SaaS “trust” is the new perimeter—and the spiders know it. 🕷️
#UNC6395 is siphoning CRM data via hijacked OAuth tokens (think Salesloft/Drift integrations), while Scattered Spider (#UNC3944) speed-runs help-desk vishing → hypervisor ransomware. Retail, aviation, insurance—on the menu. 🍽️
Do this now: inventory every connected app, tighten OAuth scopes/consent, and lock resets behind phishing-resistant MFA. What’s your biggest blind spot—OAuth sprawl, password resets, or neglected hypervisors?
Read the breakdown & subscribe:
https://blog.alphahunt.io/saas-data-theft-how-unc3944-unc6040-and-unc6395-quietly-redefined-cloud-risk
#AlphaHunt #CyberSecurity #SaaS #OAuth #Ransomware