Weekly Recap - Third-Party Compromises and Evasion Trends
🔒 This weekly recap highlights a recurring attack pattern: compromise of trusted third-party tools and update paths to gain internal access and persist. Incidents include a Vercel breach originating from a compromised Context.ai account that led to takeover of a Google Workspace identity, hijacked download pages serving trojanized installers, malicious Chrome extensions, and plugin abuse. The report emphasizes multi-stage, in-memory payloads and attackers leveraging legitimate workflows to evade detection. Organizations should reassess trust boundaries, monitor OAuth tokens and environment variables, and prioritize patching of actively exploited CVEs.
