Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

Modern apps make building easier than ever, but without strong security practices, one small mistake can expose your entire ...

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...

Vercel confirms breach via third-party tool, exposing limited non-sensitive data; urges users to rotate credentials promptly.

Vercel, the company that provides Next.js, confirms it has suffered a security breach involving unauthorised access to internal systems via a compromised third-party AI tool. The attack was claimed by ...

Next.js developer Vercel has confirmed a cyber-incident conducted by a “highly sophisticated” attacker which may have ...

Vercel data breach exposes SA developer community By Admire Moyo, ITWeb news editorJohannesburg, 21 Apr 2026Vercel is used in SA and operates a data centre in Cape Town, as part of its Edge Network.

The compromised account gave the threat actor access to some customers’ environment variables. In Vercel deployments, an ...

Cloud platform provider Vercel said an attacker breached its systems and stole customer data after compromising a third-party ...

The breach exposed non-sensitive environment variables, and a threat actor operating under the ShinyHunters name has claimed ...

Vercel confirmed on April 19, 2026, that an attacker has breach internal environments through a compromised employee Google ...