Vercel’s security breach started with malware disguised as Roblox cheats | CyberScoop<\/title> <meta name=\"description\" content=\"The attack, which originated at Context.ai, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/vercel-security-breach-third-party-attack-context-ai-lumma-stealer\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Vercel's security breach started with malware disguised as Roblox cheats\"> <meta property=\"og:description\" content=\"The attack, which originated at Context.ai, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/vercel-security-breach-third-party-attack-context-ai-lumma-stealer\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-04-20T20:24:40+00:00\"> <meta property=\"article:modified_time\" content=\"2026-04-20T20:29:20+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-2.jpg\"> <meta property=\"og:image:width\" content=\"4959\"> <meta property=\"og:image:height\" content=\"3306\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1774626878g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1774625888g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88664\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88664\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fvercel-security-breach-third-party-attack-context-ai-lumma-stealer%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fvercel-security-breach-third-party-attack-context-ai-lumma-stealer%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88664 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/vercel-security-breach-third-party-attack-context-ai-lumma-stealer\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.220930232558\">\n<div class=\"single-article__header-content\" readability=\"36.232558139535\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/vercel-security-breach-third-party-attack-context-ai-lumma-stealer\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The attack, which originated at Context.ai, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88664\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-2.jpg 4959w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"> <\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"35.244375484872\"><body readability=\"74.113091579594\"><\/p>\n<p>Vercel customers are at risk of compromise after an attacker hopped through multiple internal systems to steal credentials and other sensitive data, the company said in a <a href=\"https:\/\/vercel.com\/kb\/bulletin\/vercel-april-2026-security-incident\">security bulletin<\/a> Sunday. <\/p>\n<p>The attack, which didn\u2019t originate at Vercel, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions. <\/p>\n<p>An attacker traversed third-party systems and connections left exposed by employees before it hit the San Francisco-based company that created and maintains Next.js and other popular open-source libraries. <\/p>\n<p>Researchers at Hudson Rock said the seeds of the attack were planted in February when a Context.ai employee\u2019s computer was <a href=\"https:\/\/www.infostealers.com\/article\/breaking-vercel-breach-linked-to-infostealer-infection-at-context-ai\/\">infected with Lumma Stealer malware<\/a> after they searched for Roblox game exploits, a common vector for infostealer deployments.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Each of the companies are pinning at least some blame for the attack on the other vendor.<\/p>\n<p>Context.ai on Sunday said that breach allowed the attacker to access its AWS environment and OAuth tokens for some users, including a <a href=\"https:\/\/context.ai\/security-update\">token for a Vercel employee\u2019s Google Workspace<\/a> account. Vercel is not a Context customer, but the Vercel employee was using Context AI Office Suite and granted it full access, the artificial intelligence agent company said. <\/p>\n<p>\u201cThe attacker used that access to take over the employee\u2019s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as sensitive,\u201d Vercel said in its bulletin. <\/p>\n<p>The company said a limited number of its customers are impacted and were immediately advised to rotate credentials. The company, which declined to answer questions, did not specify which internal systems were accessed or fully explain how the attacker gained access to Vercel customers\u2019 credentials. <\/p>\n<p>Vercel CEO Guillermo Rauch said customer data stored by the company is fully encrypted, yet the attacker got further access through enumeration, or by counting and inventorying specific variables. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWe believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI,\u201d he said in a <a href=\"https:\/\/x.com\/rauchg\/status\/2045995362499076169\">post on X<\/a>. \u201cThey moved with surprising velocity and in-depth understanding of Vercel.\u201d<\/p>\n<p>A threat group identifying themselves as ShinyHunters took responsibility for the attack in a post on Telegram and is attempting to sell the stolen data, which they claim includes access keys, source code and databases.<\/p>\n<p>The attacker \u201cis likely an imposter attempting to use an established name to inflate their notoriety,\u201d Austin Larsen, principal threat analyst at Google Threat Intelligence, wrote in a <a href=\"https:\/\/www.linkedin.com\/posts\/austin-larsen_vercel-share-7451694308845408256-aHOX\/?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAC2xvMBLPggh7Z3PC8i4V4yQ0JB56a2MlM\">LinkedIn post<\/a>. \u201cRegardless of the threat actor involved, the exposure risk is real.\u201d<\/p>\n<p>Vercel also warned that the attack on Context\u2019s Google Workspace OAuth app \u201cwas the subject of a broader compromise, potentially affecting its hundreds of users across many organizations.\u201d It published indicators of compromise and encouraged customers to review activity logs, review and rotate variables containing secrets.<\/p>\n<p>Context and Vercel said their separate and coordinated investigations into the attack aided by CrowdStrike and Mandiant remain underway.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.9926470588235\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/vercel-security-breach-third-party-attack-context-ai-lumma-stealer\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vercel’s security breach started with malware disguised as Roblox cheats<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,2842,6461,2350,282,78,387,3729,4898,646,4387,1073,3288,2151,1813,1866,649,288,5745],"tags":[236,2844,6462,2354,286,86,391,3731,4901,650,4388,1076,3290,2155,1814,1868,652,294,5746],"class_list":["post-8549","post","type-post","status-publish","format-standard","hentry","category-ai","category-aws","category-context-ai","category-crowdstrike","category-cybercrime","category-cybersecurity","category-google","category-google-threat-intelligence-group","category-google-workspace","category-mandiant","category-oauth","category-open-source","category-open-source-software","category-shinyhunters","category-supply-chain","category-supply-chain-attacks","category-supply-chain-security","category-threats","category-vercel","tag-ai","tag-aws","tag-context-ai","tag-crowdstrike","tag-cybercrime","tag-cybersecurity","tag-google","tag-google-threat-intelligence-group","tag-google-workspace","tag-mandiant","tag-oauth","tag-open-source","tag-open-source-software","tag-shinyhunters","tag-supply-chain","tag-supply-chain-attacks","tag-supply-chain-security","tag-threats","tag-vercel"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/aws\/\" rel=\"category tag\">AWS<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/context-ai\/\" rel=\"category tag\">Context.ai<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/crowdstrike\/\" rel=\"category tag\">CrowdStrike<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-workspace\/\" rel=\"category tag\">Google Workspace<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/oauth\/\" rel=\"category tag\">OAuth<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source\/\" rel=\"category tag\">open source<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source-software\/\" rel=\"category tag\">open source software<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/shinyhunters\/\" rel=\"category tag\">ShinyHunters<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/supply-chain\/\" rel=\"category tag\">supply chain<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/supply-chain-attacks\/\" rel=\"category tag\">supply chain attacks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/supply-chain-security\/\" rel=\"category tag\">supply chain security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vercel\/\" rel=\"category tag\">Vercel<\/a>","tag_info":"Vercel","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8549"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8549\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8549,"date":"2026-04-20T15:24:40","date_gmt":"2026-04-20T20:24:40","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88664"},"modified":"2026-04-20T15:24:40","modified_gmt":"2026-04-20T20:24:40","slug":"vercels-security-breach-started-with-malware-disguised-as-roblox-cheats","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/04\/20\/vercels-security-breach-started-with-malware-disguised-as-roblox-cheats\/","title":{"rendered":"Vercel\u2019s security breach started with malware disguised as Roblox cheats"},"content":{"rendered":"