Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI ...
MIT Technology Review

The Download: The startup that says it can stop lightning, and inside OpenAI’s Pentagon deal

This is today's edition of The Download, our weekday newsletter that provides a daily dose of what's going on in the world of technology.
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.