Dossier
Joseph Leon
Coverage of Joseph Leon in the Nexus archive.
- Threat hunters find Google API keys still usable 23 minutes after deletion
Security researchers at Aikido discovered that Google API keys remain usable for up to 23 minutes after deletion, creating a significant vulnerability window for attackers. When combined with Google's automatic billing tier upgrades, compromised keys can lead to devastating financial charges as bad actors exploit Gemini and other services before the credentials are fully revoked across Google's infrastructure.