# Top Stories

Vercel disclosed a security breach where attackers compromised Context.ai, a third-party AI tool used by a Vercel employee, then leveraged that access to take over the employee's Google Workspace account and gain unauthorized access to internal Vercel systems. The incident demonstrates supply chain risk through third-party AI services and highlights how employee account compromise can lead to broader organizational exposure.

Cloud development platform Vercel confirmed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data on underground markets. This represents a significant breach of a major cloud infrastructure provider used by developers worldwide, potentially exposing customer credentials and sensitive development data.

Attackers are exploiting Apple's legitimate account notification system to send phishing emails that appear to come directly from Apple's servers, bypassing spam filters with fake iPhone purchase alerts. This novel technique abuses Apple's own infrastructure to increase the credibility of phishing attacks, making detection more difficult for both users and email security systems.

NIST announced it will stop assigning CVSS severity scores to lower-priority vulnerabilities due to overwhelming submission volumes that exceed their capacity for analysis. This policy change will impact how organizations prioritize patching for non-critical vulnerabilities, potentially leaving some flaws without standardized severity ratings that security teams rely on for risk assessment.

Following the disruption of the Tycoon 2FA phishing platform, threat actors are repurposing Tycoon's tools and techniques across other phishing kits, leading to a surge in related attacks. The platform's takedown has fragmented rather than eliminated the threat, with attackers adapting existing Tycoon components into new phishing operations.

Microsoft identified a bug in a recent Edge browser update that breaks right-click paste functionality in Microsoft Teams desktop client chats. While seemingly minor, this bug affects a core workflow for millions of Teams users and demonstrates how browser updates can unexpectedly impact enterprise collaboration tools.

NAKIVO released Backup & Replication v11.2 with new ransomware defense capabilities, faster replication, and support for vSphere 9 and Proxmox VE 9.0. The update focuses on proactive data protection features specifically designed to counter ransomware threats in virtualized environments.

Blue Origin's New Glenn rocket successfully reused its first stage but experienced issues with satellite deployment from the upper stage during its mission. While primarily a space industry story, this highlights potential supply chain and reliability concerns for satellite-based security infrastructure.

An article describes operating one of America's most powerful lasers used for studying stellar physics and fusion energy research. This content is not directly relevant to cybersecurity practitioners and appears to be scientific research rather than security-related news.

Research indicates great white sharks are experiencing overheating due to warming ocean temperatures and may be physiologically vulnerable to climate change. This environmental science content lacks relevance to cybersecurity operations or threat landscape analysis.