:

VERCEL CONFIRMS SECOND DATA BREACH FROM EARLIER COMPROMISE

SECURITY DESK1 MIN READ
THU, APR 23, 2026

■ AI-SUMMARIZED FROM 2 SOURCES ▸ TIMELINE

Vercel discovered evidence of a separate customer data theft occurring before its publicly disclosed April breach. The hosting platform uncovered the additional compromise while investigating the initial incident.

The app and website hosting company expanded its investigation into the April breach and found proof of an earlier unauthorized access to customer accounts. Vercel has not disclosed specific details about what data was stolen, the number of affected customers, or the timeline of the prior compromise. This marks the second confirmed incident involving Vercel customer accounts in recent weeks. The company did not immediately clarify whether the two breaches share a common cause or if they resulted from separate vulnerabilities. Vercel has notified affected customers and recommended security measures. The company is conducting a broader review of its systems to identify any additional unauthorized access. Customers are advised to review their account activity and change credentials if necessary. The incidents highlight ongoing security challenges in the cloud hosting sector, where breaches can expose sensitive infrastructure and application data belonging to thousands of businesses relying on these platforms.

■ SOURCES

TechCrunchTechmeme

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

A new browser fingerprinting vector has emerged in Chromium 148, where the Math.tanh function produces different results across operating systems. This discrepancy can be exploited to identify a user's underlying OS without explicit permission.

3H AGOIndustry Desk

Kaseya is hosting a webinar on strengthening MSP resilience through SaaS backups and business continuity strategies. The session focuses on how recovery capabilities prove critical when security defenses are breached.

9H AGOSecurity Desk

A new variant of RedHook Android malware abuses Wireless ADB (Android Wireless Debugging) to gain shell-level privileges without requiring a computer connection. This represents a significant escalation in the malware's capabilities.

10H AGOSecurity Desk

Fraudsters are creating convincing counterfeit news articles impersonating major publishers like the Guardian to direct social media users to bogus investment sites. The fake stories feature fabricated celebrity endorsements and financial narratives designed to establish credibility.

15H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.