HackerOne wasn’t breached directly. A supplier was. One vulnerability exposed millions across multiple organisations. This is how modern attacks really happen, and why most companies still don’t see the risk.
Attackers didn’t breach Crunchyroll’s systems, they logged in through a compromised vendor account. The incident highlights a growing risk: third-party access across SaaS environments.
A recent campaign linked to North Korea’s Lazarus Group targeted organizations in the Middle East using Medusa ransomware. The attack highlights how modern ransomware operations work—and why identity and SaaS visibility are becoming critical for security teams.
A breach at Conduent exposed the data of 25 million Americans after attackers remained inside the vendor’s systems for three months.
For nearly a decade, a malicious Chrome extension quietly collected session cookies and authenticated access from real users inside real companies. The story behind ShadyPanda highlights a growing blind spot in modern security: what happens inside authenticated SaaS sessions.
AI tools are spreading across organizations faster than most security teams can track. Each OAuth login or SaaS integration can quietly create persistent access to company data, often without centralized visibility.
Microsoft gives strong identity visibility, but only inside Microsoft. This explains where today’s SaaS attacks actually start.
In December, Nissan lost customer data — even though its own systems weren’t hacked. The problem came from an external platform with standing access. Read how this happened, why it keeps repeating, and what security teams should change.
Google-native companies tend to move quickly. Their teams adopt new tools early, automate workflows efficiently, and rely on the browser as the central work environment. This speed is rarely a “security issue”; it’s a modern pattern that emerges naturally when companies build on a flexible, cloud-first platform like Google
Our closed-door CISO roundtable in Dubai highlighted a major shift: the perimeter is gone, and real-time identity behavior now defines effective security.
Most breaches slip through not for lack of alerts, but for lack of context. Context-based security brings clarity to chaos — helping teams focus on what’s real.
Jaguar Land Rover lost millions when one contractor account went unchecked. This wasn’t a system failure; it was a visibility failure. Here’s what every CISO can learn about identity risk and supply chain trust.