US EditionAI-Pwned: Vercel Breach Traced to Stolen Employee Creds
- On Sunday, San Francisco-based Vercel reported that attackers compromised customer data by hopping through multiple internal systems via a third-party service, prompting the company to advise users to rotate credentials immediately.
- The compromise originated in February when a Context employee's computer was infected with Lumma Stealer malware, granting attackers access to their Google Workspace account and subsequently Vercel's environment variables.
- A threat group identifying as ShinyHunters claimed responsibility on Telegram for stolen source code and databases, though Google Threat Intelligence analyst Austin Larsen suspects the attacker is an imposter inflating notoriety.
- Vercel and Context are conducting coordinated investigations aided by CrowdStrike and Mandiant, while warning that the breach of Context's Google Workspace OAuth app potentially impacts hundreds of users across organizations.
- Researchers believe the sophisticated attackers likely utilized AI to accelerate their velocity during the breach, underscoring the inherent risks of interconnected cloud applications and overly privileged permissions within SaaS integrations.
21 Articles
21 Articles
Vercel's security breach started with malware disguised as Roblox cheats
Vercel customers are at risk of compromise after an attacker hopped through multiple internal systems to steal credentials and other sensitive data, the company said in a security bulletin Sunday. The attack, which didn’t originate at Vercel, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions. An attacker traversed third-party systems and connections left exposed by employees be…
Vercel Discloses Security Breach Linked to Compromised Third-Party AI Tool #AI - National Cyber Security Consulting
Key Takeaways: Vercel confirmed a security incident involving unauthorized access to specific internal systems via a compromised Google Workspace account. The attack originated from the compromise of Context.ai, a third-party AI tool utilized by a Vercel employee. Only non-sensitive environment variables belonging to a limited subset of customers were exposed. Vercel verified with GitHub, Microsoft, […] Thank you for subscribing to our RSS feed!…
A Vercel employee had given full access to an AI tool via OAuth to his Google Workspace account, which was used by attackers and thus reached deep into the Next.js provider's infrastructure. Vercel, the cloud company behind the popular Next.js framework, confirmed a security incident. The starting point was not Vercel itself, but a third party: the AI platform Context.ai was compromised, and via it the attackers entered the Google Workspace acco…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
