Vendor
ShinyHunters, and related threat actor Storm-3138, conducted campaigns between mid-2025 and mid-2026 by employing voice phishing, supply chain compromise, and misconfigured guest access to abuse trusted OAuth relationships in SaaS applications like Salesforce, leading to unauthorized access, data exfiltration, and persistence.