{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/saas/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-1731"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["saas","phishing","ransomware","medusa"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThis threat brief highlights two significant attack vectors observed by Cisco Talos. First, threat actors are exploiting legitimate SaaS notification pipelines (e.g., GitHub, Jira) to deliver phishing and spam, bypassing traditional email security measures by using a \u0026ldquo;Platform-as-a-Proxy\u0026rdquo; (PaaP) technique. This abuses the implicit trust placed in system-generated notifications from trusted enterprise tools, primarily targeting credential harvesting. Second, the Storm-1175 group is actively deploying Medusa ransomware, rapidly exploiting n-day vulnerabilities, including CVE-2026-1731, a critical remote code execution flaw in BeyondTrust Remote Support and older versions of BeyondTrust Privileged Remote Access. Defenders must adapt to these evolving tactics, as they bypass standard perimeter defenses and require more nuanced detection strategies.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker compromises a legitimate SaaS account (e.g., GitHub, Jira) or creates a malicious project.\u003c/li\u003e\n\u003cli\u003eAttacker configures the SaaS platform to send notifications (e.g., project updates, issue assignments).\u003c/li\u003e\n\u003cli\u003eThe SaaS platform generates an email notification, appearing to originate from a trusted source.\u003c/li\u003e\n\u003cli\u003eThe email bypasses traditional email security checks (SPF, DKIM, DMARC) due to its legitimate source.\u003c/li\u003e\n\u003cli\u003eThe email contains a malicious link or attachment designed to harvest credentials or deliver malware.\u003c/li\u003e\n\u003cli\u003eThe user clicks the link, leading to a phishing page or malware download.\u003c/li\u003e\n\u003cli\u003eIf the user enters credentials, the attacker gains access to their account.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised account for further malicious activities or lateral movement.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of SaaS notification pipelines can lead to widespread credential compromise, potentially affecting numerous users within an organization. The \u0026ldquo;automation fatigue\u0026rdquo; associated with these notifications increases the likelihood of users falling victim to phishing attacks. Regarding Medusa ransomware, organizations face data encryption, system downtime, and potential financial losses from ransom demands, as Storm-1175 rapidly exploits vulnerabilities like CVE-2026-1731. The impact includes significant disruption to business operations and potential data breaches.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIngest SaaS API logs into your SIEM to detect anomalous activities, such as suspicious project creation or mass invitations (see Overview).\u003c/li\u003e\n\u003cli\u003eImplement instance-level verification and cross-reference notifications against internal SaaS directories to detect PaaP attacks (see Overview).\u003c/li\u003e\n\u003cli\u003eApply semantic intent analysis to identify notifications that deviate from a platform\u0026rsquo;s established functional baseline (see Overview).\u003c/li\u003e\n\u003cli\u003ePatch CVE-2026-1731 on all BeyondTrust Remote Support instances immediately to prevent Medusa ransomware deployment (see Overview).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect Coinminer malware via SHA256 hash (see Rules).\u003c/li\u003e\n\u003cli\u003eMonitor network connections for VID001.exe to identify potential Coinminer infections (see IOCs).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T18:00:20Z","date_published":"2026-04-09T18:00:20Z","id":"/briefs/2026-04-saas-phishing/","summary":"Threat actors are weaponizing legitimate SaaS notification pipelines to deliver phishing and spam emails, bypassing traditional email authentication protocols, and Storm-1175 is exploiting CVE-2026-1731 to deploy Medusa ransomware.","title":"SaaS Notification Pipeline Phishing and Medusa Ransomware Exploitation","url":"https://feed.craftedsignal.io/briefs/2026-04-saas-phishing/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["AI","AI-Security","Shadow-AI","Endpoint-Security","SaaS","Cloud"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCrowdStrike is addressing the emerging threat landscape created by the rapid adoption of AI tools and agents within organizations. The increasing use of personal AI agents, particularly on developer machines, introduces new attack vectors such as \u0026ldquo;living off the AI land\u0026rdquo; (LOTAIL) exploits, indirect prompt injection, and agentic tool chain attacks. The rise of shadow AI, where employees adopt AI tools without oversight, exacerbates the issue. CrowdStrike\u0026rsquo;s new innovations extend AI Detection and Response (AIDR) capabilities to cover desktop AI applications (ChatGPT, Gemini, Claude, DeepSeek, Microsoft Copilot, O365 Copilot, GitHub Copilot, and Cursor) and expand platform capabilities to secure AI workforce adoption and development across endpoints, SaaS environments, and cloud environments. Falcon AIDR will leverage the Falcon sensor to enable deployment of the Falcon AIDR browser extension from the Falcon console and obtain desktop application telemetry via the sensor\u0026rsquo;s container network interface capability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access (via AI Agent):\u003c/strong\u003e An attacker gains initial access by compromising an AI agent running on an endpoint, potentially through prompt injection or other vulnerabilities in the agent\u0026rsquo;s design.