Zero trust, Threat Management

New AppOmni Tool Protects Against Threats Like ShinyHunters

Abstract illustration of cloud security services, stylized cloud icon integrated with a secure padlock symbol, representing data protection and cybersecurity in cloud computing environments.

SaaS security specialist AppOmni is introducing a zero trust feature that’s aimed at addressing cyberattacks like the recent data breaches exploiting SAP vulnerabilities.

This week, the San Mateo, California-based company unveiled Zero Trust Bridge, a tool designed to bolster zero trust network access (ZTNA) capabilities by quickly communicating risk and threat activity throughout the SaaS security stack and accelerating response times.

It closes a gap in SaaS application security. Zero trust technology requires every user or application to be verified and authenticated before network access is granted. According to AppOmni co-founder and CTO Brian Soby, zero trust needs every system to alert about risks in real time, and ZTNA does verify every connection.

However, most architectures “go quiet” after users gain access into SaaS, Soby wrote in a blog post.

“That silence is costly,” he wrote. “Recent activity affecting Salesforce customers attributed to UNC6040 and ShinyHunters has clearly demonstrated this threat.”

The ShinyHunters Threat

ShinyHunters, also known as UNC6040, has targeted a range of high-profile companies, such as Chanel, Pandora, Adidas, Qantas, and most recently Workday via attacks on Salesforce, in recent months.

The data breaches come after a "year of inactivity” by ShinyHunters, according to researchers with cybersecurity firm ReliaQuest, who added that they have "identified a coordinated set of ticket-themed phishing domains and Salesforce credential harvesting pages, likely created for similar campaigns.”

"What’s particularly intriguing about this campaign is not only its scale and impact, but its resemblance to previous operations attributed to the ‘Scattered Spider’ hacking collective,” they wrote in a blog post this month. "These similarities raise compelling questions about whether the groups are collaborating or sharing tactics and resources – a connection that could reshape how we view these adversarial groups.”

AppOmni’s Zero Trust Bridge is designed to counter attacks launched by ShinyHunters and other threats, AppOmni’s Soby wrote. Most SaaS applications can’t easily share risk or user activity and without a way to communicate real-time signals, zero trust policies can’t adapt fast enough to prevent such breaches, he wrote.

SSF Can Help, If Supported

That said, the Shared Signals Framework (SSF), a standard developed by the OpenID Foundation, addresses this by enabling SaaS platforms to send risk and user activity updates to security points.

“Yet many of these platforms do not natively support the Shared Signals Framework or user risk exchanges like CAEP (Continuous Access Evaluation Protocol) and RISC (Risk Incident Sharing and Coordination).” Soby wrote. "Even when telemetry exists, it is rarely packaged into a signal that an authorization system can consume instantly.”

Instead, it needs to be derived from configuration changes and correlated behaviors, creating what he called a “broken feedback loop between what happens inside SaaS and the controls that should react to it.”

Faster Response to Threats

Zero Trust Bridge gathers SaaS applications into a closed-loop architecture without waiting for them to implement SSF. This enables adaptive and dynamic policy enforcement throughout an organization’s controls.

“AppOmni already provides posture controls and threat detection mechanisms to protect and detect TTPs used by UNC6040 and ShinyHunters,” Zoby wrote, adding that Zero Trust Bridge augments defenses by informing other Zero Trust components in an environment. "In a nutshell, Zero Trust Bridge monitors updates across source applications and translates them into messages using application context. It then sends those messages to authorization systems that can take real actions like step-up, reauthorize, or revoke.”

MSSPs that continue to evolve from being technology providers for their customers to strategic security advisers, will also be able to leverage the Zero Trust Bridge. AppOmni counts a number of MSSPs among its channel partners, including GuidePoint Security, Optiv, Stratascale, and Trace3.

SaaS Attacks on the Rise

This comes at a time when organizations are increasingly adopting hybrid cloud environments, making SaaS applications as core targets for threat actors. In an IDC report, analysts highlight that SaaS will be the largest cloud computing category in 2025. It also will account for more than 40% of public cloud spending, which will reach $805 billion this year and double by 2028.

This is supported by AppOmni's State of SaaS Security 2025 Report released in July, where researchers noted a rise in SaaS security incidents and the need to improve protections, with CEO Brendan O’Connor saying in a statement that the industry needs “a fundamental shift from ad hoc, reactive processes to a mature, disciplined approach built on continuous monitoring and clear ownership.”

The report found that 75% of organizations were hit with a SaaS-related security incident in the past year, a 33% increase over the previous period. In addition, 91% of of the more than 800 survey respondents said they were confidence in their SaaS security posture, even as three-quarters experienced a SaaS security incident.

“The data shows a concerning ‘illusion of control,’ where the vast majority of security leaders feel confident in their SaaS security posture, even as a huge number of them are dealing with SaaS-related incidents,” O’Connor said. “Today’s SaaS risks are not theoretical – they’re real, and they’re impacting businesses now. The key lesson for enterprises is that visibility alone is not security, and trust in SaaS vendors is not a strategy.”

Jeffrey Burt

Jeffrey Burt has been a journalist for almost 40 years, moving from general-circulation newspapers to IT news sites in 2000. He’s an expert analyst and writer on cybersecurity, data center infrastructure, AI, and a host of other subjects for a range of organizations, including CyberRisk Alliance, eWEEK, Techstrong Group, The Next Platform, and The Register.

You can skip this ad in 5 seconds