
Microsoft Warns ShinyHunters Abuse OAuth Tokens to Maintain Persistent Salesforce Access
Microsoft has warned that threat actors using tradecraft linked to the ShinyHunters extortion group are abusing trusted OAuth relationships to gain persistent access to Salesforce environments, steal CRM data, and evade traditional sign-in detections. The campaigns, observed from mid-202520252025 through mid-202620262026, affected organizations in retail, education, manufacturing, and other sectors. Microsoft said the activity did […]
The post Microsoft Warns ShinyHunters Abuse OAuth Tokens to Maintain Persistent Salesforce Access appeared first on Cyber Security News.