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation:\u003c/strong\u003e The attacker leverages the compromised AI agent\u0026rsquo;s existing system permissions, which may be elevated, to gain further access to the system. AI agents often have high privileges to execute terminal commands, browse the web, and interact with files.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLiving off the AI Land (LOTAIL):\u003c/strong\u003e The attacker uses the compromised AI agent to perform malicious actions that appear as legitimate user behavior, such as executing terminal commands, browsing websites, or interacting with files.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement:\u003c/strong\u003e The attacker utilizes the AI agent\u0026rsquo;s network connectivity to discover and access other systems within the network, including LLM runtimes, MCP servers, and IDE extensions.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Exfiltration:\u003c/strong\u003e The attacker uses the AI agent to exfiltrate sensitive data from the compromised systems, such as source code, credentials, or other confidential information.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply Chain Compromise:\u003c/strong\u003e The attacker uses access to development environments via compromised AI tools to introduce malicious code into the software supply chain.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePolicy Violation:\u003c/strong\u003e The attacker manipulates the AI agent to violate content policies or access control rules, potentially leading to unauthorized access to sensitive data or systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful attacks targeting AI agents and shadow AI can lead to significant data breaches, intellectual property theft, and supply chain compromises. The lack of visibility and governance over AI deployments creates a growing attack surface that traditional security controls are ill-equipped to handle. Compromised AI agents can be used to perform a wide range of malicious activities, including data exfiltration, lateral movement, and the introduction of malicious code into the software supply chain. The impact can range from financial losses and reputational damage to the compromise of critical infrastructure and sensitive government systems.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;AI Desktop Application Usage Detected\u0026rdquo; to identify and monitor the use of AI desktop applications such as ChatGPT, Gemini, and others within your environment. This rule uses \u003ccode\u003eprocess_creation\u003c/code\u003e logs to detect the execution of these applications (see rule below).\u003c/li\u003e\n\u003cli\u003eEnable and configure AI Discovery in CrowdStrike Falcon Exposure Management to gain visibility into AI-related components running across endpoints, including AI apps, LLM runtimes, MCP servers, and IDE extensions. This leverages \u003ccode\u003eFalcon for IT\u003c/code\u003e telemetry as described in the overview.\u003c/li\u003e\n\u003cli\u003eImplement Falcon AIDR policies to monitor and protect agents built in Microsoft Copilot Studio against prompt injection attacks, data leaks, and policy violations.\u003c/li\u003e\n\u003cli\u003eReview and update access control policies for AI agents to minimize the potential impact of a compromise, focusing on the principle of least privilege.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-28T21:52:45Z","date_published":"2026-03-28T21:52:45Z","id":"/briefs/2026-03-shadow-ai-governance/","summary":"CrowdStrike is introducing innovations to secure AI agents and govern shadow AI across endpoints, SaaS, and cloud environments by extending AI detection and response (AIDR) capabilities to cover desktop AI applications and provide visibility into AI-related components, helping to prevent prompt attacks, data leaks, and policy violations.","title":"CrowdStrike Innovations Secure AI Agents and Govern Shadow AI","url":"https://feed.craftedsignal.io/briefs/2026-03-shadow-ai-governance/"},{"_cs_actors":["Scattered Spider","UNC3944","Octo Tempest","Roasted 0ktapus","Muddled Libra","Star Fraud","UNC6201","Salt Typhoon","GhostEmperor","FamousSparrow","UNC5807"],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["threat-report","ransomware","phishing","saas"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eThe Mandiant M-Trends 2026 report analyzes over 500,000 hours of incident investigations, revealing significant shifts in the cyber threat landscape. Cybercriminal