IT-Online

ShinyHunters claims Next.js security breach

Vercel, the company that provides Next.js, confirms it has suffered a security breach involving unauthorised access to internal systems via a compromised third-party AI tool. The attack was claimed by ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
Tom's Hardware on MSN

AI cloud company Vercel breached after employee grants AI unrestricted access to Google Workspace

The breach exposed non-sensitive environment variables, and a threat actor operating under the ShinyHunters name has claimed ...
Cybernews

Vercel hacked after fatal OAuth misstep: granting “Allow All” permissions

Vercel has been hacked and had some customer credentials compromised after an employee's single OAuth token, which had been ...
Infosecurity Magazine

Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool

Next.js developer Vercel has confirmed a cyber-incident conducted by a “highly sophisticated” attacker which may have ...