Missteps like weak MFA enforcement, legacy auth, and excess admin access can open the door to attackers. Here's how to fix them before they’re exploited.
Missteps like weak MFA enforcement, legacy auth, and excess admin access can open the door to attackers. Here's how to fix them before they’re exploited.
Security researchers from Google and Citizen Lab have identified a sophisticated phishing campaign that targets prominent academics and critics of Russia.
Security researchers from Google and Citizen Lab have identified a sophisticated phishing campaign that targets prominent academics and critics of Russia.
Asana identified a data exposure bug within its Model Context Protocol (MCP) server on June 4, 2025.
Asana identified a data exposure bug within its Model Context Protocol (MCP) server on June 4, 2025.
Proofpoint researchers have identified an ongoing and active account takeover (ATO) campaign active since December 2024.
Proofpoint researchers have identified an ongoing and active account takeover (ATO) campaign active since December 2024.
Google Threat Intelligence Group has identified a financially motivated threat actor conducting voice phishing campaigns aimed at breaching Salesforce instances.
Google Threat Intelligence Group has identified a financially motivated threat actor conducting voice phishing campaigns aimed at breaching Salesforce instances.
As HIPAA modernizes its standards for a SaaS & AI-powered world, healthcare organizations require new approaches to safeguarding access to sensitive data.
As HIPAA modernizes its standards for a SaaS & AI-powered world, healthcare organizations require new approaches to safeguarding access to sensitive data.
Since February 2024, an unknown threat actor has seeded 100+ malicious Google Chrome extensions that masquerade as legitimate tools.
Since February 2024, an unknown threat actor has seeded 100+ malicious Google Chrome extensions that masquerade as legitimate tools.
CISA issued an alert on May 22 warning that threat actors had compromised Commvault's Azure-hosted Metallic SaaS backup platform.
CISA issued an alert on May 22 warning that threat actors had compromised Commvault's Azure-hosted Metallic SaaS backup platform.
Microsoft is rolling out a new feature in June 2025 that encourages enterprise users signed into their corporate OneDrive on Windows devices to also sign into their personal OneDrive accounts.
Microsoft is rolling out a new feature in June 2025 that encourages enterprise users signed into their corporate OneDrive on Windows devices to also sign into their personal OneDrive accounts.
A practitioner's guide to running an AI risk assessment in order to safeguard organizational data and reputation.
A practitioner's guide to running an AI risk assessment in order to safeguard organizational data and reputation.
A recent analysis by Cyera uncovered unexpected behavior within Snowflake’s Cortex AI Search Service, a powerful tool for AI-driven search and retrieval.
A recent analysis by Cyera uncovered unexpected behavior within Snowflake’s Cortex AI Search Service, a powerful tool for AI-driven search and retrieval.
This year's report findings cast a stark light on an increasingly vulnerable SaaS attack surface.
This year's report findings cast a stark light on an increasingly vulnerable SaaS attack surface.
With RSA around the corner and Black Hat following soon, we set out to find out if security practitioners still find value in these “mega” conferences.
With RSA around the corner and Black Hat following soon, we set out to find out if security practitioners still find value in these “mega” conferences.
On March 14, 2025, attackers compromised a popular GitHub action, injecting malicious code to expose sensitive CI/CD secrets within workflow logs.
On March 14, 2025, attackers compromised a popular GitHub action, injecting malicious code to expose sensitive CI/CD secrets within workflow logs.
On March 20, 2025, global hacking group HellCat launched a widespread ransomware attack specifically targeting Jira servers.
On March 20, 2025, global hacking group HellCat launched a widespread ransomware attack specifically targeting Jira servers.
Within six months, KarmaCheck recovered 150% of its annual investment in Nudge Security.
Within six months, KarmaCheck recovered 150% of its annual investment in Nudge Security.
A widespread phishing campaign has recently targeted nearly 12,000 GitHub repositories with fake “Security Alert” issues.
A widespread phishing campaign has recently targeted nearly 12,000 GitHub repositories with fake “Security Alert” issues.
Microsoft Threat Intelligence revealed that Silk Typhoon is exploiting stolen API keys, OAuth credentials, and PAM credentials in supply chain attacks.
Microsoft Threat Intelligence revealed that Silk Typhoon is exploiting stolen API keys, OAuth credentials, and PAM credentials in supply chain attacks.
On February 27, 2025, security researchers revealed that LLMs were trained on datasets containing approximately 12,000 live API keys and passwords.
On February 27, 2025, security researchers revealed that LLMs were trained on datasets containing approximately 12,000 live API keys and passwords.
On February 27, 2025, security researchers from cybersecurity company Lasso discovered a serious data exposure issue involving Microsoft's Copilot.
On February 27, 2025, security researchers from cybersecurity company Lasso discovered a serious data exposure issue involving Microsoft's Copilot.
The swift success of DeepSeek comes with pressing concerns about data security, regulatory compliance, and the hidden risks of shadow AI.
The swift success of DeepSeek comes with pressing concerns about data security, regulatory compliance, and the hidden risks of shadow AI.
Please enjoy our reflections on the big moments, releases, breaches, and outages that defined the year in cybersecurity.
