A critical vulnerability in GitHub Copilot Chat (”CamoLeak”) allowed attackers to silently exfiltrate private repository content and secrets.
A critical vulnerability in GitHub Copilot Chat (”CamoLeak”) allowed attackers to silently exfiltrate private repository content and secrets.
Noma Labs disclosed a critical vulnerability chain in Salesforce Agentforce that allowed adversaries to exfiltrate sensitive CRM data.
Noma Labs disclosed a critical vulnerability chain in Salesforce Agentforce that allowed adversaries to exfiltrate sensitive CRM data.
Marek TĂłth presented at DEF CON 33 a new attack technique called DOM-based Extension Clickjacking that impacts popular browser-based password manager extensions.
Marek TĂłth presented at DEF CON 33 a new attack technique called DOM-based Extension Clickjacking that impacts popular browser-based password manager extensions.
Security researchers at Koi Security have uncovered a large-scale, multi-faceted cybercrime campaign dubbed GreedyBear.
Security researchers at Koi Security have uncovered a large-scale, multi-faceted cybercrime campaign dubbed GreedyBear.
A critical vulnerability was discovered in the Base44 vibe coding platform, recently acquired by Wix.
A critical vulnerability was discovered in the Base44 vibe coding platform, recently acquired by Wix.
On March 20, 2025, global hacking group HellCat launched a widespread ransomware attack specifically targeting Jira servers.
On March 20, 2025, global hacking group HellCat launched a widespread ransomware attack specifically targeting Jira servers.
A widespread phishing campaign has recently targeted nearly 12,000 GitHub repositories with fake “Security Alert” issues.
A widespread phishing campaign has recently targeted nearly 12,000 GitHub repositories with fake “Security Alert” issues.
Microsoft Threat Intelligence revealed that Silk Typhoon is exploiting stolen API keys, OAuth credentials, and PAM credentials in supply chain attacks.
Microsoft Threat Intelligence revealed that Silk Typhoon is exploiting stolen API keys, OAuth credentials, and PAM credentials in supply chain attacks.
Midnight Blizzard has been actively targeting organizations across various sectors since at least 2021.
Midnight Blizzard has been actively targeting organizations across various sectors since at least 2021.
A security incident has been identified involving Amazon’s Q Developer Extension for Visual Studio Code (VSC), version 1.84.0.
A security incident has been identified involving Amazon’s Q Developer Extension for Visual Studio Code (VSC), version 1.84.0.
Security researchers from Google and Citizen Lab have identified a sophisticated phishing campaign that targets prominent academics and critics of Russia.
Security researchers from Google and Citizen Lab have identified a sophisticated phishing campaign that targets prominent academics and critics of Russia.
Asana identified a data exposure bug within its Model Context Protocol (MCP) server on June 4, 2025.
Asana identified a data exposure bug within its Model Context Protocol (MCP) server on June 4, 2025.
Proofpoint researchers have identified an ongoing and active account takeover (ATO) campaign active since December 2024.
Proofpoint researchers have identified an ongoing and active account takeover (ATO) campaign active since December 2024.
Google Threat Intelligence Group has identified a financially motivated threat actor conducting voice phishing campaigns aimed at breaching Salesforce instances.
Google Threat Intelligence Group has identified a financially motivated threat actor conducting voice phishing campaigns aimed at breaching Salesforce instances.
Since February 2024, an unknown threat actor has seeded 100+ malicious Google Chrome extensions that masquerade as legitimate tools.
Since February 2024, an unknown threat actor has seeded 100+ malicious Google Chrome extensions that masquerade as legitimate tools.
CISA issued an alert on May 22 warning that threat actors had compromised Commvault's Azure-hosted Metallic SaaS backup platform.
CISA issued an alert on May 22 warning that threat actors had compromised Commvault's Azure-hosted Metallic SaaS backup platform.
Microsoft is rolling out a new feature in June 2025 that encourages enterprise users signed into their corporate OneDrive on Windows devices to also sign into their personal OneDrive accounts.
Microsoft is rolling out a new feature in June 2025 that encourages enterprise users signed into their corporate OneDrive on Windows devices to also sign into their personal OneDrive accounts.
A practitioner's guide to running an AI risk assessment in order to safeguard organizational data and reputation.
A practitioner's guide to running an AI risk assessment in order to safeguard organizational data and reputation.
A recent analysis by Cyera uncovered unexpected behavior within Snowflake’s Cortex AI Search Service, a powerful tool for AI-driven search and retrieval.
