1. Vercel Breach Exposes Critical OAuth Blind Spot: AI Tool, Infostealer, and Unreviewed Grant Opened Production Access
A single employee's adoption of an AI tool, combined with a malware infection at the tool's vendor, created a direct, undetected pathway into Vercel's core production systems. The breach, confirmed by the cloud platform behind Next.js, originated not from a sophisticated zero-day but from an OAuth grant that had never ...