The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a…
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security…
The Kill Chain Is Obsolete When Your AI Agent Is the Threat
In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage…
We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to…
New RFP Template for AI Usage Control and AI Governance
As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget…
The Buyer’s Guide to AI Usage Control
Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms,…
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed…
The Case for Dynamic AI-SaaS Security as Copilots Scale
Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools…
A Browser Extension Risk Guide After the ShadyPanda Campaign
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser…
Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity
Salesforce has warned of detected "unusual activity" related to Gainsight-published applications connected to the platform. "Our investigation…
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts
Malicious actors can exploit default configurations in ServiceNow's Now Assist generative artificial intelligence (AI) platform and leverage…
Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries
A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to…
SaaS Breaches Start with Tokens – What Security Teams Must Watch
Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen…
Innovator Spotlight: Seraphic
Reinventing Browser Security for the Enterprise The Browser: Enterprise’s Biggest Blind Spot On any given day, the humble web browser is…