How a Stolen OAuth Token Sparked a $2M Vercel Supply Chain Attack

The Vercel breach in April 2026 wasn’t a sophisticated hack of their servers. It was a simple, devastating replay of a stolen OAuth token. Attackers infected a Vercel employee’s personal device with Lumma Stealer malware, harvested their Google session token,…









