Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7

Lovable 'vibe coding' platform exposed source code, Supabase credentials, and AI chat history for 76 days via missing ownership check in API

Security researcher @weezerOSINT disclosed on April 20 that Lovable, the Swedish AI code-generation platform that just raised a $330M Series B at a $6.6B valuation, had a Broken Object Level Authorization flaw letting any free account read another user's project source code, hardcoded database credentials, AI chat transcripts, and customer data - using only five API calls. The /projects/{id}/* endpoints verified Firebase authentication but skipped any ownership check. On April 23 Lovable published a formal incident report admitting the exposure window ran February 3 to April 20, a full 76 days, caused by a backend regression that silently undid a fix shipped in 2025. Every Lovable project created before November 2025 was readable. The researcher demonstrated the impact by pulling source code from Connected Women in AI, a Danish nonprofit with over 3,700 edits in 2026 alone, extracting hardcoded Supabase credentials from that code, then querying the live database to retrieve real names, LinkedIn profiles, and Stripe customer IDs belonging to Accenture Denmark and Copenhagen Business School staff. Lovable's initial public response was to deny a breach occurred and blame its documentation and HackerOne triage partner before eventually apologizing.

Check
If your team or any staff member has ever built anything on Lovable (including experimental internal tools, prototypes, and hackathon projects) treat every secret that was ever in a Lovable project or chat as potentially public.
Affected
Any Lovable project created before November 2025 was readable by any other Lovable user between February 3 and April 20, 2026. That includes source code (which Lovable commonly generates with hardcoded Supabase anon keys and service role keys), AI chat histories (which often contain pasted API keys and config values), and any customer data stored in the project's connected Supabase database.
Fix
Rotate every Supabase anon key and service role key associated with any project you ever built on Lovable, plus any third-party API key that was ever pasted into a Lovable app, chat, or prompt - Stripe, Resend, SendGrid, OpenAI, Anthropic, and so on. Enable Row Level Security on every table in every connected Supabase project and review each policy by hand. Pull the last 90 days of Supabase audit logs and search for anomalous reads. Export and archive anything you need out of Lovable, remove sensitive values from chat history, and watch for Lovable's direct email notifying affected projects. For EU personal data, open the GDPR breach notification process.

Vercel expands Context.ai breach scope - additional accounts compromised, and some predate the April incident entirely

Vercel updated its security bulletin on April 23 to disclose that ongoing forensics has uncovered additional customer accounts compromised in the Context.ai-linked breach that went public on April 19, and - more worryingly - a separate cluster of customer accounts with evidence of compromise that predates and appears unconnected to the Context.ai incident. CEO Guillermo Rauch confirmed on X that the threat actor has been active beyond Context.ai's compromise. Hudson Rock's forensic report traced patient-zero to a Context.ai employee whose laptop was infected by Lumma Stealer in February 2026 after downloading Roblox auto-farm scripts - a roughly four-week dwell time before the operator pivoted into Context.ai's AWS environment and then through OAuth tokens into Vercel's Google Workspace. The stolen credential set from that single laptop included Google Workspace logins, Supabase keys, Datadog tokens, Authkit credentials, and the support@context.ai account. Vercel has now confirmed non-sensitive environment variables in affected team scopes were readable to the attacker, and says customer notifications are going out individually rather than via a public list.

Check
If you run any service on Vercel, re-check your team's incident email for new direct notifications, and proactively rotate any environment variable not marked as 'sensitive' that was stored in Vercel during February to April 2026.
Affected
Vercel customer teams where a member authorized Context.ai's AI Office Suite OAuth integration against a Vercel enterprise Google Workspace account, and any Vercel team with environment variables not explicitly marked as 'sensitive' stored during the February to April 2026 window. The newly-surfaced predate-April account cluster is separate and Vercel has not publicly scoped it - if you receive a notification email, treat it as a distinct compromise and not simply a continuation of the Context.ai incident.
Fix
Rotate every environment variable stored in Vercel that was not marked as 'sensitive' - in practice, treat every database URL, API key, signing secret, and third-party credential as public and rotate it in place. Audit Google Workspace OAuth app grants and revoke any Context.ai 'AI Office Suite' integration. Review Vercel activity logs back to February 2026 for unexpected access to environment variable dashboards. Rotate Supabase, Datadog, and Authkit credentials if any Context.ai employee or integration ever had access to yours. Set a standing policy that no OAuth grant from an external AI tool gets 'Allow All' Workspace permissions.

