1. Vercel April 2026 Security Breach: Non-Sensitive Environment Variables Exposed via Compromised OAuth App
A significant security incident at Vercel has exposed a critical vulnerability for its customers. On April 19, 2026, Vercel disclosed that attackers accessed environment variables not explicitly marked as "sensitive" through a compromised third-party OAuth application. The breach originated from a Google Workspace inte...