API keys
Coverage of API keys in the Nexus archive.
- Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Hackers are exploiting a patched security flaw in the Gravity SMTP WordPress plugin, affecting approximately 100,000 sites. The vulnerability, CVE-2026-4020, is a medium-severity information disclosure flaw allowing unauthenticated attackers to extract sensitive data like API keys and OAuth tokens.
- Google API Keys Remain Active After Deletion
A security researcher discovered that Google API keys remain active for approximately 23 minutes after deletion, contradicting Google's claim of immediate deletion. This delay poses a potential security risk as deleted keys can still be used to access cloud resources during the grace period.
- Hack at Vercel sends crypto developers scrambling to lock down API keys
A security breach at Vercel has prompted cryptocurrency developers to urgently secure their API keys, raising concerns about potential data exposure and misuse.
- [Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data
In 2024, 68% of cloud breaches were caused by compromised service accounts and forgotten API keys, not phishing or weak passwords. Enterprises face risks from unmanaged non-human identities like automated credentials, with 40–50 per employee, often left unaddressed after project closures or employee departures.
- Keycard – inject API keys into subprocesses, never touch shell env
Keycard is a tool designed to securely inject API keys into subprocesses without exposing them to the shell environment, enhancing security for developers. It aims to prevent accidental API key leaks by avoiding reliance on shell environment variables.