Malicious Outlook add-in “AgreeToSteal” hijacked a deleted subdomain.

Result:
• 4,000+ accounts compromised
• Fake Microsoft login inside Outlook
• Credit cards + banking data stolen
Manifest validated once. External URL later hijacked.
Architectural gap exposed.

https://www.technadu.com/malicious-outlook-add-in-agreetosteal-compromises-4000-accounts-via-subdomain-takeover/619959/

#InfoSec #Microsoft365 #Phishing #SaaSSecurity

ShinyHunters is expanding SaaS extortion — shifting from breaches to pressure campaigns across cloud apps. When data is everywhere, leverage is too. ☁️💣 #DataExtortion #SaaSSecurity

https://www.darkreading.com/cyberattacks-data-breaches/shinyhunters-expands-scope-saas-extortion-attacks

Khách hàng liên tục đặt cùng một câu hỏi bảo mật nhưng dưới nhiều dạng khác nhau: bảng hỏi, câu hỏi con, yêu cầu chụp màn hình... Việc trả lời nhất quán trở nên cực khó và tốn thời gian. Cần chuẩn hóa câu trả lời hay ứng phó linh hoạt với từng yêu cầu kỳ lạ? #SaaSSecurity #BaoMatDoanhNghiep #KhachHang #TuDuySanXuat #SecurityCompliance #CustomerRequests #SaaSTips #DichVuCongNghe

https://www.reddit.com/r/SaaS/comments/1qof3am/customers_asking_for_the_same_answers_just_worded/

Researchers have disclosed a coordinated campaign involving malicious Chrome extensions impersonating enterprise HR and ERP platforms, including Workday and NetSuite.

The extensions demonstrated capabilities such as:
- Continuous cookie exfiltration
- Blocking of security administration pages via DOM manipulation
- Session hijacking through injected authentication states

The activity highlights persistent risks within browser extension ecosystems, especially when tools present themselves as productivity enhancers.

What detection or control mechanisms do you rely on for extension risk management?

Source: https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html

Engage in the discussion and follow @technadu for vendor-neutral cybersecurity reporting.

#InfoSec #ThreatResearch #BrowserExtensions #SaaSSecurity #AccountTakeover #TechNadu

1Password reshapes its CTO role to confront the rise of AI identity challenges

https://fed.brid.gy/r/https://nerds.xyz/2026/01/1password-reshapes-cto-role-ai/

Struggling to make your SaaS application secure enough?
Read our latest blog to know the key security features that matter the most for every SaaS application.
Discover the security essentials that can ensure robust protection and help you have the best defense strategy.

https://writeupcafe.com/must-have-security-features-for-saas-applications

#SaaSSecurity #CloudSecurity #DataProtection #SaaS #SecurityFeatures #SaaSApplications

Bảo mật API là điều không thể thương lượng: Cách bảo vệ ứng dụng SaaS của bạn vào năm 2025
Lưu ý: Xác thực, quản lý khóa API, HTTPS, xác thực đầu vào, bảo vệ dữ liệu, giám sát và cảnh báo
#BảoMậtAPI #SaaS #AnNinhMạng #CyberSecurity #APIsecurity #SaaSSecurity

https://www.reddit.com/r/SaaS/comments/1p4s8l7/api_security_is_nonnegotiable_how_to_protect_your/

Salesforce is investigating a data theft campaign tied to a compromised Gainsight integration. OAuth token theft - not a Salesforce platform flaw - enabled unauthorized access to certain customer environments.

ShinyHunters claim “almost 1,000” victim organizations and additional access to hundreds of Salesforce instances linked to the earlier Salesloft Drift incident.

Full details:
https://www.technadu.com/salesforce-data-stolen-via-third-party-gainsight-shinyhunters-claim-breach-announce-almost-1000-victims/614158/

Follow us for more SaaS ecosystem security updates.

#CyberSecurity #Salesforce #OAuth #SaaSSecurity #ShinyHunters

Bharat-Built Matters.AI Introduces Autonomous AI Security Engineer with ₹55 Crore Funding

#NewsUpturn #MattersAI #AIsecurity #DataProtection #Cybersecurity #KalaariCapital #EndiyaPartners #BetterCapital #CaryaVenturePartners #StartupFunding #BharatInnovation #DeepTech #AInative #DataPrivacy #DPDPAct #AutonomousSecurity #GenAI #AIEngineer #DataSecurity #SaaSSecurity #CloudSecurity #InsiderRisk #DLP #DSPM #IndianStartups #TechFunding

https://newsupturn.com/matters-ai/

Matters.AI Raises ₹55 Crore Co-Led by Kalaari & Endiya to Launch Bharat’s AI Security Engineer

#TycoonWorld #MattersAI #AIsecurity #DataProtection #Cybersecurity #KalaariCapital #EndiyaPartners #BetterCapital #CaryaVenturePartners #StartupFunding #BharatInnovation #DeepTech #AInative #DataPrivacy #DPDPAct #AutonomousSecurity #GenAI #AIEngineer #DataSecurity #SaaSSecurity #CloudSecurity #InsiderRisk #DLP #DSPM

https://tycoonworld.in/matters-ai/