A critical privilege escalation vulnerability affecting Google Cloud API keys specifically how legacy public-facing keys now silently grant unauthorized access to Google’s Gemini AI endpoints, exposing private files, cached data, and billable AI usage to attackers. For over a decade, Google explicitly instructed developers to embed API keys formatted as AIza... strings directly into client-side […] The post Google API Keys Expose Private Data Silently Through Gemini appeared first on Cyber Security News.