Collecting Cyber-News from over 60 sources

Tag: saas

LastPass Customer Data Exposed in Klue Supply Chain Attack Using Stolen OAuth Tokens

Jun 23, 2026 3:33 PM

Tags: access, attack, authentication, breach, cyber, data, data-breach, risk, saas, security-incident, supply-chain, unauthorized

A security incident involving the third-party platform Klue has resulted in unauthorized access to limited customer data in LastPass. The breach occurred after attackers compromised OAuth tokens associated with enterprise integrations. This incident, disclosed by LastPass, underscores the ongoing risks related to SaaS integrations and token-based authentication in today’s enterprise environments. LastPass Customer Data Exposed…
Infinite Campus: Salesforce Breach Exposed 137,000 Staff Records

Jun 17, 2026 5:02 AM

Tags: breach, data, data-breach, phishing, saas

Infinite Campus says a Salesforce breach exposed data tied to 137,000 school staff accounts, raising phishing and SaaS security concerns. The post Infinite Campus: Salesforce Breach Exposed 137,000 Staff Records appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-infinite-campus-salesforce-breach-school-staff-data/
Infinite Campus Incident Exposes Data From 137,000 School Staff Accounts

Jun 16, 2026 9:03 PM

Tags: breach, data, data-breach, risk, saas

A breach at Infinite Campus exposed data from 137,000 school staff accounts, highlighting SaaS security risks in education. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/infinite-campus-incident-exposes-data-from-137000-school-staff-accounts/
MSPs get a faster way to secure SaaS environments

Jun 16, 2026 6:01 AM

Tags: msp, saas

First seen on scworld.com Jump to article: www.scworld.com/news/msps-get-a-faster-way-to-secure-saas-environments
Hackers Exploit Claude Code MCP Traffic to Hijack OAuth Authentication Tokens

Jun 8, 2026 8:42 AM

Tags: access, attack, authentication, cyber, exploit, hacker, saas, threat

Threat researchers have uncovered a novel man-in-the-middle (MitM) attack chain targeting Anthropic’s Claude Code ecosystem, where adversaries hijack Model Context Protocol (MCP) traffic to steal OAuth authentication tokens and persist access to enterprise SaaS platforms. The technique, detailed by Mitiga, abuses weak protections around the local Claude Code configuration file (~/.claude.json), effectively turning it into…
Zscaler Targets AI Identity Risk With Symmetry Acquisition

May 23, 2026 1:00 AM

Tags: ai, cloud, control, identity, risk, saas, startup, zero-trust

Startup Symmetry Systems Maps Relationships Across AI, SaaS and Cloud Assets. Zscaler plans to acquire San Francisco-based Symmetry Systems to unify visibility across AI models, identities, applications and datasets, helping enterprises track AI lineage, govern agentic identities and enforce granular zero trust controls across cloud and SaaS environments. First seen on govinfosecurity.com Jump to article:…
The Canvas breach proved that prevention is no longer enough

May 18, 2026 1:00 PM

Tags: attack, breach, cybercrime, saas

Cybercriminals brought down the most widely used learning platform in North America. The Canvas breach is a blueprint for how SaaS attacks now work, and a warning about how unprepared most organizations still are. First seen on cyberscoop.com Jump to article: cyberscoop.com/canvas-breach-saas-security-identity-governance-op-ed/
Warum eingebaute KI-Leitplanken für Agentic-AI nicht ausreichen

May 12, 2026 3:19 PM

Tags: access, ai, api, intelligence, okta, saas, threat, tool

KI-Agenten entwickeln sich rasant zu zentralen Werkzeugen der Automatisierung. Um ihre Aufgaben erfüllen zu können, benötigen sie umfangreiche Zugriffsrechte auf Tools, Datenbanken, SaaS-Anwendungen und das Internet. Ein aktueller Bericht unserer Okta Threat Intelligence warnt nun davor, diesen Systemen unreguliert die Schlüssel zum Stadttor wie Anmeldedaten, API-Schlüssel, persönliche Access-Tokens und OAuth-Tokens zu überreichen. Jüngste […] First…
Veeam warnt nach Cyberangriff auf Canvas vor unterschätzten SaaS-Risiken

May 12, 2026 11:19 AM

Tags: cyberattack, risk, saas, security-incident, veeam

Entscheidend bleibt die Fähigkeit von Unternehmen, Daten unabhängig wiederherstellen und den Geschäftsbetrieb auch nach einem Sicherheitsvorfall schnell fortsetzen zu können. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-warnt-nach-cyberangriff-auf-canvas-vor-unterschaetzten-saas-risiken/a45086/
AI security is repeating endpoint security’s biggest mistake

May 11, 2026 5:20 PM

Tags: access, ai, api, automation, business, control, data, detection, edr, endpoint, governance, incident response, injection, LLM, monitoring, open-source, radius, risk, saas, sbom, soc, strategy, technology, threat, tool, update

