Mediazone is Nederland's meest complete AI nieuws platform met real-time nieuws, trends, YouTube videos en community discussies voor professionals en AI-enthousiastelingen.

Welke AI onderwerpen behandelt Mediazone?

We behandelen alle aspecten van kunstmatige intelligentie: machine learning, deep learning, ChatGPT, OpenAI, Google AI, Claude AI, Anthropic, computer vision, natural language processing, en AI ethics.

Hoe vaak wordt de AI nieuws bijgewerkt?

Onze AI nieuws wordt elk uur automatisch bijgewerkt vanuit 22+ premium bronnen zoals OpenAI, Google AI, MIT Technology Review, en Wired AI.

Is Mediazone gratis te gebruiken?

Ja, Mediazone is volledig gratis toegankelijk voor alle AI nieuws, trends, en YouTube video's. We richten ons op het Nederlandse AI ecosysteem.

VentureBeat AI•2 hours ago

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

Back to overview

One employee at Vercel adopted an AI tool. One employee at that AI vendor got hit with an infostealer. That combination created a walk-in path to Vercel’s production environments through an OAuth grant that nobody had reviewed. Vercel, the cloud platform behind Next.js and its millions of weekly npm downloads, confirmed on Sunday that attackers gained unauthorized access to internal systems. Mandiant was brought in. Law enforcement was notified. Investigations remain active. An update on Monday confirmed that Vercel collaborated with GitHub, Microsoft, npm, and Socket to verify that no Vercel npm packages were compromised. Vercel also announced it is now defaulting environment variable creation to “sensitive.” Next.js, Turbopack, AI SDK, and all Vercel-published npm packages remain uncompromised after a coordinated audit with GitHub, Microsoft, npm, and Socket. Context.ai was the entry point. OX Security’s analysis found that a Vercel employee installed the Context.ai browser extension and signed into it using a corporate Google Workspace account, granting broad OAuth permissions. When Context.ai was breached, the attacker inherited that employee’s Workspace access, pivoted into Vercel environments, and escalated privileges by sifting through environment variables not marked as “sensitive.” Vercel’s bulletin states that variables marked sensitive are stored in a manner that prevents them from being read. Variables without that designation were accessible in plaintext through the dashboard and API, and the attacker used them as the escalation path. CEO Guillermo Rauch described the attacker as “highly sophisticated and, I strongly suspect, significantly accelerated by AI.” Jaime Blasco, CTO of Nudge Security, independently surfaced a second OAuth grant tied to Context.ai’s Chrome extension, matching the client ID from Vercel’s published IOC to Context.ai’s Google account before Rauch’s public statement. The Hacker News reported that Google removed Context.ai’s Chrom…

Read full article

0 views