Please enjoy our reflections on the big moments, releases, breaches, and outages that defined the year in cybersecurity.
Proactively find and fix misconfigurations in Okta, Google Workspace, and Microsoft 365 with our new SSPM capabilities.
Proactively find and fix misconfigurations in Okta, Google Workspace, and Microsoft 365 with our new SSPM capabilities.
LastPass has reported a social engineering campaign using fake reviews on the Chrome Web Store.
LastPass has reported a social engineering campaign using fake reviews on the Chrome Web Store.
On October 30, 2024, a security flaw was detected in Okta’s AD/LDAP Delegated Authentication (DelAuth) service.
On October 30, 2024, a security flaw was detected in Okta’s AD/LDAP Delegated Authentication (DelAuth) service.
To celebrate our second birthday, we're reflecting on our journey—and all the new features we've added to help customers scale SaaS security and governance.
To celebrate our second birthday, we're reflecting on our journey—and all the new features we've added to help customers scale SaaS security and governance.
Attackers have been utilizing DocuSign’s SaaS platform to deliver phishing campaigns that are able to bypass email security checks.
Attackers have been utilizing DocuSign’s SaaS platform to deliver phishing campaigns that are able to bypass email security checks.
Midnight Blizzard has been actively targeting organizations across various sectors since at least 2021.
Midnight Blizzard has been actively targeting organizations across various sectors since at least 2021.
Threat actors are leveraging fake Google Ads linked to deceptive websites that mimic legitimate download pages.
Threat actors are leveraging fake Google Ads linked to deceptive websites that mimic legitimate download pages.
Read a summary of the vulnerability, how it could be exploited, and what to look for to understand if your organization could have been impacted.
Read a summary of the vulnerability, how it could be exploited, and what to look for to understand if your organization could have been impacted.
With Nudge Security, GLAAD eliminates 1000+ hours of manual work every year in protecting critical SaaS identities and data.
With Nudge Security, GLAAD eliminates 1000+ hours of manual work every year in protecting critical SaaS identities and data.
Learn how we can help you identify and remediate security risks across your Google Workspace and Microsoft 365 environments.
Learn how we can help you identify and remediate security risks across your Google Workspace and Microsoft 365 environments.
Connecting Google Drive to ChatGPT grants extensive permissions, posing risks. Here's how to track activity within Google Workspace, or with Nudge Security.
Connecting Google Drive to ChatGPT grants extensive permissions, posing risks. Here's how to track activity within Google Workspace, or with Nudge Security.
While the convenience of integration can boost productivity, the cybersecurity risks can be significant.
While the convenience of integration can boost productivity, the cybersecurity risks can be significant.
With Nudge Security, Stravito was able to expand its SaaS security program while cutting costs and improving employee engagement.
With Nudge Security, Stravito was able to expand its SaaS security program while cutting costs and improving employee engagement.
An active threat campaign targeting Snowflake customers underscores an all-too-common attack pattern of exploiting users’ cloud and SaaS identities and gaps in MFA coverage.
An active threat campaign targeting Snowflake customers underscores an all-too-common attack pattern of exploiting users’ cloud and SaaS identities and gaps in MFA coverage.
With Nudge Security, gridX was able to discover and inventory its cloud and SaaS applications, allowing them to ditch their spreadsheet and easily prepare for compliance certifications.
With Nudge Security, gridX was able to discover and inventory its cloud and SaaS applications, allowing them to ditch their spreadsheet and easily prepare for compliance certifications.
A conversation about data and identity with Steve Zalewski, former CISO of Levi Strauss and a seasoned security advisor.
A conversation about data and identity with Steve Zalewski, former CISO of Levi Strauss and a seasoned security advisor.
With Nudge Security, you can automatically nudge users to delete accounts for dating apps or other non-work categories as soon as they are created—no awkward conversations necessary.
With Nudge Security, you can automatically nudge users to delete accounts for dating apps or other non-work categories as soon as they are created—no awkward conversations necessary.
Tune in to Nudge Newsday Tuesday to see what’s new in our product and how these innovations can help you save time and improve SaaS security and governance.
Tune in to Nudge Newsday Tuesday to see what’s new in our product and how these innovations can help you save time and improve SaaS security and governance.
We've got cocktails, we've got elixirs, we've got sweets and sides. Here are a few of our favorite things to whip up for the holidays.
We've got cocktails, we've got elixirs, we've got sweets and sides. Here are a few of our favorite things to whip up for the holidays.
To celebrate the first anniversary of our initial product launch, we're reflecting on our journey so far and announcing a special offer for new customers who sign up before the end of 2023.
To celebrate the first anniversary of our initial product launch, we're reflecting on our journey so far and announcing a special offer for new customers who sign up before the end of 2023.
Nudge Security CEO Russ Spitler welcomes Ira Winkler, CISO of CYE Security, to discuss principles for designing a security program that engages employees.
Nudge Security CEO Russ Spitler welcomes Ira Winkler, CISO of CYE Security, to discuss principles for designing a security program that engages employees.
