Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'saas security'

View all threats tagged with 'saas security'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: saas security

Threats Tagged 'saas security'

Click on any threat for detailed analysis and mitigation recommendations

Defending SaaS-based applications against ShinyHunters OAuth abuse
0

Between mid-2025 and mid-2026, threat actors using tradecraft associated with ShinyHunters targeted customer SaaS applications, particularly Salesforce instances, through three primary intrusion paths. Voice phishing campaigns impersonated IT support to trick employees into authorizing malicious OAuth applications. Supply chain compromises leveraged trusted integrations including Salesloft, Gainsight, and Klue to obtain OAuth tokens for downstream customer access. Misconfigured guest access enabled exploitation of Aura framework functionality for unauthorized data queries. These techniques abused legitimate OAuth relationships to inherit user and application privileges, enabling enumeration and exfiltration of CRM data while evading authentication detections. The campaigns targeted multiple industries including retail, education, and manufacturing, highlighting risks in OAuth-connected applications and third-party integrations.

Join the discussion

Showing 1 to 1 of 1 result

Filters:Tag: saas security
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses