Lumma Stealer
Coverage of Lumma Stealer in the Nexus archive.
- Vercel attack fallout expands to more customers and third-party systems
Vercel confirmed a security breach impacting more customers than initially reported, with evidence of malware distribution targeting Vercel accounts and third-party systems. The attack originated from Context.ai, a third-party AI tool, and involved the theft of environment variables and API misuse. Vercel stated no software tampering was found, but downstream risks persist.
- Vercel’s security breach started with malware disguised as Roblox cheats
Vercel experienced a security breach where attackers used malware disguised as Roblox cheats to compromise an employee's device at Context.ai, leading to stolen credentials and access to Vercel environments. The attack exploited interconnected systems and overly privileged permissions, with threat group ShinyHunters claiming responsibility and attempting to sell stolen data.