api-key-exposure

Blog All categories All authors All tags
Preview image for a blog post

Gravity SMTP Plugin Zero-Day: Unauthenticated Attackers Expose WordPress API Keys (CVE-2026-4020)

Threat actors exploit Gravity SMTP WordPress plugin (CVE-2026-4020) to extract API keys, secrets, and OAuth tokens from 100,000 sites.
Preview image for a blog post

Critical Exposure: Thousands of Public Google Cloud API Keys Grant Unauthorized Gemini Access

Thousands of Google Cloud API keys exposed, enabling unauthorized Gemini access and private data compromise, per Truffle Security.