← Back to Security Blog
Security Briefing 8 min read

Google API Keys Leak Gemini AI Data — Juniper PTX Router Takeover — ManoMano 38M Breach

A configuration change at Google has turned previously harmless API keys into a critical data exposure risk for Gemini AI users. Juniper Networks discloses a full router takeover vulnerability in PTX routers. European DIY retailer ManoMano suffers 38 million customer breach. Plus: Trend Micro critical RCE patches, ransomware payments hit record lows, and typosquatted NuGet packages targeting the financial sector.


Critical: Google API Keys Now Expose Gemini AI Private Data

Previously Safe Keys Are Now a Security Risk

Google API keys for services like Google Maps that were previously considered low-risk when embedded in client-side code can now be used to authenticate to the Gemini AI assistant and access private user data. This is a breaking change in Google's API authentication model that affects thousands of web applications.

What Changed

For years, developers have embedded Google Maps API keys in publicly accessible JavaScript code without major security concerns — Maps API keys were scoped to specific services and posed minimal risk even when exposed.

Google's recent integration of Gemini AI capabilities has changed the threat model. The same API keys can now be used to query Gemini and potentially access:

This represents a massive privilege escalation for exposed API keys. What was once a cosmetic issue (someone using your Maps quota) is now a data breach waiting to happen.

Who Is Affected

Immediate Actions

  1. Audit all exposed API keys — Check client-side code, mobile apps, public repos
  2. Rotate exposed keys immediately — Assume compromise if keys are public
  3. Implement API key restrictions — Use HTTP referrer restrictions, IP allowlists, and API scoping
  4. Separate keys by service — Never use the same API key for Maps and Gemini
  5. Monitor for unauthorized access — Review Gemini access logs for anomalies

Juniper Networks PTX: Critical Router Takeover Vulnerability

Juniper Networks has disclosed a critical vulnerability in Junos OS Evolved running on PTX Series routers that allows an unauthenticated attacker to execute code remotely with root privileges.

Full Router Takeover — No Authentication Required

The flaw allows attackers to gain complete control of PTX routers, potentially enabling network interception, traffic manipulation, and lateral movement into connected infrastructure.

Why This Matters

PTX Series routers are high-performance core routers used by telecommunications providers, ISPs, and large enterprises. A compromised PTX router can:

This is a nation-state-grade vulnerability if exploited in telecom environments.

Mitigation


ManoMano Data Breach: 38 Million Customers Exposed

European DIY and home improvement retailer ManoMano is notifying customers of a data breach affecting 38 million users across Europe. The breach was caused by attackers compromising a third-party service provider.

Exposed Data

NIS2 Implication: ManoMano operates across the EU and likely falls under NIS2 scope as a major e-commerce platform. This breach will test the new incident reporting requirements — companies must report significant incidents within 24 hours under NIS2.

Third-Party Risk

This breach underscores the supply chain attack surface that NIS2 specifically targets. Organizations are responsible for their vendors' security posture, and third-party compromises now carry regulatory consequences.


Trend Micro Apex One: Two Critical RCE Vulnerabilities

Trend Micro has patched two critical vulnerabilities in Apex One enterprise endpoint security software that allow attackers to gain remote code execution on vulnerable Windows systems.

The Irony

Apex One is an endpoint protection platform — the software meant to prevent RCE attacks is itself vulnerable to RCE. Attackers targeting Apex One deployments can:

If your security stack is the weakest link, you have a serious architecture problem.

Priority Patching

Trend Micro releases are available. This should be P0 patching priority — your endpoint protection layer is critical infrastructure.


Ransomware Payments Drop to Record Low: 28%

Despite a surge in ransomware attacks, the percentage of victims paying ransom has dropped to 28% in 2025 — an all-time low according to multiple threat intelligence reports.

Why Victims Aren't Paying

What This Means

Ransomware groups are adapting. We're seeing:

The decline in payments is good news for defenders, but it's driving threat actors to evolve their tactics.


Supply Chain Corner: Malicious StripeApi NuGet Package

Researchers discovered a malicious NuGet package named StripeApi.Net impersonating Stripe's official Stripe.net library (which has over 75 million downloads).

The Attack

The package has since been removed, but affected applications may have leaked payment processing credentials.

Why This Is Dangerous

Stripe API keys allow attackers to:

Developer teams: Audit your packages.config and .csproj files for StripeApi.Net. If found, rotate all Stripe API keys immediately.


Olympique Marseille Confirms Cyberattack

French professional football club Olympique de Marseille has confirmed a cyberattack after threat actors claimed on Monday to have breached the club's systems earlier this month and leaked internal data.

Sports organizations are increasingly targeted for:


Today's Priority Actions

  1. Google API Keys — Audit and rotate any exposed keys, especially if Gemini is enabled
  2. Juniper PTX Routers — Emergency patching for critical RCE vulnerability
  3. Trend Micro Apex One — Patch endpoint protection software immediately
  4. ManoMano Breach — If you're a customer or share infrastructure, monitor for credential stuffing
  5. NuGet Supply Chain — Check for malicious StripeApi.Net package, rotate Stripe keys if found
  6. NIS2 Readiness — Review third-party vendor security posture and incident reporting procedures

How Kensai Protects You

API Key Exposure Detection — Scan repos and codebases for hardcoded credentials

Supply Chain Monitoring — Track malicious packages across NuGet, npm, PyPI, and Maven

Critical CVE Alerting — Get notified when vendors like Juniper or Trend Micro release emergency patches

NIS2 Compliance — German-language incident reports and automated vulnerability documentation

Scan Your Infrastructure in 60 Seconds

332,000+ CVEs indexed. AI-generated patches. GitHub PR automation.

Start Free Trial

Stay secure. Stay vigilant.

🗡️ KENSAI Security Team

🛡️ Is your website secure?

Discover vulnerabilities before attackers do.

Scan your website for free →