惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tenable Blog
MyScale Blog
MyScale Blog
罗磊的独立博客
Hugging Face - Blog
Hugging Face - Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
爱范儿
爱范儿
博客园 - 司徒正美
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
N
News | PayPal Newsroom
S
Secure Thoughts
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 热门话题
有赞技术团队
有赞技术团队
V
Visual Studio Blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Project Zero
Project Zero
B
Blog RSS Feed
J
Java Code Geeks
Google Online Security Blog
Google Online Security Blog
Last Week in AI
Last Week in AI
Cyberwarzone
Cyberwarzone
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
小众软件
小众软件
博客园 - 【当耐特】
Latest news
Latest news
T
Threat Research - Cisco Blogs
aimingoo的专栏
aimingoo的专栏
博客园_首页
博客园 - 三生石上(FineUI控件)
Engineering at Meta
Engineering at Meta
D
Docker
Forbes - Security
Forbes - Security
Help Net Security
Help Net Security
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
V2EX - 技术
V2EX - 技术
N
Netflix TechBlog - Medium
The Last Watchdog
The Last Watchdog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Threatpost
Cloudbric
Cloudbric
T
The Exploit Database - CXSecurity.com
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 叶小钗
Webroot Blog
Webroot Blog

MEDIANAMA

India in talks with US, Anthropic for Mythos access; no Indian firms in Project Glasswing yet Including OTTs in TRAI’s spam protection draft rules a ‘regulatory overreach’: IAMAI Eternal Q4FY26: All Users Pay Higher Platform Fee, Only Some Get Discounts Amazon, Meta to challenge PhonePe-Google Pay dominance as UPI cap delayed since 2020 Meta failed to protect the safety of under-13s: European Commission If markets and regulators are ready for network slicing, we are ready: JIO Why defining ‘news’ won’t fix the free speech problems of draft IT Rules? #NAMA Eternal Q4FY26: Goyal Dismisses AI Disruption Risk as Zomato Quietly Builds Agentic Commerce Infrastructure Karnataka files appeal challenging the bike taxi ban lift in the Supreme Court How did WhatsApp turn 17 govt. flags into 9,400 digital arrest scam bans? Google Wallet integrates Aadhaar as digital ID, expands India’s mobile identity ecosystem Kerala HC issues notice on MediaOne’s Facebook page block in India MeitY warns VPN providers against enabling access to blocked betting platforms Shreya Singhal targeted private censorship. Today’s threat is the State #NAMA Amazon scales its quick delivery service ‘Amazon Now’ in 100 cities Can MeitY issue binding rules via advisories? Experts raise alarm over draft IT Rules #NAMA How 2019 election code of ethics became India’s three-hour content takedown mandate #NAMA Australia proposes new levy on big tech to fund news, opens draft law for consultation ‘judge, jury, executioner’: experts warn of Inter-Departmental Committee (IDC) overreach under New draft IT Rules Lowdown: TRAI flags low deployment under PM-WANI in public Wi-Fi consultation paper Why the NBFC licence matters for MobiKwik China blocks Meta-Manus deal, asserts origin-country jurisdiction: what this means for India ‘No transparency’: experts warn of expanding powers to block online speech in India #NAMA X launches standalone iOS messaging app XChat with encryption in India How India’s content takedown framework was built and where It has gone wrong #NAMA Claude Mythos puts India on alert: CERT-In, telcos, banks assess unprecedented cyber risks Explained: why did the RBI cancel Paytm’s banking licence? Meta now instantly blocks content in India Govt. asks ZEE5 to halt ‘Lawrence of Punjab’ web series release Online Gaming Rules notified, to be in effect from May 1, what are the major changes? RBI mandates additional factor authentication for e-mandates No notice, no explanation, no recourse: how content creators experience censorship in India #NAMA Telangana Police invokes UAPA to demand TeluguScribe’s user data from X Lowdown: RBI releases draft PPI rules covering capital requirements, wallet limits & escrow norms MeitY tightens AI label rules, mandates continuous disclosure Watch Live: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Govt. defends 4 PM YouTube ban, cites foreign influence and ‘digital lobbying’ in Delhi HC Anthropic’s Mythos AI accessed without approval via third-party vendor route: Report YouTube expands AI likeness detection tool to celebrities amid deepfake surge ECI orders 3-hour takedown rule for AI and fake content in elections Final Call: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Announcing Speakers: Victims of Censorship | IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Apple withholds financial data as India App Store antitrust case heads to final hearing Sony rolls out age checks in Playstation in the UK, users to prove age to access chat Karnataka