Collecting Cyber-News from over 60 sources

Tag: saas

Don’t confuse asset inventory with exposure management

Mar 16, 2026 4:10 PM

Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-management

Asset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
Shadow AI is everywhere. Here’s how to find and secure it.

Mar 16, 2026 4:10 PM

Tags: ai, saas, tool

Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Nudge Security explains how security teams can discover AI apps, monitor usage, and govern risky AI activity. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shadow-ai-is-everywhere-heres-how-to-find-and-secure-it/
LiveChat Abuse: How Phishers Are Exploiting SaaS Support Tools to Steal Sensitive Data

Mar 16, 2026 3:10 PM

Tags: attack, credentials, credit-card, cybercrime, data, email, exploit, finance, mfa, phishing, saas, service, threat, tool

Threat actors are abusing the LiveChat SaaS platform to impersonate brands like PayPal and Amazon in phishing campaigns designed to steal credentials, credit card details, MFA codes, and other sensitive data. Victims are lured through phishing emails and directed to LiveChat pages where attackers use chat interactions to request personal and financial information. The campaign…
Why Customer Acquisition Cost Is Rising Faster Than Revenue for Many SaaS Companies

Mar 13, 2026 1:09 PM

Tags: saas

Many SaaS companies entering the market expect growth to follow a predictable formula. Launch marketing campaigns. Generate leads. Convert a portion of them into paying customers. Then…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/03/why-customer-acquisition-cost-is-rising-faster-than-revenue-for-many-saas-companies/
AI-HealthTech Innovator Humata Health Partners with AccuKnox for Zero Trust CNAPP

Mar 13, 2026 1:09 PM

Tags: ai, cloud, cyber, healthcare, saas, usa, zero-trust

Menlo Park, California, USA, March 13th, 2026, CyberNewswire AI-HealthTech innovator Humata Health announced that it is partnering with AccuKnox, a leader in Code to Cognition Security, Zero Trust Cloud-Native Application Protection Platform (CNAPP), to streamline security for its SaaS platform. Healthcare Security Requirements To meetHIPAAmandates, the company adopted an on-prem deployment supported by AccuKnox. By…
AI-HealthTech Innovator Humata Health Partners with AccuKnox for Zero Trust CNAPP

Mar 13, 2026 1:09 PM

Tags: ai, cloud, cyber, healthcare, saas, usa, zero-trust

Menlo Park, California, USA, March 13th, 2026, CyberNewswire AI-HealthTech innovator Humata Health announced that it is partnering with AccuKnox, a leader in Code to Cognition Security, Zero Trust Cloud-Native Application Protection Platform (CNAPP), to streamline security for its SaaS platform. Healthcare Security Requirements To meetHIPAAmandates, the company adopted an on-prem deployment supported by AccuKnox. By…
Understanding SOC 2 Controls for SaaS Providers

Mar 13, 2026 12:10 PM

Tags: business, control, data, framework, governance, saas, soc, software, technology

For SaaS providers, trust is a core part of the offering. Customers rely on software platforms to process data, support business operations, and integrate with wider technology ecosystems. As a result, demonstrating effective security and governance controls using frameworks like SOC 2 has become an increasingly important requirement when selling to enterprise customers. SOC 2″¦…
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind

Mar 13, 2026 11:10 AM

Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, update

Severity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind

Mar 13, 2026 11:10 AM

Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, update

Severity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
Delinea’s StrongDM Acquisition Highlights the Changing Role of PAM

Mar 13, 2026 6:10 AM

Tags: access, cloud, credentials, kubernetes, saas

StrongDM, which injects ephemeral, real-time credentials into developer workflows, will enable Delinea to offer privilege access management across cloud, SaaS, Kubernetes, and database environments. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/delinea-strongdm-acquisition-highlights-changing-role-pam
Delinea’s StrongDM Acquisition Highlights the Changing Role of PAM

Mar 13, 2026 6:10 AM

Tags: access, cloud, credentials, kubernetes, saas

StrongDM, which injects ephemeral, real-time credentials into developer workflows, will enable Delinea to offer privilege access management across cloud, SaaS, Kubernetes, and database environments. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/delinea-strongdm-acquisition-highlights-changing-role-pam
Google Cloud Security Threat Horizons Report #13 (H1 2026) Is Out!

