Vercel disclosed that attackers accessed internal systems in a security incident. The company is investigating the scope and impact of the breach.
Vercel, the platform behind Next.js and a host of web hosting services, confirmed a breach affecting its internal systems. The company discovered unauthorized access and initiated an investigation to determine what data or systems were compromised.
In a statement, Vercel said it is working to understand the full extent of the incident. The company has notified relevant parties and is cooperating with law enforcement and security researchers.
Vercel hosts applications for thousands of developers and enterprises. The breach raises questions about what customer data or infrastructure may have been affected, though the company has not detailed specific systems or data types compromised at this time.
The platform provides deployment, hosting, and edge computing services. It serves as the infrastructure backbone for many production applications, making the security of its internal systems critical.
Vercel has not disclosed how the attackers gained access or whether customer applications or data were impacted. The company is expected to provide updates as the investigation progresses.
This incident comes amid heightened scrutiny of software infrastructure providers following previous breaches at other major platforms. Companies relying on Vercel for deployment and hosting will likely await detailed information about potential exposure.
The breach underscores ongoing security challenges for cloud infrastructure providers managing internal access and systems. Vercel's response and transparency in the coming days will be closely watched by its customer base and the broader developer community.
Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.
Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.