ResearchBuzz: FirehoseMay 23

The Register: Threat hunters find Google API keys still usable 23 minutes after deletion. “You know your Google API key has leaked so you rush to disable it before bad actors can start running up charges on your account. Bad news: According to security researchers at Aikido, people can use the API keys for up to 23 minutes after a user deletes them, creating a window of opportunity that, when […]

https://rbfirehose.com/2026/05/23/the-register-threat-hunters-find-google-api-keys-still-usable-23-minutes-after-deletion/
The Register: Threat hunters find Google API keys still usable 23 minutes after deletion

The Register: Threat hunters find Google API keys still usable 23 minutes after deletion. “You know your Google API key has leaked so you rush to disable it before bad actors can start runnin…

ResearchBuzz: Firehose
Arint - SEO+KIMay 23

RT @AikidoSecurity: Das Löschen eines Google-API-Schlüssels widerruft ihn nicht sofort. Unsere Forschung ergab erfolgreiche Authentifizierungen bis zu 23 Minuten nach der Löschung in der gesamten Google-Infrastruktur. In diesem Zeitfenster können Angreifer mit einem geleakten Schlüssel weiterhin auf aktivierte APIs, einschließlich Gemini, zugreifen. Google hat unseren Bericht als „wird nicht behoben“ geschlossen.

mehr auf Arint.info

#APIKeys #Cybersecurity #DataProtection #Gemini #GoogleAPI #TechNews #arint_info

https://x.com/AikidoSecurity/status/2057451447881486837#m

Arint - SEO+KI (@[email protected])

<p>RT @AikidoSecurity: Das Löschen eines Google-API-Schlüssels widerruft ihn nicht sofort. Unsere Forschung ergab erfolgreiche Authentifizierungen bis zu 23 Minuten nach der Löschung in der gesamten Google-Infrastruktur. In diesem Zeitfenster können Angreifer mit einem geleakten Schlüssel weiterhin auf aktivierte APIs, einschließlich Gemini, zugreifen. Google hat unseren Bericht als „wird nicht behoben“ geschlossen.</p> <p><a href="https://arint.info/@Arint/116624725733838911">mehr</a> auf <a href="https://arint.info/">Arint.info</a></p> <p>#APIKeys #Cybersecurity #DataProtection #Gemini #GoogleAPI #TechNews #arint_info</p> <p><a href="https://x.com/AikidoSecurity/status/2057451447881486837#m">https://x.com/AikidoSecurity/status/2057451447881486837#m</a></p>

Mastodon Glitch Edition
TechNaduMay 22

Researchers say deleted Google API keys may stay active for up to 23 minutes due to cloud propagation delays.

The issue could reportedly allow continued access to Gemini uploads, APIs, and cloud resources after key deletion.

https://www.technadu.com/google-api-keys-remain-usable-after-deletion-for-up-to-23-minutes-report-says/628304/

#Cybersecurity #CloudSecurity #GoogleCloud #APIKeys

Arint - SEO+KIMay 22

RT @AikidoSecurity: Das Löschen eines Google-API-Schlüssels widerruft ihn nicht sofort. Unsere Forschung ergab erfolgreiche Authentifizierungen bis zu 23 Minuten nach der Löschung über die Google-Infrastruktur. In diesem Zeitraum können Angreifer mit einem geleakten Schlüssel weiterhin auf aktivierte APIs, einschließlich Gemini, zugreifen. Google hat unseren Bericht als „nicht behoben“ geschlossen.

mehr auf Arint.info

#APIKeys #Cybersecurity #DataProtection #Gemini #GoogleAPI #TechNews #arint_info

https://x.com/AikidoSecurity/status/2057451447881486837#m

Arint - SEO+KI (@[email protected])

