vercel
-
Vercel Finds More Customer Accounts Compromised After Security Incident
Vercel said it found additional customer accounts compromised in a security incident that exposed its internal systems, but did not say how many were affected. The company linked the breach to a compromised Context.ai account used by a Vercel employee.
-
Vercel says breach linked to third-party AI tool exposed limited customer credentials
Vercel said a breach tied to a third-party AI tool exposed access to some internal systems and affected a limited subset of customers. The company said sensitive environment variables were not known to be accessed and urged credential rotation.
-
North Korean actors publish 26 malicious npm packages that deploy credential stealer and RAT
North Korean-linked actors published 26 malicious npm packages in March 2026 that use Pastebin text steganography and Vercel hosted C2 to deliver a credential stealer and remote access trojan targeting developer systems.
-
Critical React Server Components flaw (React2shell) allows unauthenticated remote code execution; Next.js also affected
A critical deserialization flaw in React Server Components, tracked as CVE-2025-55182 and nicknamed React2shell, can allow unauthenticated remote code execution; related Next.js App Router releases are covered by CVE-2025-66478. Patches are available and vendors and security firms advise applying fixes and using WAFs or access restrictions.