groups are optimizing for immediate impact and recovery denial, while cyber espionage groups and insider threats prioritize extreme persistence, leveraging unmonitored edge devices and native network functionalities to evade detection. Voice phishing has surged, replacing email as a primary initial access vector, particularly targeting SaaS environments. The time between initial access and the hand-off to secondary actors deploying ransomware has collapsed dramatically. Targeted industries include the high-tech sector (17%) and the financial sector (14.6%). Ransomware groups are now actively targeting backup infrastructure, identity services, and virtualization management planes to ensure recovery is impossible without paying a ransom. Espionage groups are exploiting zero-day vulnerabilities in edge devices for long-term persistence.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access:\u003c/strong\u003e Attackers use voice phishing (vishing) to target IT help desks, bypassing MFA and gaining initial access to SaaS environments. Malicious advertisements or the ClickFix social engineering technique are also used to gain a foothold.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation:\u003c/strong\u003e Exploitation of misconfigured Active Directory Certificate Services templates to create admin accounts that bypass password rotation.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCredential Access:\u003c/strong\u003e Harvesting long-lived OAuth tokens and session cookies to bypass standard defenses. Stealing hard-coded keys and personal access tokens from compromised third-party SaaS vendors. Leveraging native packet-capturing functionality on network appliances to intercept sensitive data and plaintext credentials.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement:\u003c/strong\u003e Using stolen credentials and tokens to pivot into downstream customer environments. Exploiting the \u0026ldquo;Tier-0\u0026rdquo; nature of hypervisors to bypass guest-level defenses.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDefense Evasion:\u003c/strong\u003e Deploying custom, in-memory malware like BRICKSTORM directly onto network appliances to establish deep persistence that survives standard remediation efforts. Targeting edge and core network devices lacking EDR telemetry.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact:\u003c/strong\u003e Encrypting hypervisor datastores to render all associated virtual machines inoperable simultaneously. Deleting backup objects from cloud storage.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExfiltration:\u003c/strong\u003e Large-scale data theft from SaaS environments.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eM-Trends 2026 highlights that ransomware groups are actively destroying the ability to recover data, impacting organizations across more than 16 industry verticals. The high-tech and financial sectors are particularly targeted. The collapse of the hand-off window from hours to seconds means organizations have less time to respond to initial intrusions before ransomware is deployed. The increasing dwell time of threats like BRICKSTORM, reaching nearly 400 days, leaves organizations blind to the full scope of the intrusion due to standard log retention policies.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule for detecting PowerShell commands from uncommon locations to identify potential malicious activity related to post-compromise actions (reference: Sigma rule \u0026ldquo;Detect PowerShell from Uncommon Location\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eImplement network monitoring on edge devices and VPNs to detect unauthorized packet capturing and credential interception attempts (reference: overview section about edge devices).\u003c/li\u003e\n\u003cli\u003eReview and harden Active Directory Certificate Services configurations to prevent the exploitation of misconfigured templates (reference: attack chain step 2).\u003c/li\u003e\n\u003cli\u003eMonitor for modifications to cloud storage backup objects, especially deletion attempts, to detect ransomware groups attempting to destroy recovery capabilities (reference: attack chain step 6).\u003c/li\u003e\n\u003cli\u003eIncrease log retention policies beyond 90 days to improve visibility into long-term persistent threats like BRICKSTORM (reference: Overview section).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-25T10:45:30Z","date_published":"2026-03-25T10:45:30Z","id":"/briefs/2026-06-mtrends-2026/","summary":"The M-Trends 2026 report highlights the increasing sophistication of threat actors, including voice phishing attacks targeting SaaS environments, ransomware groups actively destroying recovery capabilities, and espionage groups exploiting edge devices for persistent access, revealing a shift towards faster hand-offs between initial access brokers and ransomware deployers.","title":"M-Trends 2026: Evolving Threat Landscape","url":"https://feed.craftedsignal.io/briefs/2026-06-mtrends-2026/"}],"language":"en","title":"CraftedSignal Threat Feed — Saas","version":"https://jsonfeed.org/version/1.1"}