Mar 10, 2026 9:48 PM

Tags: access, ai, apt, attack, cloud, credentials, cybersecurity, data, email, exploit, extortion, google, incident response, injection, intelligence, LLM, metric, phishing, ransomware, rce, remote-code-execution, saas, service, social-engineering, software, theft, threat, vulnerability, zero-day

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Cloud Threat Horizons Report, #13 (full version, no info to enter!) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9, #10, #11 and #12).…
Zero Trust for B2B SaaS: What Every Founder and CTO Needs to Know

Mar 10, 2026 6:46 PM

Tags: framework, saas, zero-trust

For B2B SaaS companies, Zero Trust isn’t an optional enterprise security concept. It’s what enterprise buyers are demanding, what audit frameworks require, and increasingly what separates companies that close deals from those that don’t. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/zero-trust-for-b2b-saas-what-every-founder-and-cto-needs-to-know/
Why access decisions are becoming the weakest link in identity security

Mar 10, 2026 10:47 AM

Tags: access, ai, api, attack, authentication, automation, breach, business, ciso, control, credentials, data, finance, governance, group, iam, identity, least-privilege, login, okta, radius, risk, saas, service, technology, tool

The SSO fallacy: Why authentication is not a guarantee: I’m often asked by business and technology leaders, “If we have SSO enabled, why do we still need to worry about granular access controls?” The underlying assumption is that once a user is authenticated through a central, secure portal, the hard work is done.In practice, SSO…
What is zero trust security in SaaS applications? A practical implementation guide

Mar 9, 2026 6:47 PM

Tags: business, guide, login, saas, zero-trust

Zero trust used to sound like yet another security buzzword. In SaaS environments, it has turned into something far more practical: a way to keep your business moving fast without assuming that anything or anyone is safe just because they are “inside” your systems. Zero trust in SaaS is about treating every login, every device,…The…
AI-Based Cybersecurity Monitoring

Mar 9, 2026 6:47 PM

Tags: ai, cloud, cybersecurity, detection, endpoint, infrastructure, login, monitoring, network, saas, threat

Transforming Security Operations with Intelligent, Real-Time Threat Detection The Growing Need for Intelligent Security Monitoring Modern enterprises operate in highly dynamic digital environments where cloud platforms, SaaS applications, remote work infrastructure, and connected devices continuously generate vast volumes of security data. Every login attempt, network request, endpoint activity, and application interaction contributes to an expanding…
SaaS Application Testing: From Traditional Methods to AI-Powered QA

Mar 9, 2026 3:48 PM

Tags: ai, saas

Speed has become the currency of SaaS businesses. New features are expected faster, releases happen more frequently, and customers have little patience for glitches or…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/03/saas-application-testing-from-traditional-methods-to-ai-powered-qa/
5 Actions Critical for Cybersecurity Leadership During International Conflicts

Mar 6, 2026 8:46 PM

Tags: attack, backup, business, cloud, corporate, cyber, cybersecurity, data, exploit, government, incident response, infrastructure, international, iran, middle-east, military, network, resilience, risk, risk-assessment, russia, saas, service, supply-chain, technology, threat, ukraine, update, vulnerability, warfare

The recent military attacks involving Iran in the Middle East are a stark reminder that cybersecurity leadership must continually incorporate geopolitical risk into their enterprise cyber risk posture and preparedness. Every crisis that elevates to military engagements between cyber-active participants, changes the risk landscape of businesses, for people, operations, and data. This includes the…
Europa im Visier von Cyber-Identitätsdieben

Mar 6, 2026 5:47 AM

Tags: ai, authentication, china, cloud, cve, cyber, cyberattack, exploit, germany, google, korea, lazarus, mail, malware, mfa, microsoft, phishing, ransomware, saas, sap, service, strategy, threat, vpn, vulnerability

Deutsche Unternehmen müssen sich warm anziehen: Sowohl staatliche als auch ‘private” Akteure haben es auf sie abgesehen.ShutterstockWie die Experten von Darktrace in ihrem aktuellen Threat Report 2026 darstellen, bleiben Cloud- und E-Mail-Konten das Einfallstor Nummer Eins in Europa. Dem Bericht zufolge begannen im vergangenen Jahr in Europa 58 Prozent der Attacken mit kompromittierten Cloud-Accounts oder…
ShinyHunters Claims Woflow Breach: What It Means for SaaS Supply Chain Security

Mar 5, 2026 11:46 PM

Tags: breach, extortion, risk, saas, supply-chain, tactics

Learn the security risks in SaaS supply chains and about ShinyHunters’ evolving extortion tactics behind the alleged Woflow breach. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/shinyhunters-claims-woflow-breach-what-it-means-for-saas-supply-chain-security/
Codenotary Trust delivers autonomous AI security for Linux and Kubernetes

Mar 5, 2026 4:46 PM

Tags: ai, kubernetes, linux, saas

Codenotary has announced Codenotary Trust, a unified SaaS platform that uses AI to instantly detect, prioritize, and autonomously fix security, configuration, and performance … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/05/codenotary-trust-saas-platform/
Should Cloud Be Classed as Critical Infrastructure?

