Security Report – 24 Apr 2026

Exploit: Third-Party Data Breach

Risk to Business: Moderate: American cloud application company Vercel disclosed a security breach that allowed threat actors to gain unauthorised access to its internal systems. The incident originated from the compromise of Context.ai, a third-party AI tool used by a Vercel employee. The employee logged in using a Google Workspace account and granted the tool extensive permissions, including access to Google Cloud Platform resources. However, the tool had already been compromised, allowing attackers to leverage those permissions to move laterally into Vercel’s environment and potentially access internal systems. While Vercel stated that no sensitive data was exposed, concerns arose after an anonymous individual shared screenshots on Telegram allegedly showing access to confidential information. The company is now working with Mandiant and other cybersecurity firms, notifying law enforcement and coordinating with Context.ai to assess the full scope of the incident.

Europe – Piazza San Marco – Government & Public Sector 

Exploit: Hacking

Risk to Business: Moderate: Hackers have reportedly breached the hydraulic pump system at Piazza San Marco in Venice, an iconic location visited by millions each year. Threat actors identifying as Infrastructure Destruction Squad or Dark Engine claimed they gained administrative access to the city’s flood defense system and threatened to disable protections, potentially flooding coastal areas. The alleged breach began in late March and involved control over the system’s interface. The attackers shared screenshots as proof and offered full root access for $600, aiming to expose vulnerabilities and apply political pressure.

Talk to a TCT team member today about implementing IT strategy plan for your business.