HellCat ransomware targeting Jira servers

On March 20, 2025, global hacking group HellCat launched a widespread ransomware attack specifically targeting Jira servers.

Phishing campaign uses Github fake security alerts to target developers

A widespread phishing campaign has recently targeted nearly 12,000 GitHub repositories with fake “Security Alert” issues.

Silk Typhoon abusing IT providers and stolen credentials in supply chain attacks

Microsoft Threat Intelligence revealed that Silk Typhoon is exploiting stolen API keys, OAuth credentials, and PAM credentials in supply chain attacks.

Midnight Blizzard using Microsoft Teams to launch spear phishing attacks

Midnight Blizzard has been actively targeting organizations across various sectors since at least 2021.

Amazon Q Developer Extension for VS Code compromised with a supply chain attack

A security incident has been identified involving Amazon’s Q Developer Extension for Visual Studio Code (VSC), version 1.84.0.

How to remove Otter AI from your organization with Nudge Security

Learn how to discover, assess, and remove unauthorized Otter AI accounts with Nudge Security's AI security tools.

Why SaaS & AI security needs more than a browser extension

A browser-based security solution can deliver powerful, real-time security insights and engagement as your workforce uses SaaS and GenAI apps. But it's not a silver bullet.

High-severity data exposure vulnerability identified in ServiceNow

High-Severity Data Exposure Vulnerability Identified in ServiceNow Platform (Count(er) Strike)

Phishing attacks leveraging app-specific passwords to compromise Microsoft accounts

Security researchers from Google and Citizen Lab have identified a sophisticated phishing campaign that targets prominent academics and critics of Russia.

Asana MCP server data exposure incident

Asana identified a data exposure bug within its Model Context Protocol (MCP) server on June 4, 2025.

Threat Actor using TeamFiltration tool in large-scale account takeover attacks

Proofpoint researchers have identified an ongoing and active account takeover (ATO) campaign active since December 2024.

Financially motivated threat actor targeting Salesforce instances

Google Threat Intelligence Group has identified a financially motivated threat actor conducting voice phishing campaigns aimed at breaching Salesforce instances.

The new HIPAA security rule: Why SaaS security and identity governance can’t wait

As HIPAA modernizes its standards for a SaaS & AI-powered world, healthcare organizations require new approaches to safeguarding access to sensitive data.

A complete guide to shadow IT discovery

Why comprehensive shadow IT discovery is an essential first step toward securing an organization's SaaS estate.

Understanding SaaS data governance best practices

How to streamline all aspects of your SaaS data governance process, ensuring that technology is onboarded, managed, and secured properly.

The dangers of rogue AWS accounts

How can you effectively secure your company’s cloud accounts when you don’t know that they exist?

Threat actors continue to create Chrome extensions impersonating legitimate tools

Since February 2024, an unknown threat actor has seeded 100+ malicious Google Chrome extensions that masquerade as legitimate tools.

Threat actor targeting Commvault SaaS cloud application

CISA issued an alert on May 22 warning that threat actors had compromised Commvault's Azure-hosted Metallic SaaS backup platform.

Upcoming Microsoft OneDrive feature could expose sensitive data

Microsoft is rolling out a new feature in June 2025 that encourages enterprise users signed into their corporate OneDrive on Windows devices to also sign into their personal OneDrive accounts.

Why SaaS security has become a “now” problem

SaaS security isn't just another cybersecurity trend—it's a fundamental recognition that the traditional security paradigm is failing to address modern threats.

Snowflake Cortex AI Search service can expose sensitive data

A recent analysis by Cyera uncovered unexpected behavior within Snowflake’s Cortex AI Search Service, a powerful tool for AI-driven search and retrieval.

Securing the workforce edge: A new paradigm for SaaS security

In today's world of distributed workforces and rapid SaaS adoption, organizations need a new approach to technology governance—one that empowers employees while maintaining security.

What Mandiant's M-Trends 2025 reveals about SaaS security risk

This year's report findings cast a stark light on an increasingly vulnerable SaaS attack surface.

AI governance explained: 5 strategies for your organization

Learn what AI governance is, why it matters, and five actionable strategies to strengthen AI security in your organization.

Supply chain attack affecting multiple GitHub actions

On March 14, 2025, attackers compromised a popular GitHub action, injecting malicious code to expose sensitive CI/CD secrets within workflow logs.