U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Artificial Intelligence

Third-party AI hack triggers Vercel breach, internal environments accessed

Vercel suffered a breach after a hacked Context.ai tool exposed an employee account, letting attackers access limited internal systems and non-sensitive data. Vercel reported a security breach caused by the compromise of a third-party AI tool, Context.ai, used by one of its employees. The attacker took over the employee’s Google Workspace account and used it […]

Vercel

Vercel suffered a breach after a hacked Context.ai tool exposed an employee account, letting attackers access limited internal systems and non-sensitive data.

Vercel reported a security breach caused by the compromise of a third-party AI tool, Context.ai, used by one of its employees. The attacker took over the employee’s Google Workspace account and used it to access parts of Vercel’s internal systems. This included some environments and non-sensitive variables, exposing a limited amount of customer-related data.

“The incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee. The attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as “sensitive.” reads the notice of security incident published by the company. “Environment variables marked as “sensitive” in Vercel are stored in a manner that prevents them from being read, and we currently do not have evidence that those values were accessed.””

Vercel is a cloud platform that helps developers build, deploy, and run modern web applications, especially front-end sites. It’s best known for supporting frameworks like Next.js, allowing teams to quickly publish websites and apps without managing servers directly. Vercel handles things like hosting, scaling, performance optimization, and global content delivery automatically.

According to the notice, the attacker showed a high level of skill, moving quickly and demonstrating deep knowledge of its systems. The company is working with cybersecurity firm Mandiant and other security partners to investigate the incident and has notified law enforcement. Vercel is also coordinating with Context.ai to determine the full extent of the breach.

Vercel urges users to check account activity logs for suspicious actions, rotate any exposed secrets like API keys or tokens, and review recent deployments. It also recommends enabling stronger protections, such as marking sensitive environment variables and updating security tokens.

The investigation found the breach started from a compromised third-party AI tool linked to Google Workspace, potentially impacting many organizations. Vercel shared

The notice urges Google Workspace admins and users to check for the following suspicious OAuth app ID linked to the breach and remove it if found:

110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, security breach)