Skills
Vercel OAuth Supply Chain Breach: Lumma Infostealer → Context.ai → Employee Account → Unencrypted Environment Variables Exposed Across Customer Teams
Vercel disclosed a breach on April 19 originating from Lumma infostealer malware that compromised a Context.ai employee in February, which cascaded into a Vercel employee's Google Workspace and then Vercel internal systems. Attackers enumerated environment variables not marked 'sensitive' — API keys, GitHub tokens, and NPM tokens stored unencrypted at rest. Trend Micro analysis confirms this fits a broader March-April 2026 convergence pattern targeting developer-stored credentials across CI/CD and deployment platforms.
Source
↳ Follow the thread