Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Vercel hit by network compromise

Incident
First reported
Last updated
Happening score
H score 12
3 unique sources, 4 articles

Summary

Hide ▲

Vercel disclosed unauthorized access to certain internal systems and said a limited subset of customers was affected, while services remained operational during the investigation and remediation effort. Subsequent reporting added that attackers used a compromised OAuth token tied to a Context.ai-related account path to reach some Vercel environments and expose non-sensitive environment variables. Vercel said sensitive environment variables were not known to be accessed. The company said some customer credentials were compromised and advised rotation, while working with incident response experts, Mandiant, other security firms, and law enforcement.

Related Happenings

Zara customer data leak exposing 197,400 people

Data Leak
First: 08.05.2026 13:42 Last: 08.05.2026 13:42 Sources 1

About this happening: The **Zara** customer-data leak now exposes **197,400 people**, creating privacy and phishing risk across multiple markets. The exposed records include **unique email addresses**,...

Open Happening

Finnish arrest and U.S. charges in Bouquet Scattered Spider case

Law Enforcement
First: 28.04.2026 18:39 Last: 28.04.2026 18:39 Sources 1

About this happening: **Finnish law enforcement** arrested **Bouquet**, and **U.S. federal prosecutors** later charged him in a cross-border **Scattered Spider** cybercrime case. The charges include **...

Open Happening

Lumma Stealer infection of a Context.ai employee

Malware Activity
First: 23.04.2026 11:40 Last: 23.04.2026 11:40 Sources 1

How related: Further investigation by Hudson Rock has revealed that one of Context.ai employees was infected with Lumma Stealer in February 2026 after searching for Roblox auto-farm scripts and game exploit executors, indicating that this event may have been the "patient zero" that triggered the whole chain of malicious actions.

About this happening: A **Context.ai** employee was infected with **Lumma Stealer** in **February 2026**, giving attackers a likely foothold that may have seeded the wider compromise chain affecting **...

Open Happening

Vercel customer environment variables compromise

Data Leak
First: 21.04.2026 12:10 Last: 21.04.2026 12:10 Sources 1

How related: “The attacker used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as sensitive,” it added.

About this happening: **Vercel** confirmed that a **limited subset of customers** had **non-sensitive environment variables** compromised after an attacker abused access tied to an employee account. Th...

Open Happening

W3LL Microsoft 365 adversary-in-the-middle phishing campaign

Campaign
First: 13.04.2026 21:55 Last: 13.04.2026 21:55 Sources 1

About this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...

Open Happening

Timeline

  1. 21.04.2026 00:01 2 articles · 1mo ago

    Vercel discloses OAuth-linked compromise and customer credential impact

    Initial Disclosure

    Vercel disclosed that attackers used a compromised OAuth token tied to a Vercel employee's Google Workspace account and access to Context.ai to reach some Vercel environments and environment variables that were not marked as sensitive, and the company said a limited subset of customers had Vercel credentials compromised and were told to rotate them. Vercel said sensitive environment variables were not known to be accessed and that it was working with Mandiant, other security firms, Context.ai, and law enforcement while keeping services operational; Context separately said it had identified and stopped an AWS breach last month and later learned the actor likely also compromised OAuth tokens for some consumer users.

    Show sources
    Open in new tab
  2. 19.04.2026 20:32 2 articles · 1mo ago

    Vercel discloses unauthorized access to internal systems

    Initial Disclosure

    Vercel disclosed unauthorized access to certain internal Vercel systems and said a limited subset of customers was affected while services were not impacted. The company said it is actively investigating, has engaged incident response experts to investigate and remediate, notified law enforcement, and is advising customers to review environment variables, use its sensitive environment variable feature, and rotate secrets if needed.

    Show sources
    Open in new tab