A recent analysis by Cyera uncovered unexpected behavior within Snowflake’s Cortex AI Search Service, a powerful tool for AI-driven search and retrieval.
With RSA around the corner and Black Hat following soon, we set out to find out if security practitioners still find value in these “mega” conferences.
With RSA around the corner and Black Hat following soon, we set out to find out if security practitioners still find value in these “mega” conferences.
On March 14, 2025, attackers compromised a popular GitHub action, injecting malicious code to expose sensitive CI/CD secrets within workflow logs.
On March 14, 2025, attackers compromised a popular GitHub action, injecting malicious code to expose sensitive CI/CD secrets within workflow logs.
On February 27, 2025, security researchers revealed that LLMs were trained on datasets containing approximately 12,000 live API keys and passwords.
On February 27, 2025, security researchers revealed that LLMs were trained on datasets containing approximately 12,000 live API keys and passwords.
On February 27, 2025, security researchers from cybersecurity company Lasso discovered a serious data exposure issue involving Microsoft's Copilot.
On February 27, 2025, security researchers from cybersecurity company Lasso discovered a serious data exposure issue involving Microsoft's Copilot.
Proactively find and fix misconfigurations in Okta, Google Workspace, and Microsoft 365 with our new SSPM capabilities.
Proactively find and fix misconfigurations in Okta, Google Workspace, and Microsoft 365 with our new SSPM capabilities.
LastPass has reported a social engineering campaign using fake reviews on the Chrome Web Store.
LastPass has reported a social engineering campaign using fake reviews on the Chrome Web Store.
On October 30, 2024, a security flaw was detected in Okta’s AD/LDAP Delegated Authentication (DelAuth) service.
On October 30, 2024, a security flaw was detected in Okta’s AD/LDAP Delegated Authentication (DelAuth) service.
Attackers have been utilizing DocuSign’s SaaS platform to deliver phishing campaigns that are able to bypass email security checks.
Attackers have been utilizing DocuSign’s SaaS platform to deliver phishing campaigns that are able to bypass email security checks.
Threat actors are leveraging fake Google Ads linked to deceptive websites that mimic legitimate download pages.
Threat actors are leveraging fake Google Ads linked to deceptive websites that mimic legitimate download pages.
Read a summary of the vulnerability, how it could be exploited, and what to look for to understand if your organization could have been impacted.
Read a summary of the vulnerability, how it could be exploited, and what to look for to understand if your organization could have been impacted.
With Nudge Security, GLAAD eliminates 1000+ hours of manual work every year in protecting critical SaaS identities and data.
With Nudge Security, GLAAD eliminates 1000+ hours of manual work every year in protecting critical SaaS identities and data.
Learn how we can help you identify and remediate security risks across your Google Workspace and Microsoft 365 environments.
Learn how we can help you identify and remediate security risks across your Google Workspace and Microsoft 365 environments.
With Nudge Security, Stravito was able to expand its SaaS security program while cutting costs and improving employee engagement.
With Nudge Security, Stravito was able to expand its SaaS security program while cutting costs and improving employee engagement.
An active threat campaign targeting Snowflake customers underscores an all-too-common attack pattern of exploiting users’ cloud and SaaS identities and gaps in MFA coverage.
An active threat campaign targeting Snowflake customers underscores an all-too-common attack pattern of exploiting users’ cloud and SaaS identities and gaps in MFA coverage.
With Nudge Security, gridX was able to discover and inventory its cloud and SaaS applications, allowing them to ditch their spreadsheet and easily prepare for compliance certifications.
With Nudge Security, gridX was able to discover and inventory its cloud and SaaS applications, allowing them to ditch their spreadsheet and easily prepare for compliance certifications.
A conversation about data and identity with Steve Zalewski, former CISO of Levi Strauss and a seasoned security advisor.
A conversation about data and identity with Steve Zalewski, former CISO of Levi Strauss and a seasoned security advisor.
Join our webcast on February 15 to learn how Nudge Security can help you manage SaaS identities and governance at scale.
Join our webcast on February 15 to learn how Nudge Security can help you manage SaaS identities and governance at scale.
Tune in to Nudge Newsday Tuesday to see what’s new in our product and how these innovations can help you save time and improve SaaS security and governance.
Tune in to Nudge Newsday Tuesday to see what’s new in our product and how these innovations can help you save time and improve SaaS security and governance.
.avif)
Eliminate shadow IT, secure rogue accounts, control costs, and automate tedious tasks.
Eliminate shadow IT, secure rogue accounts, control costs, and automate tedious tasks.
Who’s using AI in your org? Find out in minutes with our patented method for SaaS discovery.
