A cascading supply-chain attack did not start with a zero day exploit, an unpatched vulnerability, or a brute-force attack. It started with a bored employee wanting to get ahead in an online game. A Context.ai employee downloaded a Roblox game cheat , an unofficial script for an online game that came bundled with Lumma Stealer malware that exposed corporate credentials and OAuth tokens. Attackers then harvested AWS tokens and other system credentials allowing them to get into Context.ai customer environments. A Vercel employee who had signed up for the Context.ai’s AI Office Suite gave attackers the opportunity to pivot into Vercel’s internal systems and retrieve customer environment variables of Vercel’s customers and exfiltrate the credentials that were not encrypted. Why CISOs and CIOs should care:  SaaS proliferation creates leads to over-extension of trust. The Vercel incident reinforces that SaaS adoption has outpaced SaaS security maturity.…