Weekly Threat Digest: Vercel Breach, Push Fraud, QEMU Abuse, Android RAT Surge

A compressed week of incidents points to attackers moving up the stack and into the edges of developer infrastructure. A breach at Vercel — a platform sitting in the deployment path of countless web applications — sits alongside a wave of MFA push fraud campaigns exploiting user fatigue rather than cryptographic weakness. Attackers are also weaponizing legitimate tooling: QEMU, a virtualization utility, is being repurposed to tunnel traffic and evade network controls that trust known binaries.

On mobile, a fresh crop of Android remote access trojans is expanding the commodity malware market, lowering the bar for device-level surveillance and credential theft. The through-line across these stories is blast radius over novelty — compromises of platforms, identity flows, and trusted binaries scale faster than any single exploit chain. Defensive posture has to assume the developer pipeline, the MFA channel, and the virtualization stack are all in scope, not just the application perimeter.