All news with #saas tag

Browser Security Report 2025: Emerging Enterprise Risks

🛡️ The Browser Security Report 2025 warns that enterprise risk is consolidating in the user's browser, where identity, SaaS, and GenAI exposures converge. The research shows widespread unmanaged GenAI usage and paste-based exfiltration, extensions acting as an embedded supply chain, and a high volume of logins occurring outside SSO. Legacy controls like DLP, EDR, and SSE are described as operating one layer too low. The report recommends adopting session-native, browser-level controls to restore visibility and enforce policy without disrupting users.

Evolving Enterprise Defense for the Modern AI Supply Chain

🛡️ Wing Security outlines how enterprises must evolve defenses to protect the modern AI application supply chain. The article explains that rapid AI sprawl, interapplication integrations, and new data exposure vectors create blind spots traditional controls were not built to handle. By extending its SaaS Security Posture Management foundation, Wing Security offers continuous discovery, real-time monitoring, vendor analytics, and adaptive governance to reduce supply chain, data leakage, and compliance risk.

UNC5221 Deploys BRICKSTORM Backdoor Against US Targets

🛡️ Mandiant and Google’s Threat Intelligence Group report that the China‑nexus cluster UNC5221 has delivered the Go‑based backdoor BRICKSTORM to U.S. legal, SaaS, BPO, and technology organizations, frequently exploiting Ivanti Connect Secure zero‑days. BRICKSTORM uses a WebSocket C2, offers file and command execution, and provides a SOCKS proxy to reach targeted applications. The campaign prioritizes long, stealthy persistence on appliances that lack traditional EDR coverage, enabling lateral movement and access to downstream customer environments.