In today’s cybersecurity news…
Google API keys in Android apps expose Gemini endpoints
Researchers from Truffle Security are warning that API keys for public services such as Google Maps can be used to authenticate to the Gemini AI assistant, potentially exposing personal data. This announcement was based on the researchers scanning millions of websites and finding nearly 3,000 Google API keys that “now also authenticate to Gemini even though they were never intended for it.” This could allow an attacker to “access uploaded files, cached data, and charge LLM-usage to your account.” Additional research from mobile security firm Quokka led to the discovery of over 35,000 unique keys across 250,000 Android applications. CloudSEK, too, says it discovered 32 Google API keys hardcoded in 22 popular Android apps that provide unauthorized access to Gemini AI.
Acrobat Reader zero-day flaw exploited since December
According to BleepingComputer, “the attacks were discovered by security researcher Haifei Li, the founder of the sandbox-based exploit-detection platform EXPMON, who warned on Tuesday that the attackers are using what he described as a ‘highly sophisticated, fingerprinting-style PDF exploit to target an undisclosed Adobe Reader security flaw.’” Li added that Adobe users have been targeted for at least 4 months, stealing data from compromised systems using privileged APIs and deploying additional exploits. A link to Li’s long list of security vulnerabilities in Microsoft, Google, and Adobe software, many of which have been exploited in zero-day attacks, available in the show notes to this episode.
Microsoft developer chief Julia Liuson departs
Liuson will resign as president of Microsoft’s developer division at the end of June, though she will continue in an advisory role. She has been part of Microsoft’s CoreAI division, introduced by CEO Satya Nadella in January 2025. She also assumed responsibility for GitHub in August 2025, at which time GitHub became part of CoreAI. Liuson, who started at Microsoft after graduating in 1992, is credited with “leading the effort to make the .NET platform open source and cross-platform.”
Cryptocurrency ATM company Bitcoin Depot reports cyberattack
This March 23 attack resulted in a threat actor gaining control of credentials associated with the company’s digital asset settlement accounts, leading to the theft of almost 51 Bitcoin from company-controlled wallets, which had a value of $3.665 million as of the date of this report. Bitcoin Depot believes that the incident was contained to the company’s corporate environment and did not affect the company’s customer platforms, divisions, systems, data or environments. Bitcoin Depot is the largest cryptocurrency ATM company in the U.S.
Huge thanks to our sponsor, Vanta
Breach exposes sensitive LAPD files stored in city attorney system
The Los Angeles Police Department made an announcement on Tuesday stating that hackers “gained access to a Los Angeles City Attorney’s Office digital storage system containing sensitive police documents.” These documents had been turned over in discovery from previously resolved or settled LAPD civil litigation cases. The hackers did not breach any LAPD systems or networks, according to an LAPD press release. The statement said the hackers accessed a “third-party tool used by the City Attorney’s Office to transfer discovery to opposing counsel and litigants.”
Minnesota governor calls in National Guard after cyberattack
This follows a ransomware attack on Winona County on Monday, which disrupted “vital emergency and critical services.” Minnesota governor Tim Walz issued an executive order on Tuesday, saying “Unfortunately, the scale and complexity of this incident has exceeded both internal and commercial response capabilities.” A specialized cybersecurity and recovery team from the Minnesota National Guard is now in the county supporting the investigation and restoration effort. There has been no confirmation as to whether this attack is related to one that the county suffered in January.
Intent redirection vulnerability in third-party SDK exposes Android wallets
Microsoft is warning of a “severe intent redirection vulnerability in a widely used third-party Android SDK called EngageSDK.” Discovered during routine research, this flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data. “With over 30 million installations of third-party crypto wallet applications alone, PII, user credentials and financial data were exposed to risk.” The security blog adds that “because Android apps frequently depend on external libraries, insecure integrations can introduce attack surfaces into otherwise secure applications.”
New Chaos variant targets misconfigured cloud deployments
Researchers at Darktrace have identified a new malware variant called Chaos, which can hit misconfigured cloud deployments, and consequently expanding beyond its traditional focus on routers and edge devices. Chaos is a “cross-platform malware capable of targeting Windows and Linux environments.” It is assessed to be an evolution of another DDoS malware known as Kaiji that has singled out misconfigured Docker instances. Darktrace added, “the recent shift in botnets such as AISURU and Chaos to include proxy services as core features demonstrates that denial-of-service is no longer the only risk these botnets pose to organizations and their security teams.”