Breaking: Vercel Breach Linked to Infostealer Infection at Context.ai

**Executive Summary:** A Lumma infostealer infection on a Context.ai employee with elevated access leaked Google Workspace and developer/admin credentials (Supabase, Datadog, Authkit) which were subsequently used to pivot into Vercel; threat actor ShinyHunters is reportedly selling the stolen Vercel data. The report includes an OAuth Client ID IOC, timeline correlation to a single recorded infection, evidence of administrative Vercel access, and step-by-step remediation guidance for affected Google Workspace tenants.