Mar 5, 2026 2:46 PM

Tags: access, authentication, banking, breach, business, cloud, compliance, computing, container, control, cyber, cybersecurity, data, dora, encryption, fido, finance, framework, governance, Hardware, healthcare, identity, incident, infrastructure, mfa, network, nis-2, radius, regulation, resilience, risk, saas, service, strategy, supply-chain, technology

Should Cloud Be Classed as Critical Infrastructure? madhav Thu, 03/05/2026 – 09:53 Over the past few years, large-scale cloud outages have demonstrated just how deeply digital services are woven into the fabric of modern society. When widely used cloud platforms experience disruption, the impact extends far beyond individual applications; banking services stall, transport systems falter,…
AI Governance Guide: Principles Frameworks

Mar 5, 2026 2:46 PM

Tags: access, ai, framework, governance, guide, identity, risk, saas

Learn what AI governance is, core principles, and how to build an AI governance framework that manages risk, identity, SaaS access, and continuous oversight. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/ai-governance-guide-principles-frameworks/
The Real Shadow AI Problem: Too Much Access

Mar 5, 2026 2:46 PM

Tags: access, ai, identity, saas

Shadow AI isn’t just about unapproved tools. It’s about excessive access. Learn how OAuth, identity sprawl, and SaaS integrations create hidden AI risk. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-real-shadow-ai-problem-too-much-access/
Okta vs Microsoft Entra ID: Which Enterprise SSO Platform Is Better?

Mar 5, 2026 12:47 PM

Tags: authentication, identity, microsoft, okta, saas

Compare Okta vs Microsoft Entra ID for enterprise SSO. Learn differences in authentication, security, and identity management for SaaS and enterprise platforms. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/okta-vs-microsoft-entra-id-which-enterprise-sso-platform-is-better/
Angriffe auf Lieferketten entwickeln sich zur weltweit größten Cyberbedrohung

Mar 5, 2026 6:47 AM

Tags: cyberattack, cybercrime, group, open-source, saas, service, software, supply-chain

Das Netz der Täuschung bei Angriffen auf die Software-Lieferkette aufdecken Der diesjährige Bericht zu Trends im Bereich Hightech-Kriminalität von Group-IB zeigt, dass sich die Cyberkriminalität entscheidend von isolierten Angriffen hin zu einer Gefährdung des gesamten Ökosystems verlagert hat, bei der Angreifer vertrauenswürdige Anbieter, Open-Source-Software, SaaS-Plattformen, Browser-Erweiterungen und Managed Service Provider ausnutzen, um sich Zugang zu……
Angriffe auf Lieferketten entwickeln sich zur weltweit größten Cyberbedrohung

Mar 5, 2026 6:47 AM

Tags: cyberattack, cybercrime, group, open-source, saas, service, software, supply-chain

Das Netz der Täuschung bei Angriffen auf die Software-Lieferkette aufdecken Der diesjährige Bericht zu Trends im Bereich Hightech-Kriminalität von Group-IB zeigt, dass sich die Cyberkriminalität entscheidend von isolierten Angriffen hin zu einer Gefährdung des gesamten Ökosystems verlagert hat, bei der Angreifer vertrauenswürdige Anbieter, Open-Source-Software, SaaS-Plattformen, Browser-Erweiterungen und Managed Service Provider ausnutzen, um sich Zugang zu……
Microsoft leads takedown of Tycoon2FA phishing service infrastructure

Mar 5, 2026 5:47 AM

Tags: access, authentication, captcha, control, credentials, cybercrime, data, defense, detection, dkim, email, Hardware, infrastructure, malicious, mfa, microsoft, monitoring, network, organized, passkey, phishing, qr, saas, service, threat, tool

Stringent defenses needed: CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint…
Microsoft leads takedown of Tycoon2FA phishing service infrastructure

Mar 5, 2026 5:47 AM

Tags: access, authentication, captcha, control, credentials, cybercrime, data, defense, detection, dkim, email, Hardware, infrastructure, malicious, mfa, microsoft, monitoring, network, organized, passkey, phishing, qr, saas, service, threat, tool

Stringent defenses needed: CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint…
Top SCIM Providers for B2B SaaS Apps: Automated User Provisioning Platforms

Mar 4, 2026 4:46 PM

Tags: identity, saas

Compare the top SCIM providers for B2B SaaS apps. Learn how SCIM provisioning automates user lifecycle management and integrates with enterprise identity providers. Alternative version (slightly stronger for click-through): Discover the top SCIM providers for B2B SaaS platforms. Learn how automated user provisioning works and how SaaS apps integrate with enterprise identity providers. First seen…