AI discovery: Methods, best practices explained

With AI making it’s way into virtually every SaaS application, AI discovery extends far beyond chat prompts and purpose-built AI tools.

A guide to identity and access management for SaaS

How to streamline IAM, starting with a complete inventory of every and SaaS app that’s been introduced into your organization.

SaaS security checklist: 9 best practices to try

How to expose shadow IT, eliminate SaaS sprawl, and take control of your supply chain.

SaaS discovery tools compared: a guide to finding and managing shadow IT in 2026

Not all SaaS discovery methods are created equal. Learn the pros and cons of different approaches and how Nudge Security delivers full visibility on Day One.

The Salesloft Drift breach and the rise of SaaS supply chain risk

The Salesforce breach exposed serious SaaS supply chain risks. Learn how OAuth integrations create blind spots and what to do about them.

What is a SaaS management platform? A 2026 complete guide

SaaS management platforms provide organizations with centralized visibility, control, and security for all their SaaS applications.

Breach of Salesloft Drift OAuth tokens leads to Salesforce data exposure

Attackers stole OAuth tokens from the Salesloft Drift app to bypass MFA and exfiltrate Salesforce data from hundreds of organizations.

DOM-based clickjacking vulnerabilities in popular password managers

Marek Tóth presented at DEF CON 33 a new attack technique called DOM-based Extension Clickjacking that impacts popular browser-based password manager extensions.

The rise of agentic AI: How autonomous AI changes governance

Discover how agentic AI is reshaping enterprise security and governance. Learn the risks, workforce impacts, and steps to stay ahead.

It’s time to move beyond the CASB

As the nature of work evolves, avoid falling victim to the sunk cost fallacy of CASB.

GreedyBear: Malicious Firefox extensions targeting crypto users

Security researchers at Koi Security have uncovered a large-scale, multi-faceted cybercrime campaign dubbed GreedyBear.

How to conduct an AI risk assessment

A practitioner's guide to running an AI risk assessment in order to safeguard organizational data and reputation.

5 ways customers use security nudges to drive action and results

From cutting SaaS costs to managing AI use, discover how Nudge Security customers use nudges to improve security outcomes and change workforce behavior.

Critical vulnerability identified in Base44 Vibe Coding platform

A critical vulnerability was discovered in the Base44 vibe coding platform, recently acquired by Wix.

HellCat ransomware targeting Jira servers

On March 20, 2025, global hacking group HellCat launched a widespread ransomware attack specifically targeting Jira servers.

Phishing campaign uses Github fake security alerts to target developers

A widespread phishing campaign has recently targeted nearly 12,000 GitHub repositories with fake “Security Alert” issues.

Silk Typhoon abusing IT providers and stolen credentials in supply chain attacks

Microsoft Threat Intelligence revealed that Silk Typhoon is exploiting stolen API keys, OAuth credentials, and PAM credentials in supply chain attacks.

Midnight Blizzard using Microsoft Teams to launch spear phishing attacks

Midnight Blizzard has been actively targeting organizations across various sectors since at least 2021.

Amazon Q Developer Extension for VS Code compromised with a supply chain attack

A security incident has been identified involving Amazon’s Q Developer Extension for Visual Studio Code (VSC), version 1.84.0.

How to remove Otter AI from your organization with Nudge Security

Learn how to discover, assess, and remove unauthorized Otter AI accounts with Nudge Security's AI security tools.

Why SaaS & AI security needs more than a browser extension

A browser-based security solution can deliver powerful, real-time security insights and engagement as your workforce uses SaaS and GenAI apps. But it's not a silver bullet.

High-severity data exposure vulnerability identified in ServiceNow

High-Severity Data Exposure Vulnerability Identified in ServiceNow Platform (Count(er) Strike)

Phishing attacks leveraging app-specific passwords to compromise Microsoft accounts

Security researchers from Google and Citizen Lab have identified a sophisticated phishing campaign that targets prominent academics and critics of Russia.

Asana MCP server data exposure incident

Asana identified a data exposure bug within its Model Context Protocol (MCP) server on June 4, 2025.

Threat Actor using TeamFiltration tool in large-scale account takeover attacks

Proofpoint researchers have identified an ongoing and active account takeover (ATO) campaign active since December 2024.