'%3e%3cpath%20d='M248.027%20159.993C292.176%20159.993%20328.105%20124.1%20328.105%2079.996C328.105%2035.892%20292.191%200%20248.027%200C203.863%200%20167.95%2035.892%20167.95%2079.996C167.949%20124.101%20203.878%20159.993%20248.027%20159.993ZM213.969%2045.973C223.069%2036.882%20235.155%2031.873%20248.027%2031.873C260.899%2031.873%20272.986%2036.882%20282.086%2045.973C291.186%2055.064%20296.2%2067.154%20296.2%2079.997C296.2%2092.84%20291.186%20104.93%20282.086%20114.021C272.986%20123.112%20260.899%20128.12%20248.027%20128.12C235.155%20128.12%20223.069%20123.111%20213.969%20114.021C204.869%20104.93%20199.871%2092.84%20199.871%2079.997C199.871%2067.154%20204.884%2055.063%20213.969%2045.973Z'%20fill='%23EE4323'/%3e%3cpath%20d='M150.16%200L57.6821%20159.993H94.5381L187%200H150.16Z'%20fill='%23EE4323'/%3e%3cpath%20d='M92.478%200L0%20159.993H36.856L129.334%200H92.478Z'%20fill='%23EE4323'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_296_834'%3e%3crect%20width='328.105'%20height='159.993'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Research Blog
Learn about the latest browser-based attack techniques and how Push is tackling them.
Analyzing the Instructure breach: The three attack techniques behind ShinyHunters' 2026 campaigns
ShinyHunters' breach of Instructure is the latest in a long series of attacks. Here's our view of the big picture.
Introducing the Browser & Identity Attacks Matrix
We're re-releasing the SaaS attack matrix as the Browser & Identity Attacks Matrix. Here's why we've decided to make the change and what it means.
We infiltrated a criminal phishing panel: here’s what we found
We got an inside look at a phishing panel used in criminal campaigns linked to operators like ShinyHunters and BlackFile. Here’s what we found.
Why relying on browser extension risk scoring is an antipattern that won’t predict your next breach
Why typical browser extension risk scores are poor predictors of which extensions will actually lead to a compromise.
ConsentFix v3: Analyzing a new criminal toolkit
Investigating a new criminal toolkit for ConsentFix being promoted on criminal forums.
Unpacking the Vercel breach: A cautionary tale for Shadow AI and OAuth sprawl
In April 2026, Vercel was compromised via an OAuth app integrated into their Google Workspace tenant stemming from a compromised third-party AI SaaS provider.
Browser sync attacks: Where personal account hacks lead to corporate breaches
Browser sync attacks result in business credentials being compromised via personal account and device breaches. Here's what you need to know.
Guide: How to use Push controls to protect your users from modern browser threats
How to use in-browser controls to stop browser-based attacks before compromise can occur
Device code phishing attacks have skyrocketed: here’s what you need to know
Device code phishing is seeing a huge spike in adoption in 2026, enabling attackers to steal access tokens while bypassing standard access controls.
Attackers are now targeting business TikTok accounts using session-stealing phishing kits
Investigating a new wave of AITM phishing pages designed to hijack TikTok accounts.
The Stryker breach didn't match the playbook. That shouldn't be a surprise.
Analysing the Stryker breach in line with recent changes to the Iran-nexus cyber playbook.
Product release: March 2026
Here’s what’s new on the Push platform for March 2026.
InstallFix: How attackers are weaponizing malvertised install guides
Attackers are impersonating popular developer tools like Claude Code to distribute fake install instructions via malicious search engine ads.
Guide: How to manage and block browser extensions using Push
How to detect risky and malicious extensions and block them from running in employee browsers.
Cyber Essentials April 2026 update: Mandatory MFA on ALL cloud services (and how Push can help)
Big changes are being made to the Cyber Essentials scheme in 2026 that will change how companies must validate compliance. Here’s what you need to know.
Push + Cloud Security: What do you do when bad looks normal?
Why cloud security tools only give you part of the picture when it comes to modern attacks.
Push + Endpoint Security: Extending detection and response to the browser
Why extending detection and response into the browser is crucial in the face of modern attacks that consciously evade the network and endpoint.
Push + Network Security: The gap between seeing the packet and securing the session
Why network and web traffic only gives you part of the picture when it comes to modern browser-based attacks.
Unpacking the latest SLH campaign — combining vishing with AiTM phishing to hijack SSO accounts
Analyzing the latest Scattered Lapsus$ Hunters (SLH) phishing campaign targeting hundreds of organizations.
ConsentFix debrief: latest community insights, recommendations, and predictions
New insights on the ConsentFix campaign stopped by Push.
