How One AI Tool Brought Down Vercel's Security
An AI tool with OAuth access. A trusted session. No alerts. The Vercel breach shows how Shadow AI is becoming the easiest way in.
Rockstar Breach Explained: 78.6 Million Records. Zero Alarms. One Unmonitored Vendor.
Rockstar wasn’t breached through their own systems. Attackers compromised a vendor, used legitimate access into Snowflake, and walked away with 78.6 million records, without triggering a single alert.
The Side Door Problem: What the HackerOne Breach Tells Us About Third-Party Risk
HackerOne wasn’t breached directly. A supplier was. One vulnerability exposed millions across multiple organisations. This is how modern attacks really happen, and why most companies still don’t see the risk.
The Crunchyroll Breach Explained: How a Vendor Login Exposed 6.8M Users
Attackers didn’t breach Crunchyroll’s systems, they logged in through a compromised vendor account. The incident highlights a growing risk: third-party access across SaaS environments.
Lazarus Ransomware Attacks in the Middle East: What It Means
A recent campaign linked to North Korea’s Lazarus Group targeted organizations in the Middle East using Medusa ransomware. The attack highlights how modern ransomware operations work—and why identity and SaaS visibility are becoming critical for security teams.
The Vendor You Trusted Just Exposed 25 Million People
A breach at Conduent exposed the data of 25 million Americans after attackers remained inside the vendor’s systems for three months.
Thought you weren’t a target? ShadyPanda has been watching you for 7 years.
For nearly a decade, a malicious Chrome extension quietly collected session cookies and authenticated access from real users inside real companies. The story behind ShadyPanda highlights a growing blind spot in modern security: what happens inside authenticated SaaS sessions.
Your AI Tools Have More Access Than You Think.
AI tools are spreading across organizations faster than most security teams can track. Each OAuth login or SaaS integration can quietly create persistent access to company data, often without centralized visibility.
Why Microsoft Security Gives You Confidence, But Not the Full Story
Microsoft gives strong identity visibility, but only inside Microsoft. This explains where today’s SaaS attacks actually start.
Nissan Data Breach: What Really Happened
In December, Nissan lost customer data — even though its own systems weren’t hacked. The problem came from an external platform with standing access. Read how this happened, why it keeps repeating, and what security teams should change.
Your Organisation Runs on More Than Google. Your Security Should Too
Google-native companies tend to move quickly. Their teams adopt new tools early, automate workflows efficiently, and rely on the browser as the central work environment. This speed is rarely a “security issue”; it’s a modern pattern that emerges naturally when companies build on a flexible, cloud-first platform like Google
Cybersecurity in the Boardroom: Key Insights from the FrontierZero CISO Roundtable
Our closed-door CISO roundtable in Dubai highlighted a major shift: the perimeter is gone, and real-time identity behavior now defines effective security.