High Court stays blocking orders against Proton Mail J&K DMs impose sweeping 60-day social media curbs; IFF calls them “illegal, overbroad” Flipkart plans ticketing entry, food delivery pilot in May ahead of IPO ANI v OpenAI: Not Everything an LLM Does is Copyright Infringement EU’s “safe by design” age-verification app cracked in minutes, raising data security fears Molitics’ Instagram suspended days after Facebook ban Speaker Announcement: IT Rules and the Future of Online Speech in India, April 23, 2026, Delhi X has only responded to 13 out of 94 takedown notices since 2024: Centre tells Gujarat HC Jio Financial Services Q4FY26 profit declines 14% to Rs 272 crore Bombay HC cracks down on fake ‘NSE’ social media handles amid rising impersonation fraud Government drops proposal to mandate Aadhaar app on smartphones Ola’s Krutrim quietly shuts down its agentic AI assistant ‘Kruti’ Anthropic taps Peter Thiel-backed Persona for Claude ID checks, raising DPDP concerns YouTube rolls out option to turn off Shorts, expands time controls Amnesty calls for ‘immediate withdrawal’ of India’s 2026 IT Amendment Rules, cites threat to free speech and privacy Lowdown: Insurers have to comply with DPDP as IRDAI updates Cyber Security Guidelines European Commission proposes Google have to share search data with rivals under the DMA AIGEG: MeitY’s new AI governance body excludes regulators recommended by its own AI guidelines Amazon acquires Globalstar for $11.57 Billion: What it means for India European Commission rolls out privacy-focused age verification app for child safety Reading List: IT Rules and the future of online speech in India, April 23, Delhi #NAMA Digital rule, colonial echo – India’s IT Rules 2021 amendments Agenda: IT Rules and the future of online speech in India, Delhi, April 23 #NAMA Motorola gets court order to block YouTube videos critical of its phones in India Apple and Google promote ‘nudify’ apps despite policy bans, report finds National security could be used to mandate registration of online games HBO Max enters India via JioHotstar partnership Andhra Pradesh police detain stand-up comedian Anudeep Katikala over YouTube video jokes Aptoide sues Google for app store monopoly, alleges ‘anticompetitive chokehold’ HBO Pushes X to Unmask User Behind Euphoria Season 3 Spoilers Delhi HC directs DoT, MeitY to take action against Tucows for failing to take down infringing URLs in Premier League case Claude users say accounts suspended after being incorrectly flagged as minors MeitY may let users, intermediaries join content-blocking hearings Sucheta Dalal challenges Delhi Court order using ‘Right to Be Forgotten’ in Sterling Biotech case Govt launches Rs 10,000 Cr Startup India Fund of Funds 2.0 to bridge early-stage funding gap in deep tech Advisories as Law? Panelists Debate Legal Sanctity Under Draft IT Rules Amendments Independent journalists in Punjab allege censorship by ruling AAP using copyright strikes, IT act Supreme Court Issues Notice on PIL Seeking Biometric Verification of Voters Fact-check: MP Nishikant Dubey’s claim on X community notes & Australian tax is false “No scientific evidence”: 438 scientists call for pause on age-based controls until benefits and risks understood Developer partially bypasses Google’s AI watermark, undermining detection India’s deepfake rules rely on Event Announcement: IT Rules and the Future of Online Speech in India, April 23, #NAMA UK plans jail risk for tech executives over failure to remove intimate images Press bodies demand ‘unconditional withdrawal’ of draft amendment to IT Rules, warns of free speech threat Zoho revenue crosses Rs 12,000 crore in FY25, but profit slips 3% YouTube’s AI avatar tool for Shorts raises questions around India’s deepfake rules, personality rights Instagram expands safety settings on teen accounts with 13+ content ratings Digi Yatra is eyeing international travel roll-out with passport-based enrolment Meta’s new AI model Muse Spark is coming to WhatsApp. Here is what that means for Indian users Andhra Pradesh explores DigiLocker age tokens for social media curbs on children aged 13-16 Kunal Kamra tells Bombay HC police sent “thousands” of takedown notices via Sahyog portal Extra safeguard for the elderly: RBI suggests trusted person approval for high-value digital payments Delhi court orders Google to remove Sterling Biotech case links, cites ‘right to be forgotten’ RBI Proposes 1-hour delay, customer controls for digital payments as frauds surge Should only MIB-authorised apps be allowed to stream free TV on Smart TVs? TRAI Seeks Inputs OpenAI releases child safety policy framework recommendations to combat AI-enabled CSAM
Vercel confirms hack via third-party AI tool, says sensitive data safe
Rohit Singh · 2026-04-21 · via MEDIANAMA