Watch our webcast to learn the fundamentals of OAuth risk management using Nudge Security.
Watch our webcast to learn the fundamentals of OAuth risk management using Nudge Security.
Nudge Security CEO Russ Spitler welcomes Malcolm Harkins to discuss the balance of risk vs. friction that must be considered when designing a security program.
Nudge Security CEO Russ Spitler welcomes Malcolm Harkins to discuss the balance of risk vs. friction that must be considered when designing a security program.
.avif)
Nudge Security CEO Russ Spitler welcomes Tony Simone to discuss how Incident Response has changed with widespread SaaS adoption and SaaS-to-SaaS integrations.
Nudge Security CEO Russ Spitler welcomes Tony Simone to discuss how Incident Response has changed with widespread SaaS adoption and SaaS-to-SaaS integrations.
.avif)
Nudge Security CEO Russ Spitler welcomes Kunal Anand to discuss the challenges IT and security practitioners face trying to secure their SaaS ecosystem.
Nudge Security CEO Russ Spitler welcomes Kunal Anand to discuss the challenges IT and security practitioners face trying to secure their SaaS ecosystem.
.avif)
Watch our product demo to learn how Nudge Security helps you manage AI risk effectively and at scale.
Watch our product demo to learn how Nudge Security helps you manage AI risk effectively and at scale.
Nudge Security CEO Russ Spitler welcomes Dave Anderson to discuss how IT offboarding has changed with the explosion of SaaS and cloud applications.
Nudge Security CEO Russ Spitler welcomes Dave Anderson to discuss how IT offboarding has changed with the explosion of SaaS and cloud applications.
In the age of SaaS, the old IT offboarding playbook of “disable AD account, forward email, recover and wipe device, and call it a day” is no longer enough.
In the age of SaaS, the old IT offboarding playbook of “disable AD account, forward email, recover and wipe device, and call it a day” is no longer enough.
Watch our product demo and see how Nudge Security's new playbook reduces employee offboarding time by 90%.
Watch our product demo and see how Nudge Security's new playbook reduces employee offboarding time by 90%.
Nudge Security CEO Russ Spitler welcomes Ed Amoroso to discuss how the modern attack surface has changed with the explosion of SaaS adoption.
Nudge Security CEO Russ Spitler welcomes Ed Amoroso to discuss how the modern attack surface has changed with the explosion of SaaS adoption.
Watch our demo webcast and see how Nudge Security gives you instant visibility into all SaaS and cloud accounts ever created.
Watch our demo webcast and see how Nudge Security gives you instant visibility into all SaaS and cloud accounts ever created.
How big is the SaaS attack surface, really? We analyzed data from our own install base to understand the current state of the SaaS attack surface.
How big is the SaaS attack surface, really? We analyzed data from our own install base to understand the current state of the SaaS attack surface.
Watch our product demo and learn how to proactively discover, monitor, and secure your SaaS footprint with Nudge Security.
Watch our product demo and learn how to proactively discover, monitor, and secure your SaaS footprint with Nudge Security.
Watch our product demo to learn everything you need to know about Nudge Security in 30 minutes.
Watch our product demo to learn everything you need to know about Nudge Security in 30 minutes.
In a world of distributed teams, the tools of the past simply can’t find shadow IT.
In a world of distributed teams, the tools of the past simply can’t find shadow IT.
Did the latest SaaS security incidents affect you or your supply chain? Are you sure?
Did the latest SaaS security incidents affect you or your supply chain? Are you sure?
In a world of remote teams and freemium offers, the tools of the past can’t curb SaaS sprawl.
In a world of remote teams and freemium offers, the tools of the past can’t curb SaaS sprawl.
Here’s what we’re drinking this holiday season to celebrate a stellar first year at Nudge Security.
Here’s what we’re drinking this holiday season to celebrate a stellar first year at Nudge Security.
That’s a wrap on Year One at Nudge Security. Here’s a look back at the highlights of our first year.
That’s a wrap on Year One at Nudge Security. Here’s a look back at the highlights of our first year.
Watch Dr. Aaron C. Kay and Nudge Security CEO Russell Spitler as they present new research.
Watch Dr. Aaron C. Kay and Nudge Security CEO Russell Spitler as they present new research.
Our research report explores the influence of employees’ perception and emotions on security behaviors.
Our research report explores the influence of employees’ perception and emotions on security behaviors.
An interview with Castra’s Grant Leonard on how to prepare for the future of SaaS security.
An interview with Castra’s Grant Leonard on how to prepare for the future of SaaS security.
Nudge Security is now generally available with a free 14-day trial. Here’s a primer on what we built, why we built it, and why you should give it a whirl.
Nudge Security is now generally available with a free 14-day trial. Here’s a primer on what we built, why we built it, and why you should give it a whirl.
We are excited to announce that we recently completed our SOC 2 Type 1 attestation report.
We are excited to announce that we recently completed our SOC 2 Type 1 attestation report.
We think the industry needs to do much, much more to address the human element of cybersecurity. This is the story of why we founded Nudge Security.
We think the industry needs to do much, much more to address the human element of cybersecurity. This is the story of why we founded Nudge Security.
