Google OAuth vulnerabilities explained—and how to protect against them

A newly disclosed Google OAuth vulnerability allows former employees to retain access to corporate resources like Slack and Zoom, even after suspending their corporate Google accounts. Here’s what it means for your SaaS security posture and how Nudge Security can help.

The dangers of rogue AWS accounts

How can you effectively secure your company’s cloud accounts when you don’t know that they exist?

Threat actors continue to create Chrome extensions impersonating Fortinet and VPN providers

Since February 2024, an unknown threat actor has seeded 100+ malicious Google Chrome extensions that masquerade as legitimate tools.

Threat actor targeting Commvault SaaS cloud application

CISA issued an alert on May 22 warning that threat actors had compromised Commvault's Azure-hosted Metallic SaaS backup platform.

Upcoming Microsoft OneDrive feature could expose sensitive data

Microsoft is rolling out a new feature in June 2025 that encourages enterprise users signed into their corporate OneDrive on Windows devices to also sign into their personal OneDrive accounts.

How to conduct an AI risk assessment

A practitioner's guide to running an AI risk assessment in order to safeguard organizational data and reputation.

Why SaaS security has become a “now” problem

SaaS security isn't just another cybersecurity trend—it's a fundamental recognition that the traditional security paradigm is failing to address modern threats.

Snowflake Cortex AI Search service can expose sensitive data

A recent analysis by Cyera uncovered unexpected behavior within Snowflake’s Cortex AI Search Service, a powerful tool for AI-driven search and retrieval.

Securing the Workforce Edge: A new paradigm for SaaS security

In today's world of distributed workforces and rapid SaaS adoption, organizations need a new approach to technology governance—one that empowers employees while maintaining security.

SaaS discovery tools compared: A 2025 guide to finding and managing shadow IT

Not all SaaS discovery methods are created equal. Learn the pros and cons of different approaches and how Nudge Security delivers full visibility on Day One.

Mandiant’s 2025 M-Trends report highlights SaaS security as a significant source of risk

This year's report findings cast a stark light on an increasingly vulnerable SaaS attack surface.

Your RSA survival guide: How to get the most out of security conferences

With RSA around the corner and Black Hat following soon, we set out to find out if security practitioners still find value in these “mega” conferences.

Exploring AI governance: 5 strategies for your organization

Learn what AI governance is, why it matters, and five actionable strategies to strengthen AI security in your organization.

The definitive guide to SaaS security posture management

How SSPM solutions help automate the detection, remediation, and reporting of configuration issues, identity risks, and other SaaS security threats.

Supply chain attack affecting multiple GitHub actions

On March 14, 2025, attackers compromised a popular GitHub action, injecting malicious code to expose sensitive CI/CD secrets within workflow logs.

Thousands of live API keys and passwords found exposed in training data

On February 27, 2025, security researchers revealed that LLMs were trained on datasets containing approximately 12,000 live API keys and passwords.

Microsoft’s Copilot found exposing thousands of private GitHub repositories

On February 27, 2025, security researchers from cybersecurity company Lasso discovered a serious data exposure issue involving Microsoft's Copilot.

How cloud sync and other SaaS dark patterns can put your organization at risk

While SaaS features and discounts offer many conveniences, some of the industry's darker patterns can put your organization at risk.

Why non-human identity management is critical to SaaS security

Protecting your organization’s data from NHI risks shouldn’t be a guessing game. Our app-to-app integrations table is here to help.

The rise of DeepSeek and the implications of shadow AI

The swift success of DeepSeek comes with pressing concerns about data security, regulatory compliance, and the hidden risks of shadow AI.

The essential guide to identity governance for SaaS

How to implement a structured framework to manage user access rights effectively across diverse applications and environments.

2024 Wrapped: The Year in Security

Please enjoy our reflections on the big moments, releases, breaches, and outages that defined the year in cybersecurity.

We’re going deep on SaaS security and governance with new connected apps

Gain deeper insight into your SaaS environments and strengthen your SaaS security posture with our growing library of connected apps.

The Rush to AI Opens Doors to Cyberattacks

Nudge Security CEO Russell Spitler explores the possibility of an AI-fueled cyberattack in this OpEd published in The Information.