How cyber criminals power malvertising scams with stolen accounts
Attackers are going out of their way to target Google Ad Manager accounts, powering malvertising scams. Here’s what you need to know.
Google Search malvertising campaign continues, now impersonating Ahrefs
New samples linked to a Push-tracked malvertising campaign detected, targeting Google accounts via an Ahrefs lure.
Taking the fight to attackers: Push’s top features of 2025
Here’s how real-world attacks and our own R&D informed what we built for Push customers over the last year.
2025’s top phishing trends — and what they mean for your 2026 security strategy
Analyzing the key trends that defined phishing attacks in 2025, and what these changes mean for security teams heading into 2026.
ConsentFix: Analyzing a browser-native ClickFix-style attack that hijacks OAuth consent grants
Analyzing "ConsentFix", a new browser-native attack technique we've detected in the wild, combining OAuth consent phishing with a ClickFix-style user prompt.
Analysing a sophisticated Google malvertising attack impersonating TradingView
Push recently detected and blocked a malvertising attack impersonating TradingView designed to hijack Google Workspace accounts.
Analysing a malvertising attack targeting business Google accounts intercepted by Push
Analysing a malvertising attack targeting Google business accounts that was intercepted by Push.
Uncovering a Calendly-themed phishing campaign targeting business ad manager accounts
Investigating a phishing campaign targeting Google Ads Manager MCC accounts to propagate malvertising lures.
Analyzing the latest Sneaky2FA Browser-in-the-Browser phishing page
Analyzing a BITB phishing page linked to the Sneaky2FA Phishing-as-a-Service operation.
"Scattered Lapsus$ Hunters" — how modern attackers exploit the gaps in your security stack
How Scattered Lapsus$ Hunters breaches demonstrate the evolution of attacker TTPs, shaping the future of cyber attacks.
The most advanced ClickFix yet?
Breaking down the most sophisticated ClickFix page we’ve seen in the wild — and what it tells us about the future of malicious copy-and-paste attacks.
Product release: November 2025
Here’s what’s new on the Push platform for November 2025.
What the expansion of NYCRR Part 500 means for MFA regulation and compliance
NYCRR Part 500 is tightening its MFA and asset management requirements. Here's what the changes means for compliance.
New phishing campaign identified targeting LinkedIn users
Diving into the latest sophisticated LinkedIn phishing campaign intercepted by Push.
Introducing malicious copy and paste detection
Push now detects malware delivery in the browser, supporting a layered defense against endpoint attacks.
Fixing SecOps alert fatigue with browser telemetry
How browser data can improve detection fidelity and reduce alert fatigue, enabling SecOps teams to save time and detect more attacks.
How cyber breaches are driving tighter MFA requirements and enforcement
MFA regulators, insurers, and policy-makers are getting tighter on their MFA requirements, fuelled by public cyber breaches.
Why attackers are moving beyond email-based phishing
Why phishing attacks are moving away from exclusively email-based delivery, and what this means for security teams.
How Push stopped a high risk LinkedIn spear-phishing attack against a company exec
How Push saved a company exec from a sophisticated Attacker-in-the-Middle phishing attack delivered via a LinkedIn direct message.
Product release: September 2025
Here’s what’s new on the Push platform for September 2025.
6 browser-based attacks every security team should be prepared for
What security teams need to know about the browser-based attack techniques that are the leading cause of breaches.
How the browser became the main cyber battleground
How attacks have moved away from endpoints and internal networks to the browser — a blind spot for traditional security tools.
How attackers are using Active Directory Federation Services to phish with legit office.com links
Push recently identified a novel phishing attack using Active Directory Federation Services to get Microsoft to send victims to a phishing site.
Introducing our guide to phishing detection evasion techniques
Introducing our latest resource for security teams breaking down the techniques that modern phishing attacks are using to evade detection.
Introducing Push Detections: Equipping SecOps and IR teams to stop browser-based attacks
We’re launching a new Detections capability, enabling security teams to more effectively investigate and triage alerts, and build more effective workflows.
MFA downgrade: How attackers are getting around phishing-resistant authentication
MFA downgrade attacks are an increasingly common technique used by attackers to bypass phishing-resistant authentication methods registered to an account.
Detecting phishing pages using obfuscated URL destinations
Push now blocks URL schema obfuscation, countering a common technique used by attackers to bypass URL detections for phishing pages and malicious IPs.
3 key takeaways from the Scattered Spider attacks on aviation & insurance firms
Scattered Spider continues to dominate the headlines, with attacks on aviation and insurance companies worldwide.
Scattered Spider: Understanding help desk scams and how to defend your organization
Scattered Spider has dominated the headlines in recent months with a consistent focus on help desk scams. Here's what you need to know to protect your business.
