Top 5 Microsoft 365 security misconfigurations—and how to fix them

Missteps like weak MFA enforcement, legacy auth, and excess admin access can open the door to attackers. Here's how to fix them before they’re exploited.

Phishing attacks leveraging app-specific passwords to compromise Google mailboxes

Security researchers from Google and Citizen Lab have identified a sophisticated phishing campaign that targets prominent academics and critics of Russia.

Asana MCP server data exposure incident

Asana identified a data exposure bug within its Model Context Protocol (MCP) server on June 4, 2025.

Threat Actor using TeamFiltration tool in large-scale account takeover

Proofpoint researchers have identified an ongoing and active account takeover (ATO) campaign active since December 2024.

Managing vendor risk in the SaaS supply chain

Why effective vendor risk management is a critical strategy for identifying, assessing, and mitigating risks within the SaaS supply chain.

Financially motivated threat actor targeting Salesforce instances for large-scale data theft

Google Threat Intelligence Group has identified a financially motivated threat actor conducting voice phishing campaigns aimed at breaching Salesforce instances.

The new HIPAA security rule: Why SaaS security and identity governance can’t wait

As HIPAA modernizes its standards for a SaaS & AI-powered world, healthcare organizations require new approaches to safeguarding access to sensitive data.

A complete guide to shadow IT discovery

Why comprehensive shadow IT discovery is an essential first step toward securing an organization's SaaS estate.

Top shadow IT risks and how to manage them in 2025

Shadow IT risks present a formidable challenge to modern businesses. Learn to identify shadow IT risks and regain control of your security posture.

Understanding SaaS data governance best practices

How to streamline all aspects of your SaaS data governance process, ensuring that technology is onboarded, managed, and secured properly.

Exploring identity management for SaaS

How to streamline IAM, starting with a complete inventory of every and SaaS app that’s been introduced into your organization.

Google OAuth vulnerabilities explained—and how to protect against them

A newly disclosed Google OAuth vulnerability allows former employees to retain access to corporate resources like Slack and Zoom, even after suspending their corporate Google accounts. Here’s what it means for your SaaS security posture and how Nudge Security can help.

The dangers of rogue AWS accounts

How can you effectively secure your company’s cloud accounts when you don’t know that they exist?

The AI adoption curve and what it means for your business

What does the rapid pace of AI adoption mean for cybersecurity leaders as they grapple with AI security and governance?

Threat actors continue to create Chrome extensions impersonating Fortinet and VPN providers

Since February 2024, an unknown threat actor has seeded 100+ malicious Google Chrome extensions that masquerade as legitimate tools.

Threat actor targeting Commvault SaaS cloud application

CISA issued an alert on May 22 warning that threat actors had compromised Commvault's Azure-hosted Metallic SaaS backup platform.

Upcoming Microsoft OneDrive feature could expose sensitive data

Microsoft is rolling out a new feature in June 2025 that encourages enterprise users signed into their corporate OneDrive on Windows devices to also sign into their personal OneDrive accounts.

How to conduct an AI risk assessment

A practitioner's guide to running an AI risk assessment in order to safeguard organizational data and reputation.

Why SaaS security has become a “now” problem

SaaS security isn't just another cybersecurity trend—it's a fundamental recognition that the traditional security paradigm is failing to address modern threats.

Snowflake Cortex AI Search service can expose sensitive data

A recent analysis by Cyera uncovered unexpected behavior within Snowflake’s Cortex AI Search Service, a powerful tool for AI-driven search and retrieval.

Securing the Workforce Edge: A new paradigm for SaaS security

In today's world of distributed workforces and rapid SaaS adoption, organizations need a new approach to technology governance—one that empowers employees while maintaining security.

SaaS discovery tools compared: A 2025 guide to finding and managing shadow IT

Not all SaaS discovery methods are created equal. Learn the pros and cons of different approaches and how Nudge Security delivers full visibility on Day One.

Mandiant’s 2025 M-Trends report highlights SaaS security as a significant source of risk

This year's report findings cast a stark light on an increasingly vulnerable SaaS attack surface.

Your RSA survival guide: How to get the most out of security conferences

With RSA around the corner and Black Hat following soon, we set out to find out if security practitioners still find value in these “mega” conferences.

Exploring AI governance: 5 strategies for your organization

Learn what AI governance is, why it matters, and five actionable strategies to strengthen AI security in your organization.