The Third-Party Breach List Keeps Growing. Vimeo is the latest to join.
Vimeo was breached through Anodot, a third-party analytics tool. So was Rockstar Games. Same vendor, same month. This is no longer a pattern. It's the playbook.
Latest
How One AI Tool Brought Down Vercel's Security
An AI tool with OAuth access. A trusted session. No alerts. The Vercel breach shows how Shadow AI is becoming the easiest way in.
Rockstar Breach Explained: 78.6 Million Records. Zero Alarms. One Unmonitored Vendor.
Rockstar wasn’t breached through their own systems. Attackers compromised a vendor, used legitimate access into Snowflake, and walked away with 78.6 million records, without triggering a single alert.
The Side Door Problem: What the HackerOne Breach Tells Us About Third-Party Risk
HackerOne wasn’t breached directly. A supplier was. One vulnerability exposed millions across multiple organisations. This is how modern attacks really happen, and why most companies still don’t see the risk.
The Crunchyroll Breach Explained: How a Vendor Login Exposed 6.8M Users
Attackers didn’t breach Crunchyroll’s systems, they logged in through a compromised vendor account. The incident highlights a growing risk: third-party access across SaaS environments.
Lazarus Ransomware Attacks in the Middle East: What It Means
A recent campaign linked to North Korea’s Lazarus Group targeted organizations in the Middle East using Medusa ransomware. The attack highlights how modern ransomware operations work—and why identity and SaaS visibility are becoming critical for security teams.
The Vendor You Trusted Just Exposed 25 Million People
A breach at Conduent exposed the data of 25 million Americans after attackers remained inside the vendor’s systems for three months.
Thought you weren’t a target? ShadyPanda has been watching you for 7 years.
For nearly a decade, a malicious Chrome extension quietly collected session cookies and authenticated access from real users inside real companies. The story behind ShadyPanda highlights a growing blind spot in modern security: what happens inside authenticated SaaS sessions.
Your AI Tools Have More Access Than You Think.
AI tools are spreading across organizations faster than most security teams can track. Each OAuth login or SaaS integration can quietly create persistent access to company data, often without centralized visibility.
Why Microsoft Security Gives You Confidence, But Not the Full Story
Microsoft gives strong identity visibility, but only inside Microsoft. This explains where today’s SaaS attacks actually start.
Nissan Data Breach: What Really Happened
In December, Nissan lost customer data — even though its own systems weren’t hacked. The problem came from an external platform with standing access. Read how this happened, why it keeps repeating, and what security teams should change.
Your Organisation Runs on More Than Google. Your Security Should Too
Google-native companies tend to move quickly. Their teams adopt new tools early, automate workflows efficiently, and rely on the browser as the central work environment. This speed is rarely a “security issue”; it’s a modern pattern that emerges naturally when companies build on a flexible, cloud-first platform like Google
Roundtables
Cybersecurity in the Boardroom: Key Insights from the FrontierZero CISO Roundtable
Our closed-door CISO roundtable in Dubai highlighted a major shift: the perimeter is gone, and real-time identity behavior now defines effective security.
SaaS Security
What Is Context-Based Security (and Why the Old Way Doesn’t Work Anymore)
Most breaches slip through not for lack of alerts, but for lack of context. Context-based security brings clarity to chaos — helping teams focus on what’s real.
Cybersecurity
One Contractor, Global Consequences: How Identity Risk Crippled Jaguar Land Rover
Jaguar Land Rover lost millions when one contractor account went unchecked. This wasn’t a system failure; it was a visibility failure. Here’s what every CISO can learn about identity risk and supply chain trust.
SaaS Security
SaaS Shared Responsibility: What Security Leaders Must Know
SaaS providers secure the platform. You’re responsible for everything inside it: users, vendors, permissions, and risk. This blog breaks down where responsibility lies, what’s commonly missed, and how CISOs can prevent the most common SaaS breaches.
SaaS Security
Privilege Creep: The Hidden Backdoor Hackers Exploit in Your SaaS Environment
Privilege creep happens when users accumulate admin access over time. In SaaS environments, this creates invisible risk: inactive accounts, missing MFA, and external admins hackers love to exploit. Here's how to find and fix it before it’s too late.
Shadow IT
The Top 5 Departments Most Likely to Use Shadow IT
Discover the 5 departments most likely to introduce it into your SaaS environment.
Boardroom
Middle East Boardroom Brief: 5 Critical Data Breach Takeaways
Insights from the 2025 IBM Cost of a Data Breach Report
SaaS Security
Top 5 Takeaways for CISOs from the 2025 IBM Cost of a Data Breach Report
The latest IBM Cost of a Data Breach Report just dropped—and while headlines focus on global averages, the real insights for CISOs lie deeper. From regional cost surges to the hidden price of Shadow AI, here are five takeaways you can use to protect your organization in 2026 and beyond.
MFA
Why MFA is a Boardroom Issue, Not an IT One.
MFA gaps aren’t just an IT problem—they’re a boardroom risk. Learn how to spot exposed users, admins, and apps in minutes, not months.
SSPM
What is SSPM and why it’s essential in 2025.
SaaS tools are the new business layer—but they’ve created a visibility gap security teams can’t ignore. This guide explains what SSPM is, why it matters, and how FrontierZero brings identity and context together to reduce risk where it matters most.
SaaS Security
How Many Users in Your SaaS Stack Don’t Actually Work There?
Orphaned SaaS accounts are the invisible risk lurking in every organization. Learn how ex-employees, contractors, and automations keep access long after offboarding — and why modern security teams are shifting to identity + context to shut it down.
ITDR
What Is ITDR, and Why It’s Essential for Securing SaaS in 2025
SaaS has changed the identity perimeter. In this guide, we break down what ITDR means, why legacy tools miss SaaS threats, and how to catch ghost access.