Vercel disclosed a security incident on April 19 involving unauthorized access to internal systems and customer credential compromise, traced to Context.ai's earlier March AWS breach. Context.ai's AI Office suite users had OAuth tokens exfiltrated, which attackers leveraged to access Vercel's Google Workspace after a Vercel employee granted broad permissions. Both companies have deployed protective measures; Vercel recommends immediate credential rotation for affected customers.
Safety
Next.js developer Vercel warns of customer credential compromise
Context.ai's March OAuth token theft gave attackers a backdoor into Vercel's Google Workspace, exposing customer credentials due to overly broad permission grants.
Monday, April 20, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
safety
/// RELATED
Safety1d ago
TRE Python binding — ReDoS robustness demo
TRE's backtracking-free regex engine makes it immune to ReDoS attacks, offering a secure drop-in replacement for Python's vulnerable standard library pattern matching.
Products5d ago
Rethinking SQL ETL for modern data platforms
Databricks consolidates fragmented SQL ETL tools into a unified serverless platform with built-in observability and AI optimization, betting consolidation reduces operational complexity better than point solutions.