Vercel Confirms Data Breach

Vercel Confirms Data Breach — Hackers Claim Access to Internal Systems

Vercel has disclosed a significant security incident after threat actors gained unauthorized access to internal systems, with a hacker group reportedly attempting to sell stolen data for $2 million on underground forums.

Vercel, one of the most widely used frontend cloud platforms powering millions of developer deployments, confirmed the breach in an official security bulletin published on April 18–19, 2026.

The company stated it is actively investigating the incident with the help of cybersecurity firm Mandiant and has notified law enforcement authorities.

The intrusion traces back to a compromise of Context.ai, a third-party AI tool used by a Vercel employee. Attackers leveraged a malicious or compromised Google Workspace OAuth app associated with Context.ai to hijack the employee’s Google Workspace account.

Once inside, the threat actors pivoted to access select Vercel environments and read non-sensitive environment variables from a limited number of customer configurations.

by Cyber Security News

Hacker Jeffrey Epstein claims 400K records stolen from Bol

A hacker who goes by the name “Jeffrey Epstein” claims to have exfiltrated an enormous dataset containing the personal information of more than 400,000 Belgian bol customers.

According to the attacker, the dataset includes full names, full address details, email addresses, phone numbers, dates of birth, order history, shipping data, tracking numbers, and payment data.

Reportedly, no passwords or financial information has been stolen.

To prove that the dataset is legit, the threat actor has uploaded a sample for users to download. Anyone interested is asked to make contact via Telegram or Session.

“The price is negotiable,” the message on the dark web says.

Bol says it’s unfamiliar with any data breach.

“We take this report seriously, but we currently have no evidence of a hack or attack. All systems are operating normally, so there is no ransomware involved,” a spokesperson told Dutch news outlet Tweakers.net.

British hacker tied to Scattered Spider campaign pleads guilty in $8M scheme

A British hacker pleaded guilty Friday in U.S. federal court to participating in a sweeping cybercrime campaign that siphoned at least $8 million in cryptocurrency from companies and individuals, federal prosecutors said.

Tyler Robert Buchanan, 24, of Dundee, Scotland, admitted to one count of conspiracy to commit wire fraud and one count of aggravated identity theft, according to the Department of Justice.

He previously was described as the suspected ringleader of a hacking collective tracked as “Scattered Spider” and was arrested at Palma Airport in Spain in June 2024 as he prepared to board a flight to Italy.

Scattered Spider poses a unique challenge for law enforcement because it is structured more as a loose collective than a traditional cybercrime organization. Unlike other financially motivated groups based in Russia, its members are often native English speakers, which enhances their ability to carry out social engineering attacks.

How Cybercrime Became a Leading Industry in ‘Scambodia’

A gold-hued skyscraper is rising above the traffic-clogged streets of the capital city on the Mekong River.

The building is already Cambodia’s tallest structure—and a monument to the spoils generated by transnational cybergangs that have stolen billions of dollars from unsuspecting Americans and others worldwide.

The skyscraper is being built by a company under sanctions by the U.S. Treasury Department for its alleged connection to one of hundreds of scam operations that have cropped up across Cambodia. Scam compounds, some the size of small towns, have housed enslaved workers doing the grunt work of online scams, posing as love interests, investors or police.

How a Buyer’s AI Conversations Sank Its Earnout Avoidance Strategy

On March 16, 2026, the Delaware Court of Chancery issued a significant post-trial opinion in Fortis Advisors, LLC v. Krafton, Inc.[1] The case arose from Krafton, Inc.’s (the “Buyer”) acquisition of Unknown Worlds Entertainment (the “Target”), and the Buyer’s subsequent attempt to engineer its way out of a $250 million earnout obligation.

…

Perhaps most remarkably, the court quoted at length from responses generated by a popular AI platform in response to queries made by the Buyer’s CEO about how to take control of the Target’s operations.

The decision carries important implications for acquirers, sellers, and their counsel in M&A transactions, particularly with respect to the evidentiary risks of using AI tools for legal advice and strategy, for-cause termination rights, the negotiation and enforcement of earnout provisions, and the significance of specific performance provisions in M&A agreements.

WEF urges intelligence sharing as port cyber threats outpace siloed defences

New analysis published by the World Economic Forum (WEF) argues that as ports become increasingly digitized and interconnected, their exposure to cyber risk is no longer confined to individual operators but extends across maritime ecosystems.

The article highlights how traditional, siloed security approaches are proving inadequate against threats that move laterally across supply chains, prompting a shift toward ‘collective cyber defence’ models in which port authorities, logistics firms, and government actors share intelligence, coordinate responses, and jointly manage risk.

“Automated terminals, smart infrastructure and real-time data platforms are transforming not only how goods move through ports but also how the wider industrial ecosystem coordinates operations, manages energy and uses shared infrastructure, making ports more efficient and interconnected,” Marijn van Schoote, FERM managing director / former CISO PoR at the Port of Rotterdam; Irene Varoli, lead for Transitioning Industrial Clusters at the WEF, and Chiara Barbeschi, specialist for cyber resilience at the WEF, wrote in a post last week.