IT-Online

ShinyHunters claims Next.js security breach

Vercel, the company that provides Next.js, confirms it has suffered a security breach involving unauthorised access to internal systems via a compromised third-party AI tool. The attack was claimed by ...
Cybernews

Vercel hacked after fatal OAuth misstep: granting “Allow All” permissions

Vercel has been hacked and had some customer credentials compromised after an employee's single OAuth token, which had been ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
Infosecurity Magazine

Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool

Next.js developer Vercel has confirmed a cyber-incident conducted by a “highly sophisticated” attacker which may have ...
Tom's Hardware on MSN

AI cloud company Vercel breached after employee grants AI unrestricted access to Google Workspace

The breach exposed non-sensitive environment variables, and a threat actor operating under the ShinyHunters name has claimed ...
The Hacker News

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Context.ai breach enabled Google Workspace takeover at Vercel, exposing limited customer credentials and prompting $2M data ...