ShinyHunters Abusing OAuth to Compromise SaaS Apps
Executive Summary On 13 July 2026, Microsoft researchers published details of a ShinyHunters campaign active between mid-2025 and mid-2026 targeting customer SaaS-based applications, especially Salesforce instances, through voice phishing (vishing), supply chain compromise, and misconfigured guest access. The threat actors abused trusted OAuth relationships for unauthorized access, data exfiltration, and persistence. ShinyHunters has demonstrated a consistent pattern…
Read More