Researchers identify thousands of live Google API keys with Gemini access
Thousands of exposed Google Cloud API keys can authenticate to Gemini endpoints when the Generative Language API is enabled, allowing attackers to access files and run up AI charges, according to research from Truffle Security. The issue expands the risk profile of keys originally used as billing identifiers and has prompted Google to implement blocking […]
Bell, Telus withdraw CRTC complaints over network sharing
Bell Canada and Telus Corp. have withdrawn competing complaints before the CRTC over fibre network access, ending a public dispute in the first year of Canada’s regulator-imposed wholesale framework. The detente clears the way for Bell to expand into Telus’s Western Canadian fibre network. On Monday, both companies asked to withdraw their applications, and the […]
Non-admin consent in Entra ID opens door to email compromise
Threat actors are exploiting Microsoft Entra ID through Open Authorization (OAuth) consent abuse, using seemingly legitimate third-party apps, including those branded like ChatGPT, to gain access to corporate email without stealing passwords. The technique relies on users approving sensitive permissions, allowing attackers to read inboxes silently once consent is granted. OAuth enables applications to access […]
California mandates OS-level age signals for app developers by 2027
California will require operating system providers to collect users’ age information at account setup and share that data with app developers through a real-time API under the Digital Age Assurance Act (AB 1043), signed into law in October 2025. The measure, which takes effect Jan. 1, 2027, shifts age-awareness and potential liability from platforms to […]
