This week’s IT security roundup examines a major breach at Vercel via a third-party AI tool, Microsoft’s massive Patch Tuesday update addressing 164 vulnerabilities, a coordinated ransomware campaign by ShinyHunters affecting multiple major corporations, the disruption of IoT botnets infecting millions of devices, and escalating cyberattacks on US infrastructure amid geopolitical tensions.

Vercel Security Incident Traced to Third-Party AI Tool Compromise

DATA BREACH

Vercel disclosed a security incident on April 19, 2026, involving unauthorized access to internal systems after an attacker compromised Context.ai, a third-party AI tool used by a Vercel employee. The attacker leveraged access to the employee’s Google Workspace account to gain entry to some Vercel environments and environment variables that were not marked as “sensitive.”

The company has engaged Mandiant, additional cybersecurity firms, and law enforcement for investigation. While environment variables marked as “sensitive” were not accessed due to their protected storage method, customers with non-sensitive environment variables have been notified and advised to rotate credentials immediately. Vercel confirmed that npm packages published by the company have not been compromised, with no evidence of supply chain tampering.

Microsoft Patch Tuesday Addresses 164 Vulnerabilities with Multiple Critical Flaws

VULNERABILITY

Microsoft’s April 2026 Patch Tuesday release addresses 164 vulnerabilities, double the number from March 2026, including one exploited zero-day, one previously disclosed zero-day, and eight Critical vulnerabilities. The exploited zero-day (CVE-2026-32201) is a spoofing vulnerability in Microsoft SharePoint Server with a CVSS score of 6.5, allowing unauthenticated remote attackers to view sensitive information and make changes without user interaction.

Critical flaws include a remote code execution vulnerability in Windows TCP/IP (CVE-2026-33827, CVSS 8.1) exploited via specially crafted IPv6 packets, a Critical RCE in Windows Internet Key Exchange (IKE) Service Extensions (CVE-2026-33824, CVSS 9.8), and multiple RCE vulnerabilities in Microsoft Office and Word. Windows received the most patches with 131 fixes (80%), followed by Office with 14 and Developer Tools with 8.

ShinyHunters Ransomware Group Targets Multiple Major Corporations

RANSOMWARE

The ShinyHunters ransomware group has claimed responsibility for attacks against several major corporations, including Inditex (Zara), 7-Eleven, Carnival Corporation, and McGraw-Hill. At Inditex, the group claims to have stolen over 9 million records containing sensitive PII and internal data. 7-Eleven reportedly lost over 600,000 Salesforce records, while Carnival Corporation faces claims of 8.7 million records exposed.

McGraw-Hill confirmed a data breach after hackers exploited misconfigurations in its Salesforce environment, exposing approximately 45 million Salesforce records containing personally identifiable information. The attack pattern suggests a coordinated campaign exploiting similar vulnerabilities across multiple organizations’ cloud environments and customer relationship management systems.

International Operation Disrupts Four Major IoT Botnets

BOTNET TAKEDOWN

A coordinated law enforcement operation across the United States, Germany, and Canada has dismantled infrastructure behind four major botnets that infected more than 3 million IoT devices worldwide. The compromised devices included webcams, routers, and digital video recorders, which were used to launch large-scale distributed denial-of-service (DDoS) attacks against targets including US defense department systems.

The botnets operated on a “cybercrime-as-a-service” model, selling access to compromised devices to other actors while also extorting victims directly. Authorities report that the networks enabled hundreds of thousands of attacks worldwide. The takedown highlights the ongoing risks posed by insecure connected devices with weak passwords and unpatched systems, which continue to provide entry points for attackers turning everyday hardware into tools for large-scale disruption.

US Critical Infrastructure Faces Increased Cyberattacks Amid Middle East Conflict

CRITICAL INFRASTRUCTURE

A joint advisory from US agencies indicates that cyber activity targeting critical infrastructure has escalated in recent weeks amid conflict in the Middle East. Hackers are exploiting internet-exposed operational technology (OT) devices used across sectors including energy, water, and local government systems. The advisory notes that widespread public internet exposure makes these devices attractive targets, with several incidents already causing operational disruption and financial loss.

Attackers are manipulating data on industrial control interfaces and extracting sensitive system files, reflecting a broader shift in cyber warfare from data theft to physical infrastructure interference. The World Economic Forum’s Global Cybersecurity Outlook 2026 found that 64% of organizations are now factoring geopolitical tensions into their cybersecurity planning. Organizations are urged to assume they could be targeted, implement multi-factor authentication, remove public-facing access where possible, and monitor for unusual network activity.

ZY Media Productions

IT • Music • Technology