Dutch cosmetics giant Rituals discloses 'My Rituals' membership database breach

Rituals, the Amsterdam-headquartered cosmetics and home fragrance retailer with roughly 1,000 stores across Europe, the Middle East, and North America, disclosed on April 23 that attackers stole personal information from its 'My Rituals' membership database. The company has not yet said how many members were affected, only that 'personal information' was exfiltrated. No payment card data is reported to have been compromised. Rituals' membership program collects name, email, postal address, and purchase history to drive a loyalty and personalization program, so the exposed fields are ideal material for branded-lookalike phishing and physical-mail fraud referencing real past purchases. The company says it has informed Dutch data protection regulator Autoriteit Persoonsgegevens and is working with an external incident response firm. Rituals did not attribute the breach to a named group and has not described the initial access vector; the disclosure follows a wider April 2026 pattern in which loyalty and membership databases are repeatedly showing up as soft targets for extortion actors looking for PII-heavy datasets.

Check
If your staff or customers subscribe to Rituals memberships (especially in Europe where store density is highest) brief them that loyalty-themed phishing is likely to follow and add rituals.com lookalike domains to your brand monitoring watchlist.
Affected
Anyone with a 'My Rituals' loyalty membership. Businesses that have ever used Rituals for corporate gifting and stored staff contact details in the member account. Organizations with marketing-driven email collection at Rituals store counters for staff-appreciation programs.
Fix
Monitor phishing tags for any message claiming to be from Rituals or a Rituals partner. If your organization collected staff contact details through a Rituals-branded corporate gifting campaign, notify those staff proactively. Add rituals-[typo].com lookalikes to DMARC reporting and to your brand-monitoring ruleset. Rotate any password that was reused between a My Rituals account and another service. For European users, watch for follow-up notifications from Autoriteit Persoonsgegevens once the breach scope is confirmed, and keep the 90-day GDPR clock in mind for your own records of any shared data.

Citizens Bank and Frost Bank breached via third-party vendor - Everest ransomware claims 3.4M and 250K records, deadline expires today

The Everest ransomware group listed Citizens Financial Group and Frost Bank on its leak site on April 20 with a six-day deadline that expires today. Everest claims 3.4 million Citizens records (names, addresses, account numbers) and 250,000 Frost records with the more sensitive set: SSNs, tax IDs, mortgage rates, and income data. Both banks confirmed the breach traces to a third-party vendor - a statement-printing provider for Citizens, a tax-document fulfillment firm for Frost - rather than direct compromise. Citizens disclosed publicly April 21; class-action lawsuits were filed April 23.

Check
If you bank with Citizens or Frost, monitor accounts and credit reports closely, and treat any inbound communication referencing real account or mortgage details as hostile.
Affected
Citizens Financial Group customers (3.4M records claimed; addresses, names, account numbers in samples) and Frost Bank customers (~250K records; samples include SSNs, tax IDs, mortgage rates - high identity-theft risk). Any organization that shares customer PII with statement-printing, tax-document, or marketing-mail vendors faces equivalent third-party exposure.
Fix
Affected consumers: place a credit freeze, enable 2FA on banking apps, and watch for tax and mortgage fraud since the leak window straddles US filing deadlines. Organizations: pull your vendor PII inventory, identify which downstream printers and tax processors hold equivalent record types, and renegotiate contracts to mandate at-rest encryption and breach notification SLAs.

Vercel breach root cause revealed: Lumma Stealer on a Context.ai employee's laptop, delivered via Roblox auto-farm scripts

Follow-up: this is the origin-story update to the Vercel breach disclosed April 19 (which our publication did not cover at the time). Hudson Rock traced the initial compromise to a Context.ai employee whose laptop was infected by Lumma Stealer malware in February 2026 after the user downloaded Roblox 'auto-farm' scripts and game-exploit executors - a notorious delivery vector for infostealers. The malware harvested that employee's Google Workspace credentials plus access keys and logins for Supabase, Datadog, and Authkit. The haul also included the support@context.ai account, letting the attacker escalate inside Context.ai, reach its AWS environment, and then pivot through compromised Google Workspace OAuth tokens into a Vercel employee's enterprise workspace that had granted the 'AI Office Suite' app 'Allow All' permissions. The attacker (ShinyHunters, now selling the data for $2M on BreachForums) read Vercel environment variables not flagged as 'sensitive.' Google pulled the Context.ai Chrome extension (ID omddlmnhcofjbnbflmjginpjjblphbgk) on March 27 - it embedded an OAuth grant for read access to users' entire Google Drive. The lesson is brutal: one employee's personal risky behavior on a work device cascaded through four SaaS platforms into a supply-chain breach that a threat actor is now auctioning.

