ALL POSTS

Key Findings Nearly 3,000 Google API keys (identified by the prefix "AIza") were found embedded in client-side code, providing access to sensitive Gemini endpoints and private data. The problem occurs when users enable the Gemini API on a Google Cloud project, causing the existing API keys in that project to gain access to Gemini endpoints without any warning or notice. Creating a new API key in Google Cloud defaults to "Unrestricted," meaning it's applicable for every enable

Key Findings Dutch Data Protection Authority (AP) and Council for the Judiciary (Rvdr) confirmed cyber attacks exploiting Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities Attacks exposed employee contact information, including names, work emails, and phone numbers European Commission also detected a cyberattack on its mobile device management platform, exposing some staff names and phone numbers Ivanti acknowledged vulnerabilities (CVE-2026-1281 and CVE-2026-1340) have b

Background Nikkei Inc., a major Japanese financial news and media group, including the Financial Times, disclosed a data breach affecting its internal Slack workspace. The breach was first discovered in September 2023 after noticing unusual logins to employee messaging accounts. The incident led to the exposure of sensitive, private information belonging to over 17,000 people, including employees and business partners. Key Findings The Entry Point: A Stolen Slack Account The