Tag

Api Keys

All articles tagged with #api keys

Coordinated JetBrains plugins siphon AI API keys from developers
security24 days ago

Coordinated JetBrains plugins siphon AI API keys from developers

Security researchers identified at least 15 malicious JetBrains Marketplace plugins, published under seven vendor accounts, that secretly exfiltrate AI provider API keys entered by users in plugin settings to a remote server. The plugins, which pretend to be AI coding assistants, code-review tools, and Git utilities, rely on services like OpenAI, DeepSeek, and SiliconFlow and share nearly identical code across multiple packages. They even offer a paid tier that may hand out API keys to paying users. The campaign ran from Oct 2025 to Jun 2026 and has been installed roughly 70,000 times, with the DeepSeek AI Assist and CodeGPT AI Assistant as the top downloads. JetBrains has not publicly commented as of publication.

Public Google API keys unlock Gemini AI data risk
technology4 months ago

Public Google API keys unlock Gemini AI data risk

Researchers found nearly 3,000 Google API keys publicly exposed in client-side code that could authenticate to Google's Gemini AI and access private data. Google says it has implemented protections to block leaked keys from Gemini and will notify developers, who should audit and rotate keys. The exposure was uncovered by TruffleSecurity via the November 2025 Common Crawl dataset, highlighting potential abuse where attackers could incur API charges by making Gemini calls.

JumpCloud Takes Action to Secure Admin API Keys in Response to Ongoing Incident
technology3 years ago

JumpCloud Takes Action to Secure Admin API Keys in Response to Ongoing Incident

JumpCloud, a US-based enterprise software firm, has reset admin API keys for several customers due to an ongoing security incident. The company invalidated existing keys as a precautionary measure to protect customer organizations. Affected organizations are required to generate new API keys. JumpCloud, headquartered in Colorado, provides a cloud-based directory-as-a-service platform to over 180,000 organizations worldwide. The nature and impact of the incident are currently under investigation.