Check
If any employee at your company has ever signed into Context.ai with a corporate Google Workspace account, treat that account as compromised and begin full credential rotation and OAuth review immediately.
Affected
Any Google Workspace tenant where an employee granted the Context.ai 'AI Office Suite' OAuth app broad permissions (specifically OAuth app IDs 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com and 110671459871-f3cq3okebd3jcg1lllmroqejdbka8cqq.apps.googleusercontent.com). Any Vercel customer whose environment variables were not explicitly marked 'sensitive'. Any organisation whose employees also install uncurated browser extensions or run game cheats on corporate devices (a pattern that keeps reappearing in infostealer cases).
Fix
In Google Workspace admin, search the OAuth app inventory for the two Context.ai client IDs above and revoke them from every user. On Vercel, audit and rotate every environment variable not marked 'sensitive' across every project, and going forward default-enable sensitive flags on new environment variables. Rotate Supabase, Datadog, and Authkit tokens that were ever accessible from a Context.ai-linked Google account. Pull 60 days of audit logs for each affected SaaS and look for impossible-travel sign-ins, new OAuth grants, and unexpected API-key creation. Block game-cheat and executor download domains at the corporate DNS layer and communicate the Roblox-script risk directly to staff.

French govt identity documents agency ANTS confirms breach - hacker claims 19 million citizen records for sale

France Titres (Agence nationale des titres securises, ANTS), the French government agency responsible for issuing driver's licenses, national ID cards, passports, and immigration documents, has confirmed a security incident on the ants.gouv.fr portal. The agency detected the compromise on April 15 and published an acknowledgment April 20, saying individual and professional account data may have been exposed. On April 16, a threat actor using the alias 'breach3d' claimed responsibility on a hacker forum, alleging theft of up to 19 million records. The attacker says the stolen data contains full names, contact details, birth data, home addresses, account metadata, gender, and civil status. ANTS operates under the French Ministry of the Interior and is the authoritative source for official French identity documents, making any data leak a foundational risk for downstream phishing, social engineering, and identity fraud. The agency has notified France's data protection authority (CNIL), the Paris Public Prosecutor, and national cybersecurity agency ANSSI. ANTS is telling users no action is required but to exercise 'extreme caution' with any SMS, phone calls, or emails claiming to come from the agency - the stolen data is ideal raw material for targeted impersonation scams.

Check
If your business operates in France or handles French citizen data via identity verification, treat every inbound communication appearing to come from ANTS or French government services as potentially part of a phishing campaign over the coming months.
Affected
French citizens and residents with ants.gouv.fr accounts. Businesses operating in France that rely on ANTS-issued documents for KYC/AML checks. Any business with customer bases in France faces elevated phishing risk since the stolen data gives attackers accurate personal details to impersonate official government communications.
Fix
Brief French-based staff and customers that ANTS has been breached and that any unsolicited SMS, call, or email referencing French identity documents should be treated as potentially hostile. Confirm that your KYC verification flows don't rely solely on ANTS-sourced data elements (name, birthdate, address) as proof-of-identity - if that data is now circulating on criminal forums, it can no longer be treated as a strong identity signal. Strengthen inbound email filtering for domains impersonating ants.gouv.fr. Add the 'breach3d' alias and any advertised record counts to your threat intel watchlist for the next 90 days.

A small Discord group quietly accessed Anthropic's most powerful AI hacking tool 'Mythos' for two weeks via a contractor account (backfill from April 21)

Backfill from April 21: Anthropic confirmed an unauthorized Discord group quietly accessed Mythos - the company's most powerful AI cybersecurity tool, restricted to about 40 vetted partners including Apple, Microsoft, and Google. The group got in on the same day Mythos was announced (April 7) by piggybacking on a member who works at one of Anthropic's third-party contractors, then guessed the model's URL based on naming patterns from previously leaked information. Anthropic says the group used Mythos to build websites, not for attacks - but they had quiet access for two weeks. Mozilla used Mythos to find and patch 271 Firefox bugs.

Check
If you're a Project Glasswing partner, audit which contractor environments have access to Mythos and rotate any credentials they used since April 7.
Affected
Anthropic Project Glasswing partners (about 40 organizations including Apple, Microsoft, Google, Mozilla, Cisco) and their downstream contractors. Any organization granting AI tool access to third-party contractors without isolation - the same naming-pattern guess works if your past internal models have been leaked, making new models' URLs predictable.
Fix
For partners: rotate all credentials any contractor environment used to reach Mythos, audit Mythos query logs for unfamiliar patterns, segment contractor access from production AI tooling. For everyone: assume new AI tool URLs that follow your existing naming convention are guessable, randomize URL paths for restricted models, and treat third-party contractor accounts as a primary attack surface.

Mexican cybersecurity firm BePrime breached because admin accounts had no MFA - 12.6 GB leaked including pentest reports, then BePrime threatened journalists who reported it

On April 20 a threat actor using the alias 'dylanmarly' posted 12.6 GB of stolen data from Mexican cybersecurity firm BePrime, claiming compromise of admin accounts that had no MFA enabled. The dump includes plaintext credentials, financial transaction records, security audit and pentest reports detailing client vulnerabilities, plus API keys for 1,858 Cisco Meraki network devices and live surveillance camera feeds. Affected clients include Iberdrola (Spanish energy giant), ArcelorMittal, Whirlpool, and Alsea (Latin American operator of Starbucks, Domino's, Vips). BePrime then announced legal action against journalists reporting on it.

