles Across Millions of Applications

A study by Intruder's research team revealed that over 42,000 exposed tokens across 334 secret types were found in 5 million scanned applications. These tokens, often missed by traditional vulnerability scanners, pose significant security risks, including unauthorized access to code repositories, project management tools, and other sensitive services. The research highlights the limitations of existing secrets detection methods and underscores the need for more comprehensive scanning techniques. The exposed tokens included 688 GitHub and GitLab personal access tokens, many of which were still active and gave full access to repositories. An API key for Linear, a project management application, was also found embedded directly in front-end code, exposing the organization’s entire Linear instance. Additionally, exposed secrets were found across a wide range of other services, including CAD software APIs, email platforms, webhooks for chat and automation platforms, PDF converters, sales intelligence and analytics platforms, and link shorteners. The findings underscore the need for more comprehensive scanning techniques to prevent such exposures.

Open in new tab

OAuth Device Code Phishing Campaigns Target Microsoft 365 Accounts

A surge in phishing campaigns exploiting Microsoft’s OAuth device code authorization flow has been observed, targeting Microsoft 365 accounts. Both state-aligned and financially motivated actors are using social engineering to trick users into approving malicious applications, leading to account takeover and data theft. The attacks leverage the OAuth 2.0 device authorization grant, a legitimate process designed for devices with limited input capabilities. Once victims enter a device code generated by an attacker-controlled application, the threat actor receives a valid access token, granting control over the compromised account. The campaigns use QR codes, embedded buttons, and hyperlinked text to initiate the attack chain, often claiming to involve document sharing, token reauthorization, or security verification. The growth of these campaigns is linked to readily available phishing tools like SquarePhish2 and Graphish, which simplify device code abuse and require limited technical skill. Proofpoint observed financially motivated actor TA2723 and Russia-linked group UNK_AcademicFlare adopting this technique, targeting various sectors in the US and Europe. The activity, ongoing since September 2025, is being tracked by Proofpoint under the moniker UNK_AcademicFlare. The attacks involve using compromised email addresses belonging to government and military organizations to strike entities within government, think tanks, higher education, and transportation sectors in the U.S. and Europe. The adversary claims to share a link to a document that includes questions or topics for the email recipient to review before the meeting. The URL points to a Cloudflare Worker URL that mimics the compromised sender's Microsoft OneDrive account and instructs the victim to copy the provided code and click 'Next' to access the supposed document. Device code phishing was documented in detail by both Microsoft and Volexity in February 2025, attributing the use of the attack method to Russia-aligned clusters such as Storm-2372, APT29, UTA0304, and UTA0307. The October 2025 campaign is assessed to have been fueled by the ready availability of crimeware offerings like the Graphish phishing kit and red-team tools such as SquarePhish. To counter the risk posed by device code phishing, the best option is to create a Conditional Access policy using the Authentication Flows condition to block device code flow for all users. If that's not feasible, it's advised to use a policy that uses an allow-list approach to allow device code authentication for approved users, operating systems, or IP ranges. Threat actors are now targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts. Unlike previous attacks that utilized malicious OAuth applications to compromise accounts, these campaigns instead leverage legitimate Microsoft OAuth client IDs and the device authorization flow to trick victims into authenticating. This provides attackers with valid authentication tokens that can be used to access the victim's account without relying on regular phishing sites that steal passwords or intercept multi-factor authentication codes.

Open in new tab

Google Gemini AI Vulnerabilities Allowing Prompt Injection and Data Exfiltration

Researchers disclosed multiple vulnerabilities in Google's Gemini AI assistant that could have exposed users to privacy risks and data theft. The flaws, collectively named the Gemini Trifecta, affected Gemini Cloud Assist, the Search Personalization Model, and the Browsing Tool. These vulnerabilities allowed for prompt injection attacks, search-injection attacks, and data exfiltration. Google has since patched the issues and implemented additional security measures. Additionally, a zero-click vulnerability in Gemini Enterprise, dubbed 'GeminiJack', was discovered in June 2025, allowing attackers to exfiltrate corporate data via indirect prompt injection. Google addressed this flaw by separating Vertex AI Search from Gemini Enterprise and updating their interaction with retrieval and indexing systems. A new prompt injection flaw in Google Gemini allowed attackers to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The flaw enabled unauthorized access to private meeting data and the creation of deceptive calendar events without any direct user interaction. The attack involved a malicious payload hidden within a standard calendar invite, which was activated when a user asked Gemini about their schedule. The flaw allowed Gemini to create a new calendar event and write a full summary of the target user's private meetings in the event's description. The issue was addressed following responsible disclosure, highlighting the need for evaluating large language models across key safety and security dimensions. The vulnerabilities highlight the potential risks of AI tools being used as attack vectors rather than just targets.

Open in new tab