{"id":"6b75c4a8-0f23-42d1-b4a6-7e2dc0857538","timestamp":1777388592628,"matcher":{"static":{"/lunchandlearn":{"redirect":"/lunchandlearn/form"},"/holidays":{"redirect":"/lp/holidays"},"/__nuxt_content/blog/sql_dump.txt":{"prerender":true},"/__nuxt_content/featuredblogpost/sql_dump.txt":{"prerender":true},"/__nuxt_content/applicationFlags/sql_dump.txt":{"prerender":true},"/__nuxt_content/platformcollection/sql_dump.txt":{"prerender":true},"/__nuxt_content/chatplatforms/sql_dump.txt":{"prerender":true},"/__nuxt_content/helpArticles/sql_dump.txt":{"prerender":true},"/__nuxt_content/helpAdministrators/sql_dump.txt":{"prerender":true},"/__nuxt_content/helpEmployees/sql_dump.txt":{"prerender":true},"/__nuxt_content/helpDocsArticles/sql_dump.txt":{"prerender":true},"/__nuxt_content/helpAdministratorsPages/sql_dump.txt":{"prerender":true},"/__nuxt_content/helpEmployeesPages/sql_dump.txt":{"prerender":true},"/__nuxt_content/helpAdministratorsNavigation/sql_dump.txt":{"prerender":true},"/__nuxt_content/helpEmployeesNavigation/sql_dump.txt":{"prerender":true},"/__nuxt_content/helpAdministratorsTopics/sql_dump.txt":{"prerender":true},"/__nuxt_content/helpEmployeesTopics/sql_dump.txt":{"prerender":true},"/__nuxt_content/allfeatures/sql_dump.txt":{"prerender":true},"/__nuxt_content/browsers/sql_dump.txt":{"prerender":true},"/__nuxt_content/os/sql_dump.txt":{"prerender":true},"/__nuxt_content/oauthapicollection/sql_dump.txt":{"prerender":true}},"wildcard":{},"dynamic":{}},"prerendered":["/resources/browser-identity-attacks-matrix/oauth-token-enumeration","/resources/browser-identity-attacks-matrix/password-scraping","/resources/browser-identity-attacks-matrix/saml-enumeration","/resources/browser-identity-attacks-matrix/poisoned-tenants","/resources/browser-identity-attacks-matrix/passwordless-logins","/resources/browser-identity-attacks-matrix/abuse-existing-oauth-integrations","/resources/browser-identity-attacks-matrix/samljacking","/resources/browser-identity-attacks-matrix/noauth","/resources/browser-identity-attacks-matrix/mfa-fatigue","/resources/browser-identity-attacks-matrix/account-ambushing","/resources/browser-identity-attacks-matrix/oauth-tokens","/resources/browser-identity-attacks-matrix/api-keys","/resources/browser-identity-attacks-matrix/credential-stuffing","/resources/browser-identity-attacks-matrix/consent-phishing","/resources/browser-identity-attacks-matrix/app-spraying","/resources/browser-identity-attacks-matrix/app-directory-lookup","/resources/browser-identity-attacks-matrix/dns-reconnaissance","/resources/browser-identity-attacks-matrix/device-code-phishing","/resources/browser-identity-attacks-matrix/automation-workflow-sharing","/resources/browser-identity-attacks-matrix/account-recovery","/resources/browser-identity-attacks-matrix/client-side-app-spoofing","/resources/browser-identity-attacks-matrix/email-discovery","/resources/browser-identity-attacks-matrix/email-phishing","/resources/browser-identity-attacks-matrix/im-phishing","/resources/browser-identity-attacks-matrix/ghost-logins","/resources/browser-identity-attacks-matrix/evil-twin-integrations","/resources/browser-identity-attacks-matrix/link-backdooring","/resources/browser-identity-attacks-matrix/in-app-phishing","/resources/browser-identity-attacks-matrix/im-user-spoofing","/resources/browser-identity-attacks-matrix/link-sharing","/resources/browser-identity-attacks-matrix/malicious-mail-rules","/resources/browser-identity-attacks-matrix/api-secret-theft","/resources/browser-identity-attacks-matrix/shadow-workflows","/resources/browser-identity-attacks-matrix/slug-tenant-enumeration","/resources/browser-identity-attacks-matrix/username-enumeration","/resources/browser-identity-attacks-matrix/subdomain-tenant-discovery","/resources/browser-identity-attacks-matrix/system-integrations","/resources/browser-identity-attacks-matrix/webhooks","/resources/browser-identity-attacks-matrix/takeout-services","/resources/browser-identity-attacks-matrix/hijack-oauth-flows","/resources/browser-identity-attacks-matrix/inbound-federation","/resources/browser-identity-attacks-matrix/aitm-phishing","/resources/browser-identity-attacks-matrix/session-cookie-theft","/resources/browser-identity-attacks-matrix/device-enrollment","/resources/browser-identity-attacks-matrix/mfa-downgrade","/resources/browser-identity-attacks-matrix/guest-access-abuse","/resources/browser-identity-attacks-matrix/cross-idp-impersonation","/resources/browser-identity-attacks-matrix/verification-phishing","/resources/browser-identity-attacks-matrix/ui-redressing","/resources/browser-identity-attacks-matrix/app-specific-password-phishing","/resources/browser-identity-attacks-matrix/consentfix","/resources/browser-identity-attacks-matrix","/uc/account-takeover-detection","/uc/incident-response","/uc/clickfix-protection","/uc/shadow-ai","/uc/shadow-saas","/uc/zero-day-phishing-protection","/uc/attack-path-hardening","/pricing","/uc/browser-extension-security","/contact","/","/product","/legal/terms","/legal/processing","/legal/cookies","/demo","/legal/privacy","/legal/subprocessors","/help/audience/administrators","/about","/404","/cyber","/faq","/hacked","/try-again","/retry-demo","/newsletter","/cmp/redirect","/features/secure-oauth-permissions-and-applications","/features/detect-malicious-mail-rules","/hunt","/features/adopt-multi-factor-authentication","/news","/thank-you-demo","/features/saas-discovery","/product-demo","/partner","/customer-stories","/blog","/resources","/events","/blog/consentfix-v3-analyzing-a-new-toolkit","/blog/browser-sync-attacks-where-personal-account-hacks-lead-to-corporate-breaches","/blog/unpacking-the-vercel-breach","/blog/guide-how-to-use-push-controls-to-protect-your-users-from-modern-attacks","/blog/consentfix","/blog/scattered-lapsus-hunters","/blog/uncovering-a-calendly-themed-phishing-campaign","/blog/push-plus-cloud-security","/blog/push-plus-endpoint-security","/blog/push-plus-network-security","/resources/clickfix","/resources/phishing-2025-review","/resources/product-brochure","/webinar/state-of-browser-security","/help/audience/employees","/resources/browser-attacks-report","/help/audience/administrators/docs/getting-started","/help/audience/administrators/topic/push-admin-console","/help/audience/administrators/topic/managing-saas","/help/audience/administrators/topic/investigating-mail-rules","/help/audience/administrators/topic/chatops","/help/audience/administrators/topic/privacy-and-security","/help/audience/administrators/topic/integrating-with-google-workspace-and-microsoft-365","/help/audience/administrators/topic/managing-administrators-and-employees","/help/audience/administrators/topic/browser-extension","/customer-stories/cribl","/customer-stories/inductive-automation","/customer-stories/convex","/blog/detecting-and-blocking-phishing-attacks-in-the-browser","/customer-stories/upvest","/blog/tiktok-phishing","/blog/device-code-phishing","/blog/product-release-march-2026","/blog/stryker-handala-report","/blog/installfix","/blog/browser-extension-management-guide","/blog/cyber-essentials-april-2026-update","/blog/unpacking-the-latest-slh-campaign","/blog/consentfix-debrief","/blog/cyber-criminal-ecosystem-analysis","/blog/google-search-malvertising-campaign-continues-now-impersonating-ahrefs","/blog/taking-the-fight-to-attackers-top-features-of-2025","/blog/2025-top-phishing-trends","/blog/analysing-a-sophisticated-google-malvertising-attack","/blog/analysing-a-malvertising-attack-targeting-business-google-accounts","/blog/analyzing-the-latest-sneaky2fa-phishing-page","/blog/the-most-advanced-clickfix-yet","/blog/product-release-november-2025","/blog/what-the-expansion-of-nydfs-nycrr-part-500-means-for-mfa-compliance","/blog/new-phishing-campaign-identified-targeting-linkedin-users","/blog/introducing-malicious-copy-paste-detection","/blog/how-cyber-breaches-are-driving-tighter-mfa-requirements-and-enforcement","/blog/fixing-secops-alert-fatigue-with-browser-telemetry","/blog/why-attackers-are-moving-beyond-email-based-phishing","/blog/how-push-stopped-a-high-risk-linkedin-spear-phishing-attack","/blog/product-release-september-2025","/blog/6-browser-based-attacks-every-security-team-should-be-prepared-for","/blog/how-the-browser-became-the-main-cyber-battleground","/blog/phishing-with-active-directory-federation-services","/blog/phishing-detection-evasion-launch","/blog/introducing-push-detections","/blog/mfa-downgrade-attacks","/blog/detecting-phishing-pages-using-obfuscated-url-destinations","/blog/key-takeaways-from-the-scattered-spider-attacks-on-insurance-firms","/blog/scattered-spider-defending-against-help-desk-scams","/blog/app-specific-password-phishing","/blog/how-browser-level-controls-change-the-fight-against-phishing","/blog/employee-identity-verification-codes-release","/blog/product-release-june-2025","/blog/better-together-identity-telemetry-from-push-smart-storage-and-searches-from","/blog/2025-hipaa-rule-change","/blog/introducing-the-push-security-advisor-network-psan","/blog/scattered-spider-ttp-evolution-in-2025","/blog/three-reasons-why-browser-is-best-for-stopping-phishing-attacks","/blog/why-most-phishing-attacks-feel-like-a-zero-day","/blog/series-b-and-beyond","/blog/investigating-a-recent-malvertising-campaign-targeting-onfido-customers","/blog/how-consent-phishing-is-evolving","/blog/dissecting-a-recent-mailchimp-phishing-attack","/blog/introducing-strong-password-enforcement","/blog/why-attackers-are-targeting-jira-with-stolen-credentials","/blog/why-its-time-for-phishing-prevention-to-move-beyond-email","/blog/5-ways-attackers-can-use-computer-using-agents-to-automate-identity-attacks","/blog/how-new-ai-agents-will-transform-credential-stuffing-attacks","/blog/product-release-march-2025","/blog/minimum-viable-identity-security","/blog/considering-the-impact-of-computer-using-agents","/blog/enforce-mfa-on-third-party-apps","/blog/push-features-2024","/blog/guide-to-secure-browser-extension-deployment","/blog/2024-identity-breaches","/blog/product-release-december-2024","/blog/automating-sso-password-resets-using-push","/blog/navigating-your-first-90-days-with-push","/blog/verified-stolen-credential-detection","/blog/snowflake-retro","/blog/why-im-joining-push-security-the-team-redefining-itdr","/blog/a-new-class-of-phishing-verification-phishing-and-cross-idp-impersonation","/blog/cross-idp-impersonation","/blog/product-release-november-2024","/blog/how-aitm-phishing-kits-evade-detection-p2","/blog/stop-users-saving-corp-creds-into-personal-password-managers","/blog/learning-from-the-servicenow-disclosure","/blog/shifting-detection-left-for-more-effective-threat-detection","/blog/how-many-vulnerable-identities-do-you-have","/blog/the-saas-attack-matrix-one-year-on","/blog/how-to-prevent-account-takeover-with-push","/blog/introducing-cloned-login-page-detection","/blog/our-design-philosophy-detecting-what-matters","/blog/what-the-rise-of-infostealers-says-about-identity-attacks","/blog/push-introduces-support-for-arc-browser-securing-users-wherever-they-work","/blog/how-aitm-phishing-kits-evade-detection","/blog/product-release-july-2024","/blog/ghost-logins-when-forgotten-identities-come-back-to-haunt-you","/blog/5-reasons-why-push-security-shouldnt-exist","/blog/introducing-set-and-forget-controls-that-stop-real-world-identity-attacks","/blog/combining-the-powers-of-push-and-panther-to-stop-identity-attacks","/blog/introducing-session-token-theft-detection-why-browser-is-best","/blog/investigating-and-responding-to-a-third-party-data-breach-using-push","/blog/the-web-proxy-is-dead-long-live-the-browser-extension","/blog/introducing-aitm-phishing-toolkit-detection-powered-by-the-push-browser","/blog/control-which-cloud-apps-employees-are-using-your-way","/blog/product-release-may-2024","/blog/phishing-2-0-how-phishing-toolkits-are-evolving-with-aitm","/blog/dev-diary-phishing-prevention-behind-the-scenes","/blog/product-release-april-2024","/blog/introducing-sso-password-protection","/blog/a-year-of-building-top-features-we-shipped-this-year","/blog/identity-attacks-in-the-wild","/blog/can-my-admins-steal-my-cloud-password-manager-secrets","/blog/5-ways-to-defeat-identity-based-attacks","/blog/product-release-february-2024","/blog/introducing-in-browser-app-banners-set-guardrails-for-cloud-apps","/blog/phishing-microsoft-teams-for-initial-access","/blog/product-release-january-2024","/blog/what-is-saml-sso","/blog/oktajacking","/blog/product-release-november-2023","/blog/okta-swa","/blog/third-party-risk-management","/blog/phishing-slack-persistence","/blog/manage-third-party-data-access","/blog/slack-phishing-for-initial-access","/blog/report-on-identity-based-attacks","/blog/product-release-september-2023","/blog/what-is-credential-stuffing","/blog/what-are-shadow-identities","/blog/nearly-invisible-attack-chain","/blog/the-risky-terrain-of-oauth-scopes-in-third-party","/blog/understanding-shadow-it","/blog/samljacking-a-poisoned-tenant","/blog/focus-on-account-security-to-reduce-saas-risks","/blog/3-steps-to-secure-your-data-across-shadow-saas-apps","/blog/what-is-saas-security","/blog/product-release-july-2023","/blog/saas-attack-techniques","/blog/free-and-trial-saas-applications-are-even-riskier-than-paid-apps","/blog/protect-your-data-across-all-your-apps-even-the-ones-employees-use-without","/blog/half-of-account-compromise-attacks-included-malicious-mail-rules","/blog/saas-has-changed-how-we-adopt-software-how-should-security-adapt","/blog/product-release-june-2023","/blog/want-to-discover-the-full-extent-of-your-saas-sprawl-embrace-browser","/blog/embrace-saas-to-move-faster-than-your-competitors","/blog/password-expirations-dont-work-try-these-best-practices-instead","/blog/push-it-real-good-why-im-excited-to-join-pushs-board","/blog/product-release-march-2023","/blog/from-launch-to-series-a","/blog/an-investigation-guide-for-assessing-app-to-app-oauth-integration-risk","/blog/how-attackers-compromise-azure-organizations-through-saas-apps","/blog/product-release-december-2022","/blog/maintaining-persistent-access-in-a-saas-first-world","/blog/should-i-let-my-employees-login-with-their-work-google-account","/blog/is-it-safe-to-allow-my-employees-to-connect-third-party-apps-to-our-m365","/blog/how-to-kick-off-an-incident-response-investigation-for-a-compromised-saas","/blog/product-release-august-2022","/blog/how-to-discover-saas-use-without-invading-employee-privacy","/blog/manage-saas-risks-without-hindering-employees","/blog/how-to-find-the-right-saas-security-solution-for-your-organization","/blog/building-a-culture-of-trust-to-secure-saas-together","/blog/what-weve-been-up-to-with-our-seed-funding","/blog/push-security-announces-4m-seed-round-to-introduce-user-centric-approach","/blog/product-release-july-2022","/blog/rolling-your-own-saas-discovery","/blog/microsoft-rolls-out-security-defaults-for-azure-ad-to-secure-access","/blog/how-to-find-a-malicious-oauth-app-on-microsoft-365","/blog/investigating-user-delegated-oauth-tokens-in-google-workspace-a-ride-along","/blog/consent-phishing-the-emerging-phishing-technique-that-can-bypass-2fa","/blog/case-study-business-email-compromise-bec-attack-nearly-cost-us-millions","/blog/should-you-disable-external-email-auto-forwarding","/news/push-launches-malicious-browser-extension-blocking","/blog/email-security-how-hackers-use-mail-rules-to-access-your-inbox","/news/push-launches-ClickFix-detection","/news/push-identifies-consent-fix","/blog/how-to-set-up-multi-factor-authentication-for-microsoft-365","/news/push-security-identifies-linkedin-phishing-campaign","/blog/multi-factor-authentication-is-the-top-security-control-for-most-small-and","/news/push-security-guidepoint-strategic-partnership","/news/push-security-welcomes-mark-orlando-field-cto","/blog/which-mfa-methods-should-you-use","/news/pr-20250806-push-security-launches-phishing-detection-evasion-techniques-matrix","/news/push-security-launches-PSAN","/news/push-security-secures-30-million-series-b-funding","/news/chris-tilton-new-push-cmo","/news/push-security-launches-new-stolen-credentials-detection-capability","/news/push-security-recognized-as-rising-star-itdr","/news/former-crowdstrike-sales-leader-joins-push-security-cro","/news/push-security-new-security-alert-cross-IDP-impersonation","/news/push-security-Raises-15M-Series-A-Round","/news/push-security-announces-4M-Seed-Round","/resources/investigating-browser-threats","/resources/the-browser-blindspot","/resources/rbn811","/resources/browser-extensions-webinar","/resources/browser-attacks-why-browser-new-battleground","/resources/ai-starts-browser","/resources/decipher-sep-2025","/resources/mfa-regulation-compliance","/resources/incident-response-webinar","/resources/phishing-evolution","/resources/scattered-spider","/resources/riskybusiness0516","/resources/hacked-022125","/partner/deal-registration","/resources/phishing-2025","/resources/automating-identity-attacks","/resources/riskybusiness-012925","/resources/on-demand-webinar-phish-kit-teardown","/resources/kuppingercole-report","/resources/riskybusiness-120224","/resources/the-rsnake-show-demo-day-push-security","/resources/riskybusiness-071824","/resources/infostealers-webinar-ondemand","/resources/googlecloudpodcast-072224","/resources/endpoint-security-evolution","/resources/phishing-detecting-evilginx-evilnovnc-muraena-and-modlishka","/resources/riskybusiness-151123","/resources/phishing-slack","/resources/snowflake-the-tip-of-the-iceberg","/resources/2024-identity-attacks","/resources/demonstrating-ghost-logins-in-snowflake-and-how-to-remediate-them","/resources/bluehat-041724","/resources/ciso-series-062724","/resources/the-new-saas-cyber-kill-chain-so-con-2024","/resources/cyberontheedge-031824","/resources/resilientcyber-031524","/resources/cybersecuritydefenderspodcast-230124","/resources/cyberranch-112923","/resources/understanding-the-new-saas-cyber-kill-chain","/resources/compromising-an-org-without-touching-the-network","/resources/cyberwiredaily-151123","/resources/dcppodcast-111323","/resources/bluehat-2023-saas-cyber-kill-chain","/resources/cyberwiredaily-091323","/resources/saas-attacks-report","/resources/ciso-series-083123","/events/infosecurity-europe-2026","/resources/cyberbytes-071823","/help/10113","/resources/pain-in-the-saas-at-withsecure","/help/10148","/help/10117","/help/10141","/help/10109","/help/10121","/help/10129","/help/10106","/help/10138","/events/gartner-security-summit-2026","/events/sector-2026","/events/blackhat-2026-meeting","/events/gartner-europe-2026-meeting","/events/blackhat-europe","/events/virtual-ribeye-grilling","/events/infosec26-electric-shuffle","/help/audience/administrators/docs/manage-security-controls","/help/audience/administrators/docs/add-employees","/help/audience/administrators/docs/administering-push","/help/audience/administrators/docs/connect-to-siem-or-soar","/help/audience/administrators/docs/install-the-browser-extension","/help/audience/administrators/docs/view-saas-apps-and-employee-activity","/help/audience/employees/docs/what-is-push","/help/audience/employees/topic/using-the-push-browser-extension","/help/10105","/help/audience/administrators/docs/manage-security-controls/configure-chatops","/help/10015","/help/audience/employees/topic/security-and-privacy","/help/10074","/help/10078","/help/10101","/help/10120","/help/10102","/help/10124","/help/10123","/help/10134","/help/10137","/help/10147","/help/10018","/help/10030","/help/10028","/help/10038","/help/10034","/help/10035","/help/10036","/help/10039","/help/10044","/help/10045","/help/10076","/help/10077","/help/10083","/help/10086","/help/10107","/help/10087","/help/10094","/help/10097","/help/10100","/help/10125","/help/10103","/help/10104","/help/10108","/help/10116","/help/10027","/help/10139","/help/10140","/help/10149","/help/10059","/help/10021","/help/10022","/help/10064","/help/10026","/help/10130","/help/10068","/help/10037","/help/10058","/help/10065","/help/10060","/help/10079","/help/10093","/help/10088","/help/10066","/help/10136","/help/10067","/help/10146","/help/10081","/help/10085","/help/10014","/help/10131","/help/10133","/help/10075","/help/10150","/help/10001","/help/10084","/help/10003","/help/10046","/help/10144","/help/10073","/help/10132","/help/10089","/help/10096","/help/10090","/help/10043","/help/10098","/help/10110","/help/10070","/help/10122","/help/10127","/help/10143","/help/10062","/help/10063","/help/10071","/help/10072","/help/10114","/help/10126","/help/10091","/help/10095","/help/10099","/help/10112","/help/10151","/help/audience/administrators/docs/install-the-browser-extension/managed-deployment-with-island","/help/10115","/help/10128","/help/audience/administrators/docs/install-the-browser-extension/managed-deployment-using-an-mdm-on-macos","/help/audience/administrators/docs/install-the-browser-extension/managed-deployment-using-google-admin-console","/help/10135","/help/audience/administrators/docs/install-the-browser-extension/managed-deployment-using-microsoft-group-policy","/help/10142","/help/audience/administrators/docs/install-the-browser-extension/managed-deployment-using-microsoft-endpoint-manager-intune","/help/audience/administrators/docs/connect-to-siem-or-soar/ingesting-events-using-azure-monitor-and-microsoft-sentinel","/help/audience/administrators/docs/connect-to-siem-or-soar/ingesting-events-using-panther","/help/audience/administrators/docs/connect-to-siem-or-soar/ingesting-events-using-cribl-cloud","/help/audience/administrators/docs/connect-to-siem-or-soar/ingesting-events-using-datadog","/help/audience/administrators/docs/connect-to-siem-or-soar/ingesting-events-using-tines","/help/audience/administrators/docs/connect-to-siem-or-soar/ingesting-events-using-splunk-cloud","/help/audience/administrators/docs/connect-to-siem-or-soar/send-webhook-events-to-slack","/help/audience/employees/docs/keeping-you-and-your-data-safe","/help/audience/employees/docs/enrolling-your-browser-in-push","/help/10111","/help/10061","/help/10042","/help/10069"]}