Technology

AI cloud company Vercel breached after employee grants AI tool unrestricted access to Google Workspace — hacker seeking $2 million for stolen data

Source

Tom's Hardware

Published

Apr 20, 2026

TL;DR

AI Generated

Vercel, a cloud platform linked to Next.js, faced a security breach when a hacker exploited a third-party AI tool to access a Vercel employee's Google Workspace account. The breach exposed non-sensitive data, and the hacker, known as ShinyHunters, is demanding $2 million for the stolen information. Vercel is working with Mandiant, law enforcement, and affected customers to address the breach. The attacker's initial access stemmed from a compromised Context.ai tool, which had its own security issues traced back to an employee infected with malware. Vercel is advising customers to review and secure their environment variables and has introduced new security features following the incident.

Read Full Article

Microsoft just killed Edge’s Collections and Sidebar for more Copilot, after years of pushing both features

Microsoft has discontinued Edge's Collections and Sidebar features with the release of Edge 149 on June 4, 2026. Collections allowed users to organize web content, while Sidebar provided quick access to mini web apps. Users are advised to export their data before upgrading to Edge 149 to avoid losing their collections. The removal of these features is part of Microsoft's shift towards focusing on the Copilot feature and AI integration in Edge.

Windows Latest•

1 week ago

How a USB-connected speaker can infect a PC without ever being touched

A researcher discovered a vulnerability in the Sound Blaster Katana V2X speaker that allows a Bluetooth device to connect to a PC via USB without authentication or pairing. The Creative Transport Protocol (CTP) used by the speaker enables commands like changing LED colors and equalizer settings, as well as uploading new firmware without security measures. This flaw could potentially lead to remote code execution on the targeted device, highlighting a security risk in USB-connected speakers.

Ars Technica•

1 week ago

Microsoft just quietly retracted its Windows Defender is enough antivirus claim, you might still need a third-party

Microsoft recently retracted its claim that Windows Defender provides sufficient antivirus protection for most users, prompting the deletion of a blog post that stated Windows Security was enough for Windows 11 users. The blog post highlighted the built-in protection features of Windows Defender but was unexpectedly removed without explanation. Third-party testing consistently ranked Microsoft Defender among the top antivirus products, but concerns were raised about its offline protection capabilities and ecosystem limitations. Microsoft's decision to delete the blog post has sparked discussions about the evolving landscape of cybersecurity and the role of third-party antivirus software in different environments.

Windows Latest•

1 week ago

NSA using Claude Mythos for 'offensive cyber operations,' report claims — says 'half-a-dozen' Anthropic engineers embedded inside the agency

The National Security Agency (NSA) is reportedly utilizing Anthropic's cybersecurity-focused Mythos model for "offensive cyber operations," with several Anthropic engineers embedded within the agency. This move aims to gain an advantage over adversaries who may also be using similar AI models. Despite Anthropic being banned from providing services to the Department of Defense (DOD), the engineers are assisting in customizing Mythos for specialized cyber-attacks. The situation stems from a dispute between Anthropic and the DOD over the use of AI for various purposes, leading to Anthropic being labeled a supply chain risk. The ongoing legal battle between Anthropic and the DOD adds complexity to the situation, raising questions about the future of their relationship.

Tom's Hardware•

1 week ago

Microsoft just killed Edge’s Collections and Sidebar for more Copilot, after years of pushing both features

Windows Latest•

1 week ago

How a USB-connected speaker can infect a PC without ever being touched

Ars Technica•

1 week ago

Microsoft just quietly retracted its Windows Defender is enough antivirus claim, you might still need a third-party

Windows Latest•

1 week ago

NSA using Claude Mythos for 'offensive cyber operations,' report claims — says 'half-a-dozen' Anthropic engineers embedded inside the agency

Tom's Hardware•

1 week ago

AI cloud company Vercel breached after employee grants AI tool unrestricted access to Google Workspace — hacker seeking $2 million for stolen data

TL;DR

Similar Articles

Microsoft just killed Edge’s Collections and Sidebar for more Copilot, after years of pushing both features

How a USB-connected speaker can infect a PC without ever being touched

Microsoft just quietly retracted its Windows Defender is enough antivirus claim, you might still need a third-party

NSA using Claude Mythos for 'offensive cyber operations,' report claims — says 'half-a-dozen' Anthropic engineers embedded inside the agency

We use cookies

AI cloud company Vercel breached after employee grants AI tool unrestricted access to Google Workspace — hacker seeking $2 million for stolen data

TL;DR

Similar Articles

Microsoft just killed Edge’s Collections and Sidebar for more Copilot, after years of pushing both features

How a USB-connected speaker can infect a PC without ever being touched

Microsoft just quietly retracted its Windows Defender is enough antivirus claim, you might still need a third-party

NSA using Claude Mythos for 'offensive cyber operations,' report claims — says 'half-a-dozen' Anthropic engineers embedded inside the agency