How to protect against OAuth-based supply chain breaches and credential sprawl
For security teams, credential sprawl is like dust; you don't notice it until it has accumulated.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
One Checkbox Away: The Vercel Breach and the Case for Zero Standing Privileges
There’s never a good time to disclose a breach, but days before your IPO has to rank near the bottom of the list. That was the backdrop to the Vercel breach. On Sunday the 19th, the company confirmed that attackers had walked into parts of its internal environment and walked back out with customer API keys. Early reporting focused on the flashy parts: an attacker claiming ties to ShinyHunters, a $2 million BreachForums demand, crypto teams rotating credentials with the IPO roadshow in full swing.
The Hims Data Breach: What Standing Access Costs in Healthcare
Hims & Hers, one of the biggest telehealth platforms in the U.S., just disclosed that millions of customer records were exposed. Not because of some sophisticated exploit, but because a single compromised login had standing access to a connected platform. One identity was all it took. This breach is worth paying attention to not because it’s unusual, but because it’s so ordinary.
Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too
Vercel's Context.ai breach exposed environment variables that weren't marked sensitive. Learn how to pull and scan your secrets with GitGuardian.
Vercel security incident: What the breach reveals about OAuth trust, supply chain risk, and response speed
Public reporting suggests the incident involved abuse of a third-party application that had been granted OAuth access to a Vercel employee account, enabling unauthorized access to some internal resources. Certain customer‑related tokens, environment variables, or other access artifacts may have been exposed, though Vercel has not stated that password theft was part of the initial access path.
Cybersecurity Strengthens Trust in Digital Systems
Every time a customer enters payment details, shares personal data, or logs into an online service, they place enormous faith in the organization behind that platform, trusting that the entity responsible for managing their sensitive information will safeguard it against breaches, unauthorized access, and any form of misuse. This kind of faith is not something that customers grant freely or without careful consideration of the security measures in place. It is built through clear, measurable security practices that shield sensitive data from unauthorized access and misuse.
What You Need to Know about the QualDerm Partners Data Breach
QualDerm Partners, LLC is a healthcare management services provider headquartered in Brentwood, Tennessee. The company offers comprehensive administrative, clinical, and operational support to dermatology practices nationwide. QualDerm provides management resources, funding, and operational services, including patient records management, billing, insurance processing, and other essential services to improve efficiency and care quality across its network of clinics.
What You Need to Know about the Navia Benefit Solutions Data Breach
Navia Benefit Solutions, Inc. is a consumer-focused benefits administrator headquartered in Renton, Washington. Founded in 1989, the company provides comprehensive employee benefits administration services to more than 10,000 employers across the United States. Navia manages tax-advantaged healthcare and dependent care accounts, serving more than 1 million participants nationwide.
What You Need to Know about the Healthcare Interactive Data Breach
Healthcare Interactive, Inc., also known as HCIactive, is an Ellicott City, Maryland-based provider of AI-powered software solutions for insurance enrollment and benefits administration. Founded in 2006, the privately held company has fewer than 100 employees but serves healthcare organizations and insurers nationwide. As a HIPAA business associate, HCIactive processes and stores protected health information for multiple covered entities, giving it access to large volumes of sensitive patient data.
SIP Trunking Security in 2026: What Enterprises Must Know Before Their Next Breach
Telecom fraud exceeded an estimated $41.82 billion in losses in 2025 - and a substantial share of that exposure runs directly through SIP trunks. The SIP trunking market itself reached $73.14 billion that same year, and is projected to more than double to $157.91 billion by 2030, according to Mordor Intelligence. That collision of rapid adoption and surging fraud is not a coincidence. Enterprises are migrating voice infrastructure to IP-based systems faster than security teams are adapting their threat models to cover them. In 2026, SIP trunking is business-critical infrastructure.