TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

A developer's startup faces an $82,314 bill after a stolen Google Cloud API key was used to rack up unauthorized Gemini API charges in just 48 hours. The incident highlights a systemic security flaw: Google API keys starting with 'AIza' were historically designed as public project identifiers for Maps and Firebase, but when Gemini was added to the platform, those same public keys silently gained authentication capabilities. Truffle Security researchers found 2,863 live exposed Google API keys that now grant Gemini access. Google initially dismissed the vulnerability report as 'intended behavior' before reclassifying it as a bug. A fix is still in progress. Developers can use TruffleHog to scan for exposed keys in their codebases and CI/CD pipelines.

Dev stunned by $82K Gemini API key bill after theft