FILTERING BY: CLEAR FILTER

Canvas: Post-Compromise Persistence and Secondary Risks in SaaS Beta Environments

The exploitation of the Canvas Data 2 Beta environment by the threat actor ShinyHunters marks a critical shift in SaaS-focused attacks. By leveraging over-privileged administrative service accounts and exploiting the gap between production and beta security controls, attackers bypassed traditional perimeter defenses. This breach resulted in the mass exfiltration of student and faculty PII, creating systemic risks through session token hijacking and the emergence of a secondary dark web market for educational data. The incident highlights a fundamental failure in least-privilege enforcement within non-production environments, facilitating long-term persistence and significant regulatory exposure under FERPA and GDPR.

Zapocalypse: Multi-Stage Account Takeover Exploit in Zapier

The "Zapocalypse" exploit is a critical privilege escalation chain targeting Zapier’s "Code by Zapier" Python execution feature. Threat actors leverage the intended functionality of the Python sandboxed environment to abuse platform primitives, allowing them to escape the restricted execution context and achieve full Account Takeover (ATO). This logic-based exploit enables attackers to hijack user sessions and subsequently compromise every third-party SaaS application integrated via API into the affected Zapier account. Zapier has since deployed a patch to remediate the vulnerability.


LINK COPIED TO CLIPBOARD