Skip to main content

Tag: saas

37 articles

Blurred login page on a laptop screen in a cluttered modern office setting.

Phishing Kits Target Microsoft 365 Accounts, Evade Multi-Factor Authentication

Beware of phishing kits targeting Microsoft 365 accounts, which can cleverly evade multi-factor authentication and put sensitive data like customer info, financial records, and internal communications at risk. These sneaky attacks use social engineering tactics to trick victims into handing over access to their accounts.

Analyst 207
Laptop screen shows Slack channel with plain-text password pinned amidst cluttered workspace.

Weak Passwords Expose Firms to Data Loss Risk

One careless decision - using the same easily-guessable password across multiple environments - left a client vulnerable to disaster, despite a hefty investment in security tools. A simple password like "admin123" pinned in a shared Slack channel created a single point of failure that put the entire system at risk.

Analyst 207
Modern tech company HQ at night with laptop screen glowing ominously amidst scattered items.

Chevin Disrupts FleetWave Software Amid Security Incident

Imagine your fleet management software suddenly going dark - who takes the wheel then? A cybersecurity incident has taken Chevin's FleetWave SaaS platform offline in the UK and US, leaving customers in the dark.

Analyst 207
Fractured snowflake hovers over cracked laptop screen amidst shattered glass and frosty shards, with shadowy figure looming…

Snowflake Breach Compounds as Hackers Exploit Integrator Vulnerability

A recent breach of a SaaS integration provider has led to a Snowflake data breach, with stolen authentication tokens being used to compromise the sensitive data of over a dozen companies. This devastating chain of events highlights the urgent need for robust security measures to protect against increasingly sophisticated cyber threats.

Analyst 207
agentic AI Must-Have Defense: Risky Breach Guide

agentic AI Must-Have Defense: Risky Breach Guide

Forrester warns agentic AI could spark a major breach by 2026, so now’s the time for boards and security teams to treat agentic risk as design — not a checkbox — by locking down privileges, boosting observability, and baking in human-in-the-loop controls before autonomous agents can act maliciously at scale.

Analyst 207
GitHub breach: Must-Have Fixes for Risky Attacks

GitHub breach: Must-Have Fixes for Risky Attacks

When Salesloft’s GitHub repo was breached, attackers used exposed artifacts to access customer Salesforce data — and that compromise became the ground zero for a wider campaign affecting Drift. It’s a wake-up call to treat code repositories like sensitive infrastructure: rotate keys, enforce MFA, and scan for leaked secrets before attackers do.

Analyst 207
Salesloft–Drift incident: Exclusive Risky Wake-Up Call

Salesloft–Drift incident: Exclusive Risky Wake-Up Call

When a vendor like Salesloft or Drift is breached, even giants like Cloudflare can have customer data exposed — a stark reminder that trusted integrations can become attack paths. Now’s the time to audit third‑party access, rotate tokens, and tighten least‑privilege controls before the next ripple causes real harm.

Analyst 207
OAuth token theft: Must-Have Fixes After Risky Breach

OAuth token theft: Must-Have Fixes After Risky Breach

When OAuth token theft let attackers roam across integrations, Salesloft temporarily pulled Drift offline to stop the bleeding and fully review security. It’s a wake-up call: short-lived tokens, tighter scopes and rapid rotation are essential to keep integrations—and customer data—safe.

Analyst 207
Salesloft/Drift incident: Exclusive Risky Security Wake-Up

Salesloft/Drift incident: Exclusive Risky Security Wake-Up

Cloudflare confirmed some customer data was exposed after the Salesloft/Drift breach, but key details and the full scope remain unclear — a stark reminder that third‑party compromises can ripple across the cloud ecosystem. Customers should watch for updates and take simple precautions now, like rotating credentials and enabling MFA, while investigations continue.

Analyst 207
OAuth tokens: Must-Have Fixes to Stop Risky Leaks

OAuth tokens: Must-Have Fixes to Stop Risky Leaks

Palo Alto Networks says some commercially sensitive customer data may have been exposed after attackers used OAuth tokens stolen from the Salesloft Drift breach to access its Salesforce—proof that handy integrations can let a single vendor compromise cascade across your business. Now’s the time to audit connected apps, tighten token lifecycles, and treat integrations as continuously verified trust relationships, not set‑and‑forget conveniences.

Analyst 207
Zscaler customer information: Exclusive Risky Breach

Zscaler customer information: Exclusive Risky Breach

Last week’s Salesloft–Salesforce supply‑chain breach that exposed Zscaler customer data is a wake‑up call: attackers are increasingly moving laterally through trusted cloud integrations to harvest high‑value corporate data. Now is the time to map dependencies, tighten access, and embrace zero‑trust before the next incident.

