Vercel-hosted subdomains used in large phishing / malware campaign (remote access malware) (high) Multiple security reports from June–July 2025 document threat actors abusing vercel.app (and surge.sh) subdomains to host phishing pages that delivered a malicious variant of LogMeIn (remote access malware). CyberArmor/CyberPress report states at least 28 distinct attack waves over two months targeting more than 1,271 victims; the report lists multiple vercel.app subdomains used and specific malware file hashes (e.g., MD5 f3f8379ce6e0b8f80faf259db2443f13), and advises monitoring vercel.app/surge.sh domains due to repeated abuse (CyberArmor/CyberPress, Jun 20, 2025).. V0 AI tool (from Vercel) reported weaponized by threat actors for fake sign‑in / phishing (AI product abuse) (high) On July 2, 2025 reports note that Vercel's v0 generative AI tool (and its outputs) were weaponized by unknown actors to design convincing fake sign-in pages and otherwise facilitate phishing. The story documents that v0 was used as part of attacker workflows to create deceptive UI and social engineering artifacts (reported Jul 2, 2025).. Public backlash, contract cancellations and employee resignations after CEO selfie with Israeli PM Benjamin Netanyahu (high) On Sep 30, 2025 Vercel CEO Guillermo Rauch posted a selfie with Israeli Prime Minister Benjamin Netanyahu. Multiple news outlets and developer communities reported immediate backlash: developers and customers called for boycotts, some customers publicly announced they were dropping Vercel and there are reports of employee resignations and cancelled contracts tied to the incident (news coverage and social posts dated Sep 30, 2025).. Multiple customer billing disputes and 'runaway' bills reported (including $3,000 incident and larger surprise bills) (medium) Public reports and developer threads document instances where customers incurred unexpectedly large bills from Vercel. Example: a Reddit thread (r/nextjs) documents a "Small mistake leads to $3000 bill from Vercel" (user report); Hacker News threads from April 2023 discuss a separate 'runaway' bill in the thousands (one comment references a >$22,000 surprise bill and other billing disputes). These are concrete, public user-reported incidents of billing errors/opaque charges (Reddit post; Hacker News discussion April 10, 2023).. Repeated public complaints about support, vendor-lock-in and product decisions (community backlash / operational risk) (medium) A widely-viewed Hacker News thread (Apr 10, 2023) collates numerous developer complaints about Vercel: opaque/poor support, surprising platform behaviors (caching/image optimization) that create migration or lock‑in friction, and high billing/overage risks. The thread contains multiple corroborating user accounts (including references to the billing incidents noted above) and documents long-running community concerns about Vercel's customer support and operational transparency.. Account suspension / takedown incident impacting a research/journalism project (customer complaint; mass site removals) (low) On Nov 2, 2021 a long-term Vercel customer reported that Vercel disabled their accounts citing a policy violation (allegedly 'using leaked personal info') and took down ~30 sites without prior notice; the GitHub discussion indicates the deployments were later restored and Vercel staff indicated an internal error, but the incident documents a non-trivial automated enforcement/takedown action that impacted a long-time paying customer and multiple sites simultaneously (GitHub discussion #6923, Nov 2, 2021).