Check
If you use any managed security service provider, confirm in writing this week that they enforce phishing-resistant MFA on every admin account holding your credentials or API keys.
Affected
BePrime's enterprise clients - Iberdrola, ArcelorMittal, Whirlpool, Alsea, Vitro, and others operating in Mexico and Latin America - face direct downstream risk because the leak includes pentest reports identifying their unpatched weaknesses and Meraki API keys with operational control over their network devices.
Fix
BePrime clients should rotate every shared credential, Meraki API key, and integration token immediately and audit Meraki configs for unauthorized changes since March 2026. Cut or sandbox network trusts to BePrime infrastructure pending review. For all organizations: add MFA-enforcement attestation to vendor security questionnaires and put contractual breach-notification SLAs in place for every MSP with privileged access.

Vercel confirms breach - attackers got in through Context.ai AI tool's Google Workspace OAuth, stole customer environment variables

Cloud development platform Vercel disclosed a security incident on April 19 after a threat actor claiming to be ShinyHunters posted stolen data for sale on a hacking forum. Vercel CEO Guillermo Rauch confirmed the initial access came through a breach at Context.ai, an enterprise AI platform one Vercel employee had signed up for using their Vercel enterprise account with 'Allow All' OAuth permissions. Attackers compromised Context.ai, stole the OAuth token, took over the employee's Google Workspace account, and pivoted into Vercel environments. Once inside, they accessed environment variables not marked as 'sensitive' - these are stored unencrypted at rest, unlike sensitive env vars which Vercel encrypts. The attacker posted 580 employee records (names, emails, account status, activity timestamps) as a teaser, plus screenshots of an internal Vercel Enterprise dashboard. They claim to also have access keys, source code, database data, and API keys, though Vercel characterizes impact as a 'limited subset' of customers. Mandiant is engaged. This is the cleanest real-world example to date of the AI supply chain risk pattern everyone has been warning about: a third-party AI tool with broad OAuth scopes becomes the initial access vector into your primary infrastructure.

Check
If you deploy apps on Vercel, rotate all environment variables immediately - especially any not marked 'sensitive'. Also audit every third-party AI/SaaS tool that has OAuth access to your Google Workspace or similar identity provider.
Affected
Any Vercel customer with environment variables not marked 'sensitive'. Vercel has directly contacted a 'limited subset' of customers whose credentials were compromised. If you weren't contacted, Vercel says it has no evidence of your data being accessed at this time. Separately: any organization using Context.ai with Google Workspace OAuth granted 'Allow All' permissions.
Fix
Rotate every Vercel environment variable and redeploy applications to pick up the new values. Mark any secret as 'sensitive' in Vercel's dashboard going forward - this encrypts at rest. In Google Workspace Admin, search for and revoke OAuth App ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com. Review Google Workspace audit logs between April 1-19 for unusual OAuth grants or token access. Audit every third-party tool connected to your Google Workspace - specifically those granted broad OAuth scopes - and remove any your team isn't actively using.

Booking.com confirms data breach exposing guest reservation details - phishing wave already targeting travelers

Booking.com has confirmed unauthorized access to its systems that exposed guest reservation data including names, email addresses, phone numbers, postal addresses, booking details, and any messages shared with accommodation providers. The company began emailing affected customers over the weekend but did not send alerts via the Booking.com app, creating confusion about whether the notification emails were legitimate. Booking.com says financial data was not accessed. The company has reset PIN numbers for affected reservations. The number of impacted users has not been disclosed, though Booking.com lists 6.8 billion bookings since 2010 across 30+ million properties. Reddit users are already reporting scam messages from people who appear to have real reservation details, suggesting attackers are using the stolen data for targeted phishing. The Register notes this follows a similar 2021 breach pattern where attackers compromised hotel staff logins to access the platform.

Check
If you or your employees have upcoming Booking.com reservations, be on high alert for phishing emails and messages that reference real booking details. The scams will look convincing because the attackers have the actual reservation data.
Affected
Anyone with active or recent Booking.com reservations. The exposed data (names, emails, phones, addresses, booking details, messages to hotels) gives attackers everything needed for highly targeted phishing.
Fix
Do not click links in any emails claiming to be from Booking.com or your booked hotel - go directly to booking.com to check your reservations. Verify that your booking PIN has been reset (Booking.com says they've done this automatically). Watch for emails requesting payment changes, 'verification' of card details, or 'reservation confirmations' that link to non-booking.com domains. If you uploaded passport or ID copies for your reservation, monitor for identity fraud. Note that passport/ID exposure was not confirmed by Booking.com but many hotels require these documents.