A significant gap in Google’s API key revocation process leaves deleted credentials functional for up to 23 minutes, creating an exploitable window for attackers holding leaked keys. When a Google API key is deleted via the Google Cloud Platform (GCP) console, the UI states: “Once deleted, it can no longer be used to make API requests.” Researchers […]
The post Deleted Google API Keys Still Access Gemini, BigQuery, Maps APIs appeared first on Cyber Security News.