Google Looker Studio cross-tenant SQL injection flaws SQL injection flaw
Vulnerability
Summary
Hide ▲
Show ▼
Researchers disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could let attackers run arbitrary SQL queries on victims' databases and exfiltrate data from Google Cloud environments. The flaw set, dubbed LeakyLooker by Tenable, affected multiple connectors including BigQuery, Spanner, PostgreSQL, MySQL, Google Sheets, and Cloud Storage. Google addressed the issues after responsible disclosure in June 2025. There is no evidence of in-the-wild exploitation.
Related Happenings
Google Cloud Platform API key revocation testing finds minutes-long post-deletion authentication
Technical Analysis
First: 21.05.2026 23:07
Last: 21.05.2026 23:07
Sources 1
About this happening:
Testing showed **deleted Google Cloud Platform API keys** could still authenticate for **minutes after revocation**, creating a post-deletion abuse window that weakens **incident...
Google Cloud Platform API key revocation testing finds minutes-long post-deletion authentication
Technical AnalysisAbout this happening: Testing showed **deleted Google Cloud Platform API keys** could still authenticate for **minutes after revocation**, creating a post-deletion abuse window that weakens **incident...
Google overhauls Android and Chrome bug bounty programs
Commercial Activity
First: 05.05.2026 14:24
Last: 05.05.2026 14:24
Sources 1
About this happening:
**Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...
Google overhauls Android and Chrome bug bounty programs
Commercial ActivityAbout this happening: **Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...
Cursor local SQLite secret-storage exposing credentials security flaw
Vulnerability
First: 29.04.2026 18:00
Last: 29.04.2026 18:00
Sources 1
About this happening:
A **high-severity** **Cursor** flaw lets installed extensions read secrets stored locally, exposing **API keys** and **session tokens** without user interaction. The weakness stem...
Cursor local SQLite secret-storage exposing credentials security flaw
VulnerabilityAbout this happening: A **high-severity** **Cursor** flaw lets installed extensions read secrets stored locally, exposing **API keys** and **session tokens** without user interaction. The weakness stem...
Google Antigravity critical prompt-injection RCE flaw
Vulnerability
First: 21.04.2026 13:52
Last: 21.04.2026 13:52
Sources 1
About this happening:
**Google** fixed a critical **Antigravity** flaw that let a **prompt injection** bypass **Secure Mode** and escalate to **sandbox escape** and **remote code execution (RCE)**. The...
Google Antigravity critical prompt-injection RCE flaw
VulnerabilityAbout this happening: **Google** fixed a critical **Antigravity** flaw that let a **prompt injection** bypass **Secure Mode** and escalate to **sandbox escape** and **remote code execution (RCE)**. The...
Nvidia GPU GPUBreach Rowhammer-style page-table corruption privilege-escalation flaw
Vulnerability
First: 07.04.2026 14:31
Last: 07.04.2026 14:31
Sources 1
About this happening:
Researchers demonstrated **GPUBreach**, a **Rowhammer-style weakness** in **Nvidia GPUs** that can corrupt **GPU page tables** and enable **arbitrary read-write access**. When pai...
Nvidia GPU GPUBreach Rowhammer-style page-table corruption privilege-escalation flaw
VulnerabilityAbout this happening: Researchers demonstrated **GPUBreach**, a **Rowhammer-style weakness** in **Nvidia GPUs** that can corrupt **GPU page tables** and enable **arbitrary read-write access**. When pai...
Timeline
-
10.03.2026 15:20 2 articles · 2mo ago
LeakyLooker disclosure in Google Looker Studio
Initial DisclosureCybersecurity researchers disclosed nine cross-tenant vulnerabilities in Google Looker Studio, collectively named LeakyLooker by Tenable, that could let attackers run arbitrary SQL queries against victims' databases and exfiltrate, insert, or delete data across Google Cloud / GCP tenants. Google addressed the issues after responsible disclosure in June 2025, and no evidence of in-the-wild exploitation was reported.
Show sources
- New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries — thehackernews.com — 10.03.2026 15:20
- Researchers Uncover ‘LeakyLooker’ Vulnerabilities in Google Looker Studio — www.infosecurity-magazine.com — 11.03.2026 18:00