GruesomeLarch, an advanced persistent threat group, compromised several account passwords on a web service platform using credential-stuffing attacks. However, two-factor authentication prevented actual account breaches. The hackers then hacked physically nearby devices and accessed the target’s Wi-Fi network using the same credentials. The Wi-Fi network didn’t require two-factor authentication, reflecting the faulty assumption that its close proximity would protect it.
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
Identify risks, data security risks and third-party risks are all exacerbated by SaaS sprawl, highlighting the need for securing SaaS attack surface in 2025. Key
