GIGAZINE

The API key that Google had announced as 'OK to publish' is also the Gemini authentication key, so there are a lot of websites that are leaking personal information

Google has stated that API keys for services like Firebase and Google Maps are 'safe to share,' but Truffle Security has discovered that the same keys can be used to access Gemini, the administrator's ...
Infosecurity-magazine.com

The Growing Threat of Broken Authentication Attacks on APIs

Application programming interfaces (APIs) are integral to the functionality of the internet today. By enabling communications between programs, they make many processes more efficient and convenient, ...
Infosecurity Magazine

Cursor Extension Flaw Exposes Developer API Keys

Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX ...
GIGAZINE

Anthropic officially bans third-party subscription authentication

As a result, developers building products or services that integrate with Claude's features, including the Agent SDK, must use API key authentication through the Claude Console or a supported cloud ...

ClickUp Data Leak Exposes Enterprise Emails for Over a Year

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security ...
Hosted on MSN

Study finds thousands of sites exposed API keys and other credentials

Researchers scanning 10 million webpages have found that nearly 10,000 pages contained live API credentials left in plain sight, potentially exposing access to services from cloud platforms to payment ...
SiliconANGLE

Researchers find 3,000+ mobile apps exposing Twitter API keys

Cybersecurity researchers have discovered more than 3,000 mobile apps exposing Twitter Inc. application programming interface keys that can be used to gain access to or take over Twitter accounts.