Analyst 207
Scattered Spider: Must-Have Defense for Risky Browser Attacks

Scattered Spider: Must-Have Defense for Risky Browser Attacks

The browser is now the workplace front door—and groups like Scattered Spider are exploiting it with social engineering and account-takeover tricks. Enterprises can keep cloud-first convenience without handing over the keys by layering phishing‑resistant MFA, locking down extensions and OAuth grants, and monitoring browser telemetry.

Analyst 207
Salesloft Drift integration: Risky Must-Have Fixes

Salesloft Drift integration: Risky Must-Have Fixes

A widely used Salesloft–Drift integration meant to speed workflows is being abused to pivot into Google Workspace accounts—now’s the time to audit OAuth permissions, enforce least privilege, and revoke any unnecessary app access before attackers do.

Analyst 207
compromised Microsoft Teams account: Stunning Risk Alert

compromised Microsoft Teams account: Stunning Risk Alert

Think your cloud and Teams are safe? Storm‑0501 slipped from on‑prem into Azure, stole sensitive files, and even used a compromised Teams account to extort the victim — a wake‑up call to lock down identities, tighten segmentation, and treat collaboration tools as prime targets.

Analyst 207
VPS-based attacks: Critical Guide to Risky Threats

VPS-based attacks: Critical Guide to Risky Threats

Attackers are increasingly using rented VPS hosts to make their logins look like legitimate data-center traffic, blurring the line between customer and criminal. SaaS teams and users need stronger passwords, phishing-resistant MFA, and behavior-based authentication to stop stealthy account takeovers.

Analyst 207
CRM platform Risky Breach: Stunning Contact Exposure

CRM platform Risky Breach: Stunning Contact Exposure

Workday says its core systems were untouched, but a third-party CRM was breached — exposing business contacts that could fuel phishing, BEC and credential-stuffing attacks. Treat contact data as compromised: tighten MFA, audit integrations, and warn teams to watch for targeted social engineering.

Analyst 207
data extortion: Stunning, Dangerous Cloud Threat

data extortion: Stunning, Dangerous Cloud Threat

ShinyHunters and Scattered Spider have shifted from stealing and selling data to brazenly extorting Salesforce customers, combining mass-data access with hands-on intrusion to squeeze ransoms out of enterprises. If this hybrid tactic spreads to financial and tech-service providers, it could seriously amplify risk across industries—time to lock down identities, APIs, and incident playbooks.

Analyst 207
AI Governance for SaaS Security Leaders: Essential Insights

AI Governance for SaaS Security Leaders: Essential Insights

As generative AI seamlessly integrates into SaaS platforms, security leaders face a pivotal challenge: balancing transformative efficiency gains with the urgent need for robust AI governance to protect sensitive data and manage emerging risks.

Analyst 207
Young Consulting Discovers Over 1 Million Affected by Breach Incident

Young Consulting Discovers Over 1 Million Affected by Breach Incident

Young Consulting uncovers a breach incident affecting over 1 million individuals, highlighting the urgent need for enhanced cybersecurity measures.

Analyst 207
Cracked shield lies on worn desk in dimly lit, abandoned server room with eerie laptop glow.

Unveiling SaaS Vulnerabilities: The Insufficiency of Built-In Protections for Today’s Data Resilience

Explore the hidden vulnerabilities in SaaS solutions and understand why built-in protections fall short for ensuring data resilience in today’s landscape.

Analyst 207
Ongoing nOAuth Vulnerability Impacts 9% of Microsoft Entra SaaS Apps Two Years Later

Ongoing nOAuth Vulnerability Impacts 9% of Microsoft Entra SaaS Apps Two Years Later

Discover how the ongoing nOAuth vulnerability continues to affect 9% of Microsoft Entra SaaS apps two years later, posing significant security risks.

Analyst 207
Microsoft nOAuth Vulnerability Continues to Threaten SaaS Applications Two Years Later

Microsoft nOAuth Vulnerability Continues to Threaten SaaS Applications Two Years Later

“Two years on, the Microsoft nOAuth vulnerability still jeopardizes SaaS applications, exposing sensitive data and highlighting urgent security needs.”

Analyst 207
Salesforce Identifies 5 CVEs Following SaaS Security Probe Exposing Configuration Issues

Salesforce Identifies 5 CVEs Following SaaS Security Probe Exposing Configuration Issues

Salesforce identifies 5 CVEs after a SaaS security probe revealed configuration issues, prompting urgent patches and stronger defenses.

Analyst 207
Rethinking Shadow IT: 5 Overlooked Risks Beyond IdP and CASB Protections

Rethinking Shadow IT: 5 Overlooked Risks Beyond IdP and CASB Protections

Discover 5 overlooked risks of shadow IT beyond IdP and CASB protections. Uncover hidden vulnerabilities that could expose your organization’s digital assets.

Analyst 207