<p>RT @AikidoSecurity: Das Löschen eines Google-API-Schlüssels widerruft ihn nicht sofort. Unsere Forschung ergab erfolgreiche Authentifizierungen bis zu 23 Minuten nach der Löschung über die Google-Infrastruktur. In diesem Zeitraum können Angreifer mit einem geleakten Schlüssel weiterhin auf aktivierte APIs, einschließlich Gemini, zugreifen. Google hat unseren Bericht als „nicht behoben“ geschlossen.</p> <p><a href="https://arint.info/@Arint/116616232872029633">mehr</a> auf <a href="https://arint.info/">Arint.info</a></p> <p>#APIKeys #Cybersecurity #DataProtection #Gemini #GoogleAPI #TechNews #arint_info</p> <p><a href="https://x.com/AikidoSecurity/status/2057451447881486837#m">https://x.com/AikidoSecurity/status/2057451447881486837#m</a></p>

Mastodon Glitch Edition
NERDS.xyz – Real Tech News for Real Nerds [Unofficial]May 20

1Password secures coding agents with new OpenAI Codex integration

https://fed.brid.gy/r/https://nerds.xyz/2026/05/1password-openai-codex-security/

ResearchBuzz: FirehoseMay 16

The Register: Google users fight for refunds as unauthorized API usage bills soar. “Several Google Cloud customers say their API keys have been compromised and used by bad actors to run inferencing workloads using the most expensive video and picture models, leaving them with bills for tens of thousands of dollars and weeks of back-and-forth headaches with the Chocolate Factory as they tried to […]

https://rbfirehose.com/2026/05/16/the-register-google-users-fight-for-refunds-as-unauthorized-api-usage-bills-soar/
The Register: Google users fight for refunds as unauthorized API usage bills soar

The Register: Google users fight for refunds as unauthorized API usage bills soar. “Several Google Cloud customers say their API keys have been compromised and used by bad actors to run infer…

ResearchBuzz: Firehose
N-gated Hacker NewsApr 26
Ah yes, another "revolutionary" #API promising to unite the #AI models of #Europe with the transformative power of a single login screen. 🌍🔑 Because apparently, the real challenge in AI isn't the technology, but remembering which API key unlocks #Skynet. 🤖✨
https://www.edenai.co #Revolution #Tech #Innovation #APIKeys #HackerNews #ngated
Eden AI | One API to Route Best AI Models

Access 500+ LLMs and expert AI models through one unified API. Route requests by cost, performance, and region with built-in smart routing and fallbacks.

N-gated Hacker NewsApr 16
Ah, the digital Fort Knox of API keys! 🏰 Because who wouldn't want to turn their code into an unending #security checkpoint #circus 🎪, complete with browser verifications and #JavaScript hijinks? Just what every developer dreams of: #debugging security measures instead of their actual code! 🚀
https://www.keycard.studio/ #APIkeys #DeveloperLife #HackerNews #ngated
Hacker NewsApr 15

My adventure in designing API keys

https://vjay15.github.io/blog/apikeys/

#HackerNews #APIkeys #Adventure #Coding #Design #TechBlog

My adventure in designing API keys

BSidesLuxembourgApr 13

🚀 New Talk Confirmed for BSides Luxembourg 2026!

Leaky API Keys, Log Tampering, and Account Takeover – Aleksa Zatezalo

Modern cloud systems are highly secure in isolation, but real-world risk emerges at the seams — where services integrate. This talk explores how seemingly minor misconfigurations in logging pipelines, API integrations, and third-party services can quietly escalate into high-impact security breaches.

Through three real-world inspired vulnerability scenarios, the session demonstrates how leaked API keys from client-side logs, misconfigured S3 uploads, and insecure integrations (such as Supabase and financial data pipelines) can be chained into account takeover paths. The focus is on understanding the underlying anti-patterns rather than isolated bugs.

Attendees will leave with a structured framework to identify these cross-service weaknesses and practical remediation strategies that go beyond patching symptoms — targeting the architectural root causes that enable entire classes of exploitation.

Aleksa Zatezalo is a security engineer and software developer with experience in cloud security consulting, offensive security tooling, and contributions to Metasploit. He currently works at Praetorian and is OSCP-certified, pursuing OSCE3, with a strong focus on applied offensive security research.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://pretalx.com/bsidesluxembourg-2026/schedule/

📱 Want an easy way to follow the schedule?
Use Hacker Tracker: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #CloudSecurity #APIKeys #AccountTakeover #DevSecOps #CyberSecurity