Vercel Confirms Data Breach After Hacker’s Claim

Vercel Confirms Data Breach After Hacker’s Claim

Cloud platform Vercel has confirmed a security breach after a threat actor claimed to be selling internal data for $2 million.  Threat actor claimed to be ShinyHunters, though ShinyHunters denied involvement. The incident originated from a compromised third-party AI tool’s Google Workspace OAuth app. Stolen data reportedly includes source code, database records, and internal tokens for GitHub and Linear. Vercel is contacting a “limited subset” of affected customers and strongly advises all users to rotate environment variables and API keys immediately.

Source: Bleeping Computer

Seiko USA Disclosed Data Breach on Shopify Database

The Seiko USA website was defaced over the weekend by hackers claiming to have breached the company’s Shopify database. The attackers posted a ransom demand in the site’s “Press Lounge” section, alleging they exfiltrated sensitive data, including customer names, purchase history, and shipping addresses. The threat actors set a 72-hour deadline for negotiations, threatening to leak the database publicly. While Seiko USA has since removed the message, they have yet to officially confirm the breach.

Source: Bleeping Computer

France Titres Confirms Data Breach 

France’s National Agency for Secure Documents (ANTS) has confirmed a data breach after a threat actor known as “breach3d” offered to sell 19 million citizen records on a hacker forum. The agency, which manages identity documents like passports and driver’s licenses, detected the incident on April 15, 2026. Exposed data includes names, emails, birth dates, and postal addresses. ANTS and ANSSI are investigating, warning citizens to remain vigilant against phishing attempts leveraging the stolen information.

Source: Security Week

Fiverr Leaks User Information to Google Indexing

Freelance platform Fiverr is under fire after researchers discovered that a Cloudinary misconfiguration has left sensitive user files publicly accessible and indexed by Google. Exposed data includes completed tax forms (IRS Form 1040) and private financial documents exchanged between freelancers and clients. Despite a 40-day responsible disclosure period, Fiverr allegedly failed to address the issue, leading to the public release of findings on Hacker News. Experts warn this leak may violate FTC and GLBA regulations regarding financial data protection.

Source: Cyber Security News

Gentlemen Ransomware Shows Rapid Growth

“The Gentlemen” ransomware-as-a-service (RaaS) operation has seen rapid expansion, claiming over 320 victims, with 240 attacks occurring in early 2026 alone. Check Point Research discovered that affiliates are deploying “SystemBC” proxy malware to create covert SOCKS5 tunnels and deliver payloads directly into memory. A live command-and-control server revealed a botnet of over 1,570 corporate victims globally. The group primarily exploits unpatched internet-facing devices, using automated lateral movement and Group Policy to achieve domain-wide encryption.

Source: Infosecurity Magazine

Click here to subscribe our Newsletter