Who’s using AI in your org? Find out in minutes with our patented method for SaaS discovery.
Nudge Security CEO Russ Spitler welcomes Ira Winkler, CISO of CYE Security, to discuss principles for designing a security program that engages employees.
Nudge Security CEO Russ Spitler welcomes Ira Winkler, CISO of CYE Security, to discuss principles for designing a security program that engages employees.
Watch our webcast to learn the fundamentals of OAuth risk management using Nudge Security.
Watch our webcast to learn the fundamentals of OAuth risk management using Nudge Security.
Nudge Security CEO Russ Spitler welcomes Malcolm Harkins to discuss the balance of risk vs. friction that must be considered when designing a security program.
Nudge Security CEO Russ Spitler welcomes Malcolm Harkins to discuss the balance of risk vs. friction that must be considered when designing a security program.
.avif)
Nudge Security CEO Russ Spitler welcomes Tony Simone to discuss how Incident Response has changed with widespread SaaS adoption and SaaS-to-SaaS integrations.
Nudge Security CEO Russ Spitler welcomes Tony Simone to discuss how Incident Response has changed with widespread SaaS adoption and SaaS-to-SaaS integrations.
.avif)
Nudge Security CEO Russ Spitler welcomes Kunal Anand to discuss the challenges IT and security practitioners face trying to secure their SaaS ecosystem.
Nudge Security CEO Russ Spitler welcomes Kunal Anand to discuss the challenges IT and security practitioners face trying to secure their SaaS ecosystem.
.avif)
Watch our product demo to learn how Nudge Security helps you manage AI risk effectively and at scale.
Watch our product demo to learn how Nudge Security helps you manage AI risk effectively and at scale.
Nudge Security CEO Russ Spitler welcomes Dave Anderson to discuss how IT offboarding has changed with the explosion of SaaS and cloud applications.
Nudge Security CEO Russ Spitler welcomes Dave Anderson to discuss how IT offboarding has changed with the explosion of SaaS and cloud applications.
Watch our product demo and see how Nudge Security's new playbook reduces employee offboarding time by 90%.
Watch our product demo and see how Nudge Security's new playbook reduces employee offboarding time by 90%.
Nudge Security CEO Russ Spitler welcomes Ed Amoroso to discuss how the modern attack surface has changed with the explosion of SaaS adoption.
Nudge Security CEO Russ Spitler welcomes Ed Amoroso to discuss how the modern attack surface has changed with the explosion of SaaS adoption.
Watch our demo webcast and see how Nudge Security gives you instant visibility into all SaaS and cloud accounts ever created.
Watch our demo webcast and see how Nudge Security gives you instant visibility into all SaaS and cloud accounts ever created.
Watch our product demo and learn how to proactively discover, monitor, and secure your SaaS footprint with Nudge Security.
Watch our product demo and learn how to proactively discover, monitor, and secure your SaaS footprint with Nudge Security.
Watch our product demo to learn everything you need to know about Nudge Security in 30 minutes.
Watch our product demo to learn everything you need to know about Nudge Security in 30 minutes.
Did the latest SaaS security incidents affect you or your supply chain? Are you sure?
Did the latest SaaS security incidents affect you or your supply chain? Are you sure?
Here’s what we’re drinking this holiday season to celebrate a stellar first year at Nudge Security.
Here’s what we’re drinking this holiday season to celebrate a stellar first year at Nudge Security.
Watch Dr. Aaron C. Kay and Nudge Security CEO Russell Spitler as they present new research.
Watch Dr. Aaron C. Kay and Nudge Security CEO Russell Spitler as they present new research.
Our research report explores the influence of employees’ perception and emotions on security behaviors.
Our research report explores the influence of employees’ perception and emotions on security behaviors.
An interview with Castra’s Grant Leonard on how to prepare for the future of SaaS security.
An interview with Castra’s Grant Leonard on how to prepare for the future of SaaS security.
Nudge Security is now generally available with a free 14-day trial. Here’s a primer on what we built, why we built it, and why you should give it a whirl.
Nudge Security is now generally available with a free 14-day trial. Here’s a primer on what we built, why we built it, and why you should give it a whirl.
We are excited to announce that we recently completed our SOC 2 Type 1 attestation report.
We are excited to announce that we recently completed our SOC 2 Type 1 attestation report.
We think the industry needs to do much, much more to address the human element of cybersecurity. This is the story of why we founded Nudge Security.
We think the industry needs to do much, much more to address the human element of cybersecurity. This is the story of why we founded Nudge Security.