Most AI security is still at the posture phase: Look at where most organizations are with AI security today. Model cards, AI-specific SBOMs, input and output filters, prompt injection guardrails and access controls around model APIs. These are valuable controls, but they reflect a posture-based approach. To truly enhance security, organizations must recognize the importance…
Hackerangriff auf Lernplattform Canvas

May 11, 2026 5:20 PM

Tags: cyberattack, saas, software, tool, veeam

Am vergangenen Freitag wurde die bekannte Lernplattform Canvas zum Ziel eines Angriffs der Hackergruppe <>, die bereits mit ihrer Attacke auf den bekannten Spieleentwickler Rockstar Games auf sich aufmerksam machten. Zwei Sicherheitsexperten von Veeam Software ordnen diesen Vorfall ein und zeigen auf, wie Unternehmen SaaS-Tools wie Canvas absichern können und sollten. Dave Russell, SVP and…
WatchGuard Strengthens Cloud Detection With Perimeters Buy

May 8, 2026 12:48 AM

Tags: attack, cloud, detection, identity, saas, startup, threat

WatchGuard Aims to Reduce Alert Fatigue Through Telemetry Correlation. WatchGuard acquired SaaS security startup Perimeters to strengthen cloud detection and response capabilities spanning identity threat detection, cloud posture management and shadow IT discovery as enterprises face escalating attacks targeting cloud applications and distributed environments. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/watchguard-strengthens-cloud-detection-perimeters-buy-a-31630
Omada Identity stellt mit <> eigene Private-Cloud vor

May 7, 2026 5:48 PM

Tags: cloud, identity, microsoft, risk, saas

Omada Identity stellt ‘Omada Identity Cloud Private” für regulierte Unternehmen und Behörden vor. Die neue Bereitstellungsoption bietet regulierten Unternehmen und Regierungsorganisationen die gesamte Omada-Identity-Cloud-Plattform innerhalb ihres eigenen Microsoft-Azure-Tenants. Sie beseitigt damit den Kompromiss zwischen Cloud-nativer IGA und der Tenant-Eigentümerschaft, die ihre Prüfer, Aufsichtsbehörden und Risiko-Analysten erwarten. Kunden haben nun drei Möglichkeiten, Omada-Identity-Cloud zu nutzen: Multi-Tenant-SaaS,…
ESecurity-Spezialist Seppmail beruft neuen CEO und stärkt Fokus auf ESecurity und Data-Sovereignty

May 6, 2026 4:48 PM

Tags: ceo, data, mail, saas

Seppmail, ein führender Anbieter von Lösungen für sichere E-Mail-Kommunikation, startet mit einem neuen CEO in die nächste Wachstumsphase. Zum 15. April 2026 hat Marcus Zeidler die Position des Chief Executive Officer übernommen und tritt damit die Nachfolge von Gründer Stefan Klein an. Gemeinsam mit LEA Partners, einem führenden Partner für B2B-SaaS-Unternehmen, wird Seppmail den eingeschlagenen…
BlueVoyant Prepares SaaS Push Under New CEO John Hernandez

May 6, 2026 12:44 AM

Tags: ai, business, ceo, detection, microsoft, risk, saas, service, supply-chain

BlueVoyant Seeks to Expand Beyond MDR Clients Into Firms With Mature In-House SOCs. BlueVoyant named John Hernandez – the former leader of Quest’s Microsoft security business – as its next CEO to drive an agentic AI SaaS platform that expands the vendor beyond managed services and helps customers accelerate detection, response and supply-chain risk management.…
AI Security vs AI Governance Explained

May 4, 2026 8:49 PM

Tags: ai, governance, identity, saas

Understand the difference between AI security and AI governance and why both fail without identity and SaaS control. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/ai-security-vs-ai-governance-explained/
SaaS Identity Is the New Security Perimeter

May 4, 2026 8:49 PM

Tags: ai, identity, network, saas

Learn why SaaS identity, not the network, is now the true security perimeter in AI-driven environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/saas-identity-is-the-new-security-perimeter/
âš¡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

May 4, 2026 6:48 PM

Tags: ai, android, breach, control, exploit, github, linux, open-source, phishing, rce, remote-code-execution, saas, tool

This week, the shadows moved faster than the patches.While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and…
Security for AI: A strategic framework for closing the AI exposure gap

May 4, 2026 5:48 PM

Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, control, data, data-breach, detection, endpoint, exploit, flaw, framework, governance, identity, infrastructure, injection, jobs, least-privilege, LLM, malicious, microsoft, risk, risk-analysis, saas, service, software, threat, tool, unauthorized, vulnerability

As AI adoption accelerates, CISOs face a dual challenge: fueling innovation while mitigating the risks of a rapidly expanding attack surface. Tenable’s five-step framework for securing AI offers a systematic approach to reducing AI security risks as your organization races to achieve the productivity benefits of AI. Key takeaways Get a five-step framework to help…
Security for AI: A strategic framework for closing the AI exposure gap

May 4, 2026 5:48 PM

Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, control, data, data-breach, detection, endpoint, exploit, flaw, framework, governance, identity, infrastructure, injection, jobs, least-privilege, LLM, malicious, microsoft, risk, risk-analysis, saas, service, software, threat, tool, unauthorized, vulnerability

