Threats Tagged 'supply chain compromise'
View all threats tagged with 'supply chain compromise'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'supply chain compromise'
Click on any threat for detailed analysis and mitigation recommendations
Defending SaaS-based applications against ShinyHunters OAuth abuse 0 Between mid-2025 and mid-2026, threat actors using tradecraft associated with ShinyHunters targeted customer SaaS applications, particularly Salesforce instances, through three primary intrusion paths. Voice phishing campaigns impersonated IT support to trick employees into authorizing malicious OAuth applications. Supply chain compromises leveraged trusted integrations including Salesloft, Gainsight, and Klue to obtain OAuth tokens for downstream customer access. Misconfigured guest access enabled exploitation of Aura framework functionality for unauthorized data queries. These techniques abused legitimate OAuth relationships to inherit user and application privileges, enabling enumeration and exfiltration of CRM data while evading authentication detections. The campaigns targeted multiple industries including retail, education, and manufacturing, highlighting risks in OAuth-connected applications and third-party integrations. Join the discussion | AlienVault OTX General | 07/14/2026, 02:38:48 UTC Added: 07/14/2026, 08:47:36 UTC |
Showing 1 to 1 of 1 result