Expert Guidance. Effortless Compliance. Faster Results.

Axipro, the cybersecurity and compliance consulting firm, and Kertos, the European compliance automation platform, and  have entered a strategic partnership that combines software automation with hands-on implementation support for organisations navigating Europe’s expanding regulatory regime. The agreement, effective April 1, 2026, names Axipro as an implementation partner for Kertos. Customers can now buy the Kertos platform through Axipro alongside consulting, implementation support, and broader compliance service packages spanning frameworks including GDPR, NIS2, DORA, the EU AI Act, ISO 27001, and SOC 2. The partnership lands as European companies face mounting regulatory pressure. The NIS2 Directive pulled around 28,700 additional companies into scope when it replaced its predecessor in October 2024. DORA became fully applicable in January 2025, binding around 22,000 EU financial entities to a single ICT risk management framework with penalties of up to 2% of global turnover. The EU AI Act adds another layer, with compliance costs for SMEs running between €50,000 and €500,000 per organisation depending on use case. What the partnership delivers Under the agreement, Axipro sells, implements, and operates Kertos for customers as part of integrated service packages. The same partner that scopes the gap assessment, defines the control framework, and runs the implementation also configures and operates the platform that holds the evidence. Engagements no longer hand off between separate vendors. For Kertos, the deal gives the platform deeper exposure to how compliance programmes run inside operating businesses, feeding back into product development. For Axipro, which already supports companies across more than 20 frameworks with services spanning penetration testing, internal audit, and end-to-end certification support, Kertos extends its offering with continuous evidence collection, control management, vendor management, and automated audit preparation. “Our ambition at Kertos is to build the leading compliance automation platform in the market, one that doesn’t just simplify compliance but fundamentally redefines how companies achieve and maintain it,” said Dr. Kilian Schmidt, CEO of Kertos. “Strategic partnerships like the one with Axipro are a key part of that journey. By working closely with experienced compliance experts, we gain invaluable real-world insights that directly shape and accelerate our product development.” Free migration to Kertos through Axipro As part of the partnership, Axipro is offering free migration to Kertos for companies currently using another compliance or GRC platform. The migration covers transferring existing controls, evidence, policies, and vendor records into Kertos, with Axipro consultants handling the rebuild of framework mappings for ISO 27001, SOC 2, GDPR, NIS2, and other applicable standards. The aim is to remove the cost and disruption that typically deters companies from switching platforms mid-program, even when their existing tooling no longer fits their regulatory scope.   DACH region as the starting point Germany consistently leads European GRC adoption and accounts for the largest share of the region’s GRC platform market. It is also where regulatory pressure is sharpest right now, with the Federal Office for Information Security actively building out supervisory capacity ahead of the April 2026 NIS2 registration deadline for essential and important entities. “Compliance is only as strong as the tools and partners behind it,” said Ali Hayat, CEO of Axipro. “Our partnership with Kertos gives our clients in the DACH region access to a powerful data privacy and compliance platform, backed by Axipro’s hands-on expertise. Together, we make achieving and maintaining compliance seamless, faster, and more predictable for the businesses that need it most.” Both companies framed the agreement as a foundation for deeper collaboration as customer needs and regulatory requirements continue to evolve. About Axipro Axipro is a cybersecurity and compliance consulting firm helping high-growth companies achieve and maintain regulatory certifications across more than 20 frameworks including SOC 2, ISO 27001, GDPR, and NIST. Services span penetration testing, internal audit, and end-to-end support for companies pursuing first-time certification or maintaining existing ones. Axipro has offices in the UK, the USA, and Bahrain. About Kertos Kertos is a compliance automation platform that helps companies operating in Europe meet and maintain compliance requirements for frameworks including ISO 27001, SOC 2, GDPR, and NIS2. By automating evidence collection, control management, vendor management, and audit preparation, Kertos enables organisations to build and maintain robust information security and data protection programmes without the manual overhead of traditional approaches. Read the full press release here

When Abeera Zainab joined Axipro in early 2024, she quickly became more than just part of the delivery team—she became a driving force behind how compliance engagements are executed across the firm.Over the past few years, her role has naturally expanded. What began as hands-on involvement in compliance delivery has evolved into leading complex, multi-framework programs across diverse client environments. Today, Abeera operates at the centre of Axipro’s GRC function—overseeing engagements that span ISO 27001, ISO 27701, SOC 2, PCI DSS, GDPR, HIPAA, ISO 42001, and DORA, often managing multiple frameworks simultaneously within a single scope.   Her strength lies not just in understanding these standards, but in making them work together—bringing structure to complexity and helping organisations move toward audit readiness without unnecessary friction. This approach has translated into tangible results. Abeera has played a key role in maintaining Axipro’s 100% audit success rate across 40+ certified clients, with no failed audits to date, while consistently delivering a high level of client satisfaction.But what clients often highlight most isn’t just the outcome—it’s the experience of working with her. Even in high-pressure situations—tight timelines, evolving scopes, or complex stakeholder environments—Abeera is known for her calm, structured, and transparent approach. She brings clarity where there is uncertainty, keeps engagements on track, and ensures that teams remain aligned from kickoff through to certification.   Her technical depth supports this delivery. Abeera holds the ISO/IEC 27001:2022 Lead Auditor certification (CQI/IRCA), the ISO/IEC 42001:2023 Lead Auditor certification, and the Drata Fundamentals Certification. Combined with over 3+ years of hands-on GRC experience, she brings both credibility and practical insight to every engagement. As GRC Lead, her focus extends beyond individual projects. She takes ownership of delivery quality, contributes to the evolution of Axipro’s advisory methodology, and actively supports the development of the wider team. Her role sits at the intersection of execution and strategy—ensuring that every engagement not only meets compliance requirements but also strengthens the client’s overall security and governance posture. At her core, Abeera’s work is about more than passing audits. It’s about building confidence—within client organisations, within delivery teams, and within the systems that support them.And that’s what makes her a trusted advisor in an increasingly complex compliance landscape.

