One AI Tool Breached Vercel: The OAuth Supply-Chain Risk Hiding in Your SMB
It wasn't a zero-day. An employee connected a third-party AI tool to their Google Workspace, and attackers rode that OAuth grant into Vercel's internal systems.

For a long time the smug Mac user was right. Windows took the heat for malware; Macs were "safe." It was even sort of true — not because macOS was unbreakable, but because attackers couldn't be bothered to target a small market share when Windows sat there with the vast majority. That math has changed, and in 2026 it's not even close.
Macs are everywhere now. Executives use them, developers love them, crypto users prefer them, agencies run on them. That means high-value credentials, source-code repos, signing certificates, and seed phrases increasingly sit on macOS endpoints — and threat actors followed the money. The result is a thriving macOS malware ecosystem that didn't exist five years ago: AMOS (Atomic Stealer), Shamos, MacSync, Odyssey, and the SHub family are all actively iterating, all targeting Macs, and all run like a business — because they are one.
The latest example is a SHub Stealer variant called Reaper, documented by SentinelOne in May 2026. It matters not because it's exotic, but because it shows how mature the macOS attack chain has become:
mlcrosoft.co.com).applescript:// URL scheme to launch Script Editor pre-loaded with the payload — sidestepping Apple's Tahoe 26.4 mitigations for Terminal-based attacks.com.google.keystone.agent.plist) that beacons the C2 every 60 seconds and pulls down whatever the attacker wants next.The kicker: it doesn't just steal wallet data — it downloads a modified application core and replaces certain wallet apps with trojanized versions that re-steal seed phrases. A telling detail: Reaper checks for a Russian/CIS keyboard and exits immediately if it finds one — the classic tell of Russian-speaking operators. One infection. Three impersonated brands. Apple, Google, and Microsoft, all spoofed in a single chain.
If your business has Macs — and most do, even if it's the founder's laptop and a couple of designers — you can no longer rely on "Macs are safe."
applescript:// link, or runs a payload disguised as an "update."osascript execution — especially anything launched from Script Editor with no legitimate developer context.com.google.keystone.agent.plist from a user who never installed Chrome is a giant red flag./tmp/ activity.The Mac isn't a security feature anymore. It's just an endpoint — and the people writing malware figured that out two years before most SMBs did. If your security strategy still has "the founders use Macs so we're fine" in it somewhere, retire that line. The attackers already have.
Most agencies pentest Windows and skip the Macs. That's exactly the gap attackers want. We test your Mac fleet — AppleScript abuse, LaunchAgents, and the telemetry nobody's watching.