A wild news recently, Vercel, the company behind Next.js, and web app hosting company breached, and customer data were stolen, and put on sell in the dark web.
The thing that interest me, of how human and AI could have so much damage, and open huge huge attack surface, in this story, vercel is just one story, Context.ai is the other story with employee using its company’s computer to play roblox, and download roblox cheat.
If not that bad, read this one:
April 19. Guillermo Rauch posts the thread confirming everything. Environment variables not marked as “sensitive” were stored in plaintext. Accessed. Exfiltrated. A threat actor using the ShinyHunters name is now asking $2 million for the stolen data, though the actual ShinyHunters group says they’re not involved.
… a platform hosting millions of applications, was storing environment variables in plaintext unless you manually clicked a “sensitive” checkbox.
Mindblown.
Read more about this news:
- https://www.theregister.com/2026/04/20/vercel_context_ai_security_incident/
- https://cybernews.com/security/vercel-hacked-after-oauth-compromise/
- https://devops-daily.com/posts/vercel-april-2026-security-incident
- https://www.bleepingcomputer.com/news/security/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/