Blog

Executive Summary Infrastructure provider Vercel disclosed a significant security incident, stemming from a compromise of the third-party AI tool Context[.]ai. A highly sophisticated threat actor leveraged a hijacked OAuth token from a Vercel employee to gain unauthorized access to internal environments and non-sensitive environment variables. ShinyHunters has claimed responsibility for the breach, allegedly offering the exfiltrated data for sale…

For years, fraud has been a payments problem. Detect it at checkout. Measure success in chargebacks avoided. Build controls around transactions. That model made sense when fraud itself was transactional – and reactive. That era is over. Modern fraud operations are not waiting for a payment event. They are active earlier in the customer journey,…

Executive Summary On 3 April 2026, a disgruntled security researcher publicly released a working proof-of-concept for an unpatched Windows local privilege escalation (LPE) vulnerability named BlueHammer. The flaw combines a time-of-check to time-of-use (TOCTOU) race condition and path-confusion issue in Windows Defender’s signature-update mechanism. It allows a low-privileged local user to access the SAM database,…

Executive Summary On 7 April 2026, reports emerged in open source that multiple companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. While numerous cloud storage and SaaS vendors were targeted using the stolen tokens, the majority of the data theft attacks targeted the cloud-based data warehouse platform Snowflake….

Executive Summary According to a released report by StepSecurity, on 30 March 2026, an unnamed threat actor compromised a npm account associated with the Axios library and published malicious package versions, impacting developers and organizations relying on the dependency. The threat actor introduced backdoored versions of 1.14.1 and 0.30.4 that included a hidden malicious component designed…