Critical Breaches and Zero-Day Exploits: Vercel, UK Biobank, Bitwarden Under Siege; Microsoft and Apple Rush Patches
Breaking News — A wave of high-severity cyber incidents has been disclosed over the past 48 hours, including breaches at Vercel, UK Biobank, and Bitwarden, alongside zero-day exploits targeting AI systems. Microsoft and Apple have released emergency patches for critical vulnerabilities.
Vercel Breach Linked to Third-Party OAuth Abuse
Frontend cloud platform Vercel confirmed a security incident tied to a compromise at analytics partner Context.ai. Attackers used stolen OAuth tokens to gain unauthorized access through a connected application.
“We detected unusual activity involving employee information, internal logs, and a subset of environment variables,” said a Vercel spokesperson. “The most sensitive secrets were not exposed, but we have revoked all tokens and launched an investigation.” The breach did not affect customer data.
UK Biobank Reports Health Data Leak
UK Biobank, a major research repository holding de-identified health data on 500,000 volunteers, confirmed that its data was listed for sale on Chinese marketplaces. “We immediately acted to have the listings removed and believe no data was actually sold,” a Biobank official stated.
Access to the research platform was suspended, download limits imposed, and a full forensic audit is underway. The incident underscores the persistent targeting of health data.
Bitwarden Supply-Chain Attack Hits npm
Password manager Bitwarden disclosed a supply-chain attack after a malicious CLI version (2026.4.0) was published to npm on April 22. “Approximately 334 developers installed the compromised package,” the company noted. “While vault data remained encrypted and unaffected, credentials entered during that window may be at risk.”
The attack leveraged a hijacked GitHub account to inject malware. Users are urged to rotate any API keys or tokens used during that period.
AI Threats Escalate: Anthropic Model Exposed, Exploitation Platform Active
Researchers flagged unauthorized access to Anthropic’s unreleased Claude Mythos Preview via a third-party vendor environment. A small Discord group reportedly used shared contractor accounts and API keys to reach the system. “Core systems were not impacted,” said an Anthropic representative, “but we are investigating the vendor’s security posture.”
Separately, the AI-assisted exploitation platform Bissa Scanner has been observed using Claude Code and OpenClaw to mass-exploit CVE-2025-55182 (React2Shell), compromising over 900 targets and harvesting tens of thousands of environment files.
Critical Zero-Day Patches from Microsoft and Apple
Microsoft released an out-of-band fix for CVE-2026-40372, a 9.1-rated ASP.NET Core privilege escalation flaw. “The bug in Data Protection versions 10.0.0 to 10.0.6 allows attackers to forge cookies and impersonate users, potentially gaining SYSTEM-level access on Linux and macOS,” warned Sarah Chen, lead threat analyst at CyberSafe.
Apple followed with a patch for CVE-2026-28950, a Notification Services vulnerability impacting iOS and iPadOS. No active exploitation has been confirmed, but users are advised to update immediately.
Background
These events come amid a broader surge in cyber attacks targeting cloud infrastructure, research data, and developer toolchains. Supply-chain compromises and AI-powered exploitation tools are becoming more sophisticated, increasing the speed and scale of attacks.
Security teams worldwide are now racing to assess exposure, rotate credentials, and apply patches before adversaries can exploit the disclosed vulnerabilities.
What This Means
For organizations, the Vercel and Bitwarden incidents emphasize the need to audit third-party integrations and limit OAuth token scopes. The Biobank breach highlights that even de-identified health data remains a prime target on dark web markets.
Individuals should update their password manager credentials, enable multi-factor authentication, and apply the latest iOS and ASP.NET Core patches. With AI threats becoming operational, expect more automated, high-volume attacks in the coming weeks.