Find notable cyber news and cases, enriched with sources, timelines, and signals.

Google Looker Studio cross-tenant SQL injection flaws SQL injection flaw

Vulnerability
First reported
Last updated
Happening score
H score 3
2 unique sources, 2 articles

Summary

Hide ▲

Researchers disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could let attackers run arbitrary SQL queries on victims' databases and exfiltrate data from Google Cloud environments. The flaw set, dubbed LeakyLooker by Tenable, affected multiple connectors including BigQuery, Spanner, PostgreSQL, MySQL, Google Sheets, and Cloud Storage. Google addressed the issues after responsible disclosure in June 2025. There is no evidence of in-the-wild exploitation.

Related Happenings

Google Dialogflow CX Code Blocks shared-runtime isolation security flaw

Vulnerability
H score32 First: 07.07.2026 19:37 Last: 07.07.2026 19:37 Sources 1

About this happening: **Google Dialogflow CX Code Blocks** had a shared-runtime isolation flaw that could let one editable agent affect other **Code Block-enabled agents** in the same **Google Cloud pr...

Google Cloud Vertex AI SDK Python predictable bucket squatting security flaw

Vulnerability
H score1 First: 16.06.2026 22:05 Last: 16.06.2026 22:05 Sources 1

About this happening: **Google Cloud Vertex AI SDK for Python** had a **predictable temporary bucket** flaw that let an attacker hijack model uploads and reach **code execution** inside Google's servin...

Google Cloud Platform API key revocation testing finds minutes-long post-deletion authentication

Technical Analysis
H score16 First: 21.05.2026 23:07 Last: 21.05.2026 23:07 Sources 1

About this happening: Testing showed **deleted Google Cloud Platform API keys** could still authenticate for **minutes after revocation**, creating a post-deletion abuse window that weakens **incident...

Google overhauls Android and Chrome bug bounty programs

Commercial Activity
H score0 First: 05.05.2026 14:24 Last: 05.05.2026 14:24 Sources 1

About this happening: **Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...

Cursor local SQLite secret-storage exposing credentials security flaw

Vulnerability
H score34 First: 29.04.2026 18:00 Last: 29.04.2026 18:00 Sources 1

About this happening: A **high-severity** **Cursor** flaw lets installed extensions read secrets stored locally, exposing **API keys** and **session tokens** without user interaction. The weakness stem...

Timeline

  1. 10.03.2026 15:20 2 articles · 4mo ago

    LeakyLooker disclosure in Google Looker Studio

    Initial Disclosure

    Cybersecurity researchers disclosed nine cross-tenant vulnerabilities in Google Looker Studio, collectively named LeakyLooker by Tenable, that could let attackers run arbitrary SQL queries against victims' databases and exfiltrate, insert, or delete data across Google Cloud / GCP tenants. Google addressed the issues after responsible disclosure in June 2025, and no evidence of in-the-wild exploitation was reported.

    Show sources