Shadow AI is just the new shadow IT—here’s why a SaaS-first approach wins

Shadow AI is just the latest form of shadow IT. Learn why a SaaS-first security approach gives you the visibility and control to manage AI risks at scale.

ForcedLeak indirect prompt injection in Salesforce Agentforce enables CRM data exfiltration

Noma Labs disclosed a critical vulnerability chain in Salesforce Agentforce that allowed adversaries to exfiltrate sensitive CRM data.

AI discovery methods compared: A 2025 guide to finding and managing shadow AI

With AI making it’s way into virtually every SaaS application, AI discovery extends far beyond chat prompts and purpose-built AI tools.

The Salesloft Drift breach is bigger than Salesforce: What it says about SaaS security

The Salesforce breach exposed serious SaaS supply chain risks. Learn how OAuth integrations create blind spots and what to do about them.

DOM-based extension clickjacking vulnerabilities in popular password managers

Marek Tóth presented at DEF CON 33 a new attack technique called DOM-based Extension Clickjacking that impacts popular browser-based password manager extensions.

The end of the AI honeymoon: SaaS data risks in the MCP era

AI is no longer limited to prompts and file uploads. With MCP and embedded AI in SaaS apps, corporate data exposure is accelerating. Learn what this means for security and governance.

The rise of agentic AI: How autonomous AI changes security & governance

Discover how agentic AI is reshaping enterprise security and governance. Learn the risks, workforce impacts, and steps to stay ahead.

Campaign targets crypto users with malicious Firefox extensions

Security researchers at Koi Security have uncovered a large-scale, multi-faceted cybercrime campaign dubbed GreedyBear.

5 ways customers use security nudges to drive action—and results

From cutting SaaS costs to managing AI use, discover how Nudge Security customers use nudges to improve security outcomes and change workforce behavior.

Critical vulnerability identified in Base44 Vibe Coding platform allowing unauthorized access to private applications

A critical vulnerability was discovered in the Base44 vibe coding platform, recently acquired by Wix.

Amazon Q Developer Extension for VS Code compromised with a malicious prompt

A security incident has been identified involving Amazon’s Q Developer Extension for Visual Studio Code (VSC), version 1.84.0.

How to remove Otter AI from your organization with Nudge Security

Learn how to discover, assess, and remove unauthorized Otter AI accounts with Nudge Security's AI security tools.

Beyond the browser: Why your SaaS & AI security strategy needs more than just an extension

A browser-based security solution can deliver powerful, real-time security insights and engagement as your workforce uses SaaS and GenAI apps. But it's not a silver bullet.

High-severity data exposure vulnerability identified in ServiceNow platform (Count(er) Strike)

High-Severity Data Exposure Vulnerability Identified in ServiceNow Platform (Count(er) Strike)

Shadow AI is taking notes: The growing risk of AI meeting assistants

AI meeting tools like Otter and Fireflies spread fast. Nudge Security helps you uncover and manage the risks.

Microsoft 365 security best practices: 5 configurations to review

Missteps like weak MFA enforcement, legacy auth, and excess admin access can open the door to attackers. Here's how to fix them before they’re exploited.

Phishing attacks leveraging app-specific passwords to compromise Google mailboxes

Security researchers from Google and Citizen Lab have identified a sophisticated phishing campaign that targets prominent academics and critics of Russia.

Asana MCP server data exposure incident

Asana identified a data exposure bug within its Model Context Protocol (MCP) server on June 4, 2025.

Threat Actor using TeamFiltration tool in large-scale account takeover

Proofpoint researchers have identified an ongoing and active account takeover (ATO) campaign active since December 2024.

Expand SaaS and AI security governance with our new browser extension

Enrich your understanding of SaaS and AI usage with real-time data and promote safe security practices with browser nudges.

Financially motivated threat actor targeting Salesforce instances for large-scale data theft

Google Threat Intelligence Group has identified a financially motivated threat actor conducting voice phishing campaigns aimed at breaching Salesforce instances.

The new HIPAA security rule: Why SaaS security and identity governance can’t wait

As HIPAA modernizes its standards for a SaaS & AI-powered world, healthcare organizations require new approaches to safeguarding access to sensitive data.

Threat actors continue to create Chrome extensions impersonating Fortinet and VPN providers

Since February 2024, an unknown threat actor has seeded 100+ malicious Google Chrome extensions that masquerade as legitimate tools.

Threat actor targeting Commvault SaaS cloud application

CISA issued an alert on May 22 warning that threat actors had compromised Commvault's Azure-hosted Metallic SaaS backup platform.

Upcoming Microsoft OneDrive feature could expose sensitive data

Microsoft is rolling out a new feature in June 2025 that encourages enterprise users signed into their corporate OneDrive on Windows devices to also sign into their personal OneDrive accounts.