As AI adoption accelerates, CISOs face a dual challenge: fueling innovation while mitigating the risks of a rapidly expanding attack surface. Tenable’s five-step framework for securing AI offers a systematic approach to reducing AI security risks as your organization races to achieve the productivity benefits of AI. Key takeaways Get a five-step framework to help…
Webinar: Why MSPs must rethink security and backup strategies

May 4, 2026 2:49 PM

Tags: backup, breach, msp, resilience, saas, strategy

Security breaches don’t just test your defenses”, they test your recovery. Join Kaseya in our upcoming webinar to learn how MSPs strengthen resilience with SaaS backups and BCDR to stay operational after attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-why-msps-must-rethink-security-and-backup-strategies/
Ultimate Guide to PCI Compliance for SaaS Companies

May 3, 2026 12:48 PM

Tags: compliance, cybersecurity, fedramp, framework, guide, PCI, saas

While we talk a lot about governmental cybersecurity here on the Ignyte blog, programs like FedRAMP and CMMC are not the most common kind of security you’re likely to encounter. That honor goes to PCI DSS. PCI DSS is a security framework we all engage with on a near-daily basis. It’s the security framework used……
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

May 1, 2026 5:39 PM

Tags: attack, cybercrime, cybersecurity, data, extortion, group, saas, theft

Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating almost within the confines of SaaS environments, while leaving minimal traces of their actions.The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider (aka O-UNC-025 and UNC6661), have been attributed to high-speed data theft and First…
Networks of Browser Extensions Are Spyware in Disguise

May 1, 2026 9:39 AM

Tags: ai, attack, corporate, data, governance, intelligence, leak, network, privacy, saas, spyware

Modern browser extensions and ad blockers are legally collecting and reselling user data, including streaming habits and B2B sales intelligence, under the guise of “analytics.” This unregulated “legal spyware” creates massive security gaps as employees unwittingly leak corporate URLs, SaaS dashboards, and research activity to third-party databases. With the rise of AI-native browsers and personal…
‘Trivial’ exploit can give attackers root access to Linux kernel

May 1, 2026 5:39 AM

Tags: access, ai, attack, business, cloud, container, cve, data, exploit, flaw, github, gitlab, Hardware, incident response, iot, korea, kubernetes, linux, malware, monitoring, remote-code-execution, risk, risk-assessment, saas, sans, software, supply-chain, theft, threat, unauthorized, update, vulnerability

), which lets users easily obtain root access, there isn’t much CSOs can do, says Johannes Ullrich, dean of research at the SANS Institute, as long as they have monitoring for privilege escalation already in place.With root access, a threat actor can do anything to a system, from data theft to data erasure.”The CopyFail vulnerability…
The Top 3 Ways Criminals Use AI in Cyber Attacks

Apr 30, 2026 5:39 PM

Tags: ai, attack, cyber, risk, saas

AI-driven SaaS security risks grow fast. Here’s what to watch out for and how to prevent breaches. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/the-top-3-ways-criminals-use-ai-in-cyber-attacks/
Two new extortion crews are speedrunning the Scattered Spider playbook

Apr 30, 2026 5:39 PM

Tags: crowdstrike, data, extortion, group, phishing, saas, threat

CrowdStrike says The Com-affiliated threat groups are using voice phishing and fake SSO pages to break into SaaS environments and steal data fast for extortion. First seen on cyberscoop.com Jump to article: cyberscoop.com/crowdstrike-cordial-spider-snarky-spider-extortion-attacks/
Adaptive Security Leadership in an Expanding Threat Surface

Apr 30, 2026 5:39 AM

Tags: access, attack, automation, control, cyber, data, identity, least-privilege, resilience, risk, saas, service, technology, threat, zero-trust

Last week I joined fellow security leaders at CISO Inspire Summit North for a panel discussion on The Expanding Threat Surface: Adaptive Security Leadership for 2026 and Beyond. It was a timely discussion, because the challenge facing security leaders today is not simply more threats. It is more connections, more dependencies, and more complexity. Suppliers, SaaS, identities, automation…
Deploying SafePaaS for Oracle ERP Cloud: A 90″‘Day Blueprint to Strengthen Risk Management

Apr 29, 2026 4:39 PM

Tags: cloud, control, oracle, risk, risk-management, saas

This blueprint shows how an Oracle ERP Cloud customer deploys SafePaaS as an independent control layer and how it operates day to day once live. It is designed for complex, audit”‘intensive Oracle Cloud environments with multi”‘entity footprints, connected SaaS applications, recurring external audits, and growing pressure to prove that Oracle”‘generated evidence is complete, accurate, and……
Top AI-Powered Vendor Risk Management Platforms for SaaS Companies in 2026

Apr 29, 2026 11:38 AM

Tags: ai, risk, risk-management, saas, tool

Top AI-powered vendor risk platforms for SaaS companies in 2026, compare tools, features, and how to choose the… First seen on hackread.com Jump to article: hackread.com/ai-powered-vendor-risk-management-platforms-saas-companies-2026/