⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

What’s new: Vercel disclosed a data breach linked to the compromise of the third-party tool Context.ai, allowing unauthorized access to internal systems. A law enforcement operation dismantled a DDoS-for-hire service, while a new botnet named PowMix targets Czech workers. A novel ad fraud scheme called Pushpaganda exploits Google Discover, and multiple malicious Chrome extensions have been identified that steal user data. Additionally, new malware variants such as PHANTOMPULSE RAT and STX RAT have emerged through social engineering and hijacked downloads.

Who’s affected

Organizations using Vercel, Context.ai, and CPUID may be at risk due to the recent breaches. Users of Google Chrome and Android devices may be affected by the malicious extensions and ad fraud schemes. Workers in the Czech Republic are specifically targeted by the PowMix botnet.

What to do

• Review and secure access to Vercel and Context.ai accounts, especially OAuth tokens.
• Monitor for unusual activity related to the PowMix botnet and implement network detection measures.
• Educate users about the risks of enabling notifications from unknown sources to avoid ad fraud.
• Regularly audit and update browser extensions to remove any malicious ones.
• Patch vulnerabilities associated with CVE-2026-20184, CVE-2026-20147, CVE-2026-20180, CVE-2026-20186, CVE-2026-33032, CVE-2026-32201, CVE-2026-27304, CVE-2026-39813, and CVE-2026-39808 as soon as possible.

Sources

• The Hacker News