On April 19, 2026, Vercel confirmed attackers had reached parts of its internal systems. The entry point was an infostealer infection on an employee’s laptop at Context.ai, a third-party AI platform, two months earlier. From that single compromised machine, an attacker moved through Google Workspace OAuth, into a Vercel employee’s account, and then into Vercel environments where customer environment variables were stored. This is the shape of a modern supply-chain breach, and it is worth understanding in detail. What Vercel Has Confirmed Vercel published a short security bulletin on April 19, 2026, stating that unauthorized access had affected a limited subset of customers. The company engaged external incident response experts and notified law enforcement. Hours later, CEO Guillermo Rauch provided the attack chain on X: Context.ai was breached, a Vercel employee’s Google Workspace account was taken over through that breach, and the attacker then pivoted into Vercel’s internal environments. Incident responders from Mandiant were engaged alongside law enforcement, according to BleepingComputer’s reporting on the incident. Rauch stated that Next.js, Turbopack, and Vercel’s open-source projects had been audited and remained safe, a direct response to claims circulating on a cybercrime forum that framed the incident as a potential Next.js supply-chain disaster. All core services, including deployments, the edge network, and the dashboard, continued to operate normally throughout the investigation. In the days following the disclosure, Vercel also rolled out dashboard updates including an environment variable overview page and an improved UI for creating and managing sensitive variables. The number of customers directly contacted has not been published, but Vercel has described the impact as quite limited. Customers not contacted have been told there is no current evidence their credentials or personal data were compromised. The Initial Access: A Context.ai Infostealer Infection According to cybercrime intelligence researchers, the likely origin of the breach was a Lumma infostealer infection on a Context.ai employee’s machine in February 2026, a full two months before Vercel’s public disclosure. Browser artifacts from the compromised device tell a familiar story: the user had been searching for and downloading Roblox auto-farm scripts and game exploit executors, a well-documented vector for Lumma stealer deployment. The stealer would have exfiltrated browser credentials, session cookies, and OAuth tokens. Context.ai is an enterprise AI platform that builds agents on top of a customer’s institutional knowledge. To function, it integrates with Google Workspace and requests deployment-level OAuth scopes. As reported in detail by The Hacker News, once Context.ai’s credentials were in the hands of an attacker, that OAuth integration became a privileged foothold into any organization using the platform. Vercel’s investigation noted that the Context.ai OAuth app compromise potentially affected hundreds of users across many organizations, which makes the Vercel intrusion one downstream consequence of a broader supply-chain incident rather than a self-contained breach. The attacker used the compromised integration to take over a Vercel employee’s Google Workspace account. From there, they pivoted into Vercel’s environment and began enumerating environment variables. Vercel offers customers the option to mark environment variables as sensitive, which encrypts them at rest and blocks them from appearing in the dashboard UI. Variables not marked sensitive were readable, and the attacker used that enumeration to extend access further. Who Was Affected and What Was Accessed Confirmed impact is narrower than the headlines suggest. Vercel has stated that customer environment variables marked as sensitive remain encrypted at rest and show no evidence of access. The attacker did read environment variables not marked sensitive, and used those values for further escalation. Secondary reporting indicates that Vercel’s Linear and GitHub integrations bore the brunt of the attack. The attacker demonstrated detailed knowledge of Vercel’s internal systems and moved with high operational velocity, behavior that led Vercel to classify them as highly sophisticated. Whether any customer-owned repositories were accessed through these integrations has not been publicly established. Separately, a threat actor using the ShinyHunters moniker listed what they described as Vercel internal data on BreachForums for USD 2 million, claiming to offer employee accounts, deployment access, source code, database content, GitHub tokens, and npm tokens. The same actor separately communicated a USD 2 million ransom demand via Telegram. Vercel has not confirmed any of these specifics, and Rauch’s public rebuttal focused on the claim that Next.js and related OSS release paths were compromised, which Vercel says they are not. Adding a further layer of doubt, members of the actual ShinyHunters group denied involvement when contacted by BleepingComputer, suggesting the listing may be a copycat or lone-actor operation trading on the group’s reputation. Important: Treat the ShinyHunters listing as plausible but unverified. Plan your remediation against the confirmed scope, which is already broad enough to justify rotating Vercel-connected secrets, but do not quote forum claims to regulators, customers, or auditors as established fact. Indicators of Compromise Vercel published an OAuth application identifier tied to the Context.ai integration that Google Workspace administrators should search for in their own tenant: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com If that client ID appears in your Google Workspace OAuth app inventory, a Context.ai integration exists or existed within your environment. The presence of the integration is not proof your tenant was accessed, but it moves you into the population that needs closer triage. Review the OAuth grant scopes, any activity from the associated service account, and the audit logs for any user who authorized the application. Vercel has also contacted affected customers individually. If you have not received direct outreach, Vercel’s public position is that there is no present evidence your Vercel credentials were compromised. What Vercel Customers Should Do Now Rotate all non-sensitive environment variables across every Vercel project. Anything that is a secret — API keys, database credentials, signing keys, webhook secrets, third-party tokens — should be stored using the sensitive environment variable feature going forward. Rotate any such value that was stored as non-sensitive before April 19, 2026, on the assumption it may have been read. Audit your Vercel activity logs for the period of April 17 through 19, 2026. Unexpected logins, environment variable reads, integration authorizations, or administrative actions during