⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

A recent series of attacks has highlighted the ongoing vulnerability of third-party tools and supply chains, with hackers exploiting trusted relationships to gain internal access and deliver malware. The Vercel hack, for example, demonstrates how a brief swap of a trusted download path can be used to push payloads. Meanwhile, browser extensions have been found to be pulling data and running code while appearing to function normally. The threat landscape is also shifting, with attackers increasingly using update channels to deliver malicious content. This trend of "bending trust" rather than "breaking systems" underscores the importance of staying informed about the latest security developments¹. So what matters to practitioners is that they must remain vigilant and prioritize trust-based vulnerabilities in their security assessments to counter these emerging threats.