Mandiant’s 2025 M-Trends report highlights SaaS security as a significant source of risk

This year's report findings cast a stark light on an increasingly vulnerable SaaS attack surface.

Your RSA survival guide: How to get the most out of security conferences

With RSA around the corner and Black Hat following soon, we set out to find out if security practitioners still find value in these “mega” conferences.

Exploring AI governance: 5 strategies for your organization

Learn what AI governance is, why it matters, and five actionable strategies to strengthen AI security in your organization.

Supply chain attack affecting multiple GitHub actions

On March 14, 2025, attackers compromised a popular GitHub action, injecting malicious code to expose sensitive CI/CD secrets within workflow logs.

HellCat ransomware targeting Jira servers

On March 20, 2025, global hacking group HellCat launched a widespread ransomware attack specifically targeting Jira servers.

Phishing campaign uses Github fake security alerts to target repositories

A widespread phishing campaign has recently targeted nearly 12,000 GitHub repositories with fake “Security Alert” issues.

Silk Typhoon abusing IT providers and stolen credentials in supply chain attacks

Microsoft Threat Intelligence revealed that Silk Typhoon is exploiting stolen API keys, OAuth credentials, and PAM credentials in supply chain attacks.

Google Workspace security best practices: 5 configurations to review

Harden your Google Workspace environment with these five essential security settings and configurations.

Thousands of live API keys and passwords found exposed in training data

On February 27, 2025, security researchers revealed that LLMs were trained on datasets containing approximately 12,000 live API keys and passwords.

Microsoft’s Copilot found exposing thousands of private GitHub repositories

On February 27, 2025, security researchers from cybersecurity company Lasso discovered a serious data exposure issue involving Microsoft's Copilot.

How cloud sync and other SaaS dark patterns can put your organization at risk

While SaaS features and discounts offer many conveniences, some of the industry's darker patterns can put your organization at risk.

6 Okta security best practices: try these configurations in 2025

Six essential Okta security configurations that every security practitioner should monitor.

Why non-human identity management is critical to SaaS security

Protecting your organization’s data from NHI risks shouldn’t be a guessing game. Our app-to-app integrations table is here to help.

The rise of DeepSeek and the implications of shadow AI

The swift success of DeepSeek comes with pressing concerns about data security, regulatory compliance, and the hidden risks of shadow AI.

It’s time to move beyond the CASB

As the nature of work evolves, avoid falling victim to the sunk cost fallacy of CASB.

The essential guide to identity governance for SaaS

How to implement a structured framework to manage user access rights effectively across diverse applications and environments.

2024 Wrapped: The Year in Security

Please enjoy our reflections on the big moments, releases, breaches, and outages that defined the year in cybersecurity.

We’re going deep on SaaS security and governance with new connected apps

Gain deeper insight into your SaaS environments and strengthen your SaaS security posture with our growing library of connected apps.

SaaS management platforms: A complete guide

SaaS management platforms provide organizations with centralized visibility, control, and security for all their SaaS applications.

Harden your identity infrastructure with our new Okta connected app

With a new, deeper integration for Okta, Nudge Security customers can further harden and protect their critical identity stack.

Eliminate wasted SaaS spend to help fund your 2025 priorities

Nudge Security is the only SaaS management platform that discovers up to two years of historical SaaS spend within minutes of starting a free trial.

Social engineering campaign using fake reviews on the Chrome Web Store

LastPass has reported a social engineering campaign using fake reviews on the Chrome Web Store.