OAuth hijacked: How a third-party breach hit Vercel

On April 19 Vercel disclosed that attackers leveraged a compromised Context AI OAuth grant to access and exfiltrate data; the report notes the abused OAuth client ID was published and recommends hunting for the client ID, auditing OAuth consent grants, and restricting third-party app permissions.