You can access the original Vercel blog post from here.

The cloud platform Vercel has confirmed that attackers breached its internal systems, affecting a “limited subset” of customers and exposing some non-sensitive environment variables.

In its official disclosure, Vercel said it was investigating the incident with external experts and had informed law enforcement. The company maintained that its core services remain operational and that it has contacted affected users. It urged them to rotate credentials and review their environment variables.

How the breach happened: Attackers compromised Context.ai, a third-party AI tool, to gain access to Vercel. They took over an employee’s Google Workspace account using a compromised OAuth token linked to Context’s AI Office Suite.

This access allowed attackers to move further into Vercel’s systems and view environment variables that the company had not marked as “sensitive.” The company said it protected sensitive variables and found no evidence of unauthorised access.

CEO explains internal escalation: Vercel CEO Guillermo Rauch confirmed the sequence in an X post, stating: “Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments.” He added: “We do have a capability, however, to designate environment variables as non-sensitive’. Unfortunately, the attacker got further access through their enumeration.”

Rauch described the attackers as “highly sophisticated” and said the company is focusing on investigation, customer communication, and strengthening security systems.

Hackers claim stolen data, identity remains unclear: The disclosure followed a threat actor posting on a hacking forum claiming to be selling Vercel data, including access keys, source code, and database contents. The actor said they had access to “multiple employee accounts” and internal deployments.

However, the hacker claimed links to the ShinyHunters group, which later denied involvement when cybersecurity outlet BleepingComputer contacted it. The authenticity of the leaked data has not been independently verified.

Reports also indicate that the attacker shared a dataset of around 580 employee records and screenshots of internal dashboards, and claimed to be discussing ransom payments of up to $2 million, though Vercel has not confirmed any such negotiations.

Context AI acknowledges earlier breach: Context.ai said the root incident occurred earlier in its now-deprecated AI Office Suite. Attackers gained unauthorised access to its AWS environment and compromised the OAuth tokens of some users.

The company stated that one such token was used to access Vercel systems. It has since shut down the affected environment and is working with the cybersecurity firm CrowdStrike to assess the full impact. Context.ai added that its enterprise products, which run in customer-controlled environments, are not affected.

What remains unclear: Vercel has not disclosed how many users were affected by the breach and is still investigating whether attackers exfiltrated any additional data. The company has confirmed that attackers did not compromise its open-source projects, including Next.js.

The incident highlights the growing risks of supply-chain attacks, where breaching one service can open access to multiple platforms through linked accounts and integrations.

Read more: