Comment by fg137

10 hours ago

Do we actually know the employee downloaded it on their work machine? At least this article doesn't say that (and I couldn't find it in other sources as well). Plenty of companies allow you to VPN into corporate network, or log into certain internal systems from the public Internet. Not saying they should, but it is much more common than you think.

For reference, look at how Disney got hacked. One employee downloaded compromised software on a personal computer. One thing led to another and boom. IT in many companies are much more incompetent than you think. I have seen that first hand.

3 comments

fg137

darkwater 9 hours ago

Actually, you are right to question this. TFA mentions a MicroTrend report [1] as his source, but that report doesn't mention Roblox cheats and more interestingly says that Context.ai employee machine was compromised 22 months ago, in 2024! While TFA says February 2026. This details makes me doubt about the whole article

[1] https://www.trendmicro.com/en_us/research/26/d/vercel-breach...

darkwater 6 hours ago

TrendMicro, not MicroTrend ^^;;

rjmunro 7 hours ago

It might be the opposite - they logged into their work gmail account on their home machine to check their email.