July was defined by the “SolarWinds moment for SaaS.” A breach at the sales-engagement platform SalesLoft allowed ShinyHunters to exploit OAuth integrations with Salesforce. This granted attackers access to the CRM data of hundreds of major companies, including TransUnion (4.4 million records), Google, and Workday. This cascading supply chain attack highlighted the inherent dangers of interconnected cloud ecosystems, where a single misconfigured API or stolen token can compromise the data of thousands of organizations simultaneously.