App-Specific Password phishing: another novel way to get around passkeys and MFA
How App-Specific Password phishing is being used in the wild to bypass phishing-resistant authentication controls like passkeys.
How browser-level controls change the fight against phishing
Attackers are routinely defeating conventional email, network, and endpoint-based security controls. Here's how browser controls can level the playing field.
A simple, browser-based way to protect your help desk against social engineering
Push's new Employee Identity Verification Codes feature is a simple way for your help desk to confirm they’re talking to someone from your organization.
Product release: June 2025
Here’s what’s new on the Push platform for June 2025.
Better together: Identity telemetry from Push + smart storage and searches from Cribl
We’re thrilled to announce our partnership with Cribl to make it much easier to snapshot, transform, and query Push telemetry.
Navigating the 2025 HIPAA Security Rule changes: What you need to know (and how Push can help)
The HIPAA Security Rule is getting a long-overdue facelift in 2025. Here's our quick overview of the key changes and how Push can help you to be compliant.
Introducing the Push Security Advisor Network (PSAN)
Introducing a new era of partner-first phishing protection and identity security.
Scattered Spider: TTP evolution in 2025
How the notorious Scattered Spider cyber criminal group are switching up their TTPs in 2025 to bypass MFA and breach cloud services via account takeover.
Three reasons why browser is best for stopping phishing attacks
Why being in the browser gives defenders a key advantage over network and email phishing prevention, detection, and response tools.
Why most phishing attacks feel like a zero-day
Most phishing attacks involve a phishing page that has never been seen before. When detection relies on known-bad, this makes every attack feel like a zero-day.
Series B and Beyond: Securing the New Perimeter
I’m thrilled to share that Push Security has raised our Series B funding. This is a huge moment for us and our customers in the fight against identity attacks.
Investigating a recent malvertising campaign targeting Onfido customers
We recently investigated a malvertising campaign using Evilginx to target Onfido customers via Google ads.
How consent phishing is evolving to defeat detection controls
Consent phishing is where attackers trick users into authorizing access for malicious OAuth apps. Here's how attackers are using this technique in the wild.
Dissecting a recent MailChimp phishing attack
HIBP creator and well-known security person Troy Hunt recently blogged about a phish he fell for. Here’s what it tells us about how phishing is evolving.
Introducing Push password enforcement — for when weak passwords are still plaguing you
Detects when employees have weak, reused, or stolen passwords and guide them to update their password using in-browser messaging on any app.
6 breaches in 5 months: Why attackers are targeting Jira with stolen credentials
Attackers are persistently targeting Jira accounts with stolen credentials. What can we learn from this trend?
Why it's time for phishing prevention to move beyond email
Modern MFA-bypass phishing attacks are routinely defeating primarily email-based security controls. Why are controls failing and what can we do about it?
5 ways attackers can use Computer-Using Agents to automate identity attacks
We're back with part 2 of our research into OpenAI Operator to share our findings on how it can be used to automate identity attacks.
How new AI agents will transform credential stuffing attacks
Credential stuffing attacks had a huge impact in 2024. But things could be dialled up even further with Computer-Using Agents like OpenAI Operator.
Product release: March 2025
Here’s what’s new on the Push platform for March 2025.
Minimum Viable Identity Security
How app developers can go beyond Minimum Viable Secure Product (MVSP) to implement better identity protections and prevent identity-based attacks.
Considering the security implications of Computer-Using Agents (like OpenAI Operator)
CUAs are a new type of AI agent that drives your browser/OS for you, enabling effortless automation of web tasks — including those performed by attackers.
No more hard simple problems: Enforce MFA on third-party apps with Push
Using Push to enforce MFA on third-party apps in the browser — even where MFA enforcement isn't supported by the app itself.
How real-world attacks and research drove Push’s most popular features of 2024
How in-the-wild attacks and our own R&D inspired what we built in 2024 to stop account takeover and reduce security risks across your workforce identities.
Guide to secure browser extension deployment
How extension developers can improve their security controls to prevent extension compromise.
Looking back on identity-based breaches in 2024
Reviewing public breaches that stemmed from identity attacks in 2024.
Product release: December 2024
Here’s what’s new on the Push platform for December 2024.
Automating SSO password resets using Push
Using Push to automate password resets for your most critical identities when a password vulnerability is detected.
River crossing: What you can accomplish in your first 90 days with Push Security
We’ve put together the following guide for intrepid security teams as they use Push to secure against modern identity attacks.
Eliminate false positives with verified stolen credential detections using Push
Push now compares user passwords with TI feeds to alert you when valid credentials are available on the clearweb and darkweb.
Snowflake: Looking back on 2024’s landmark security event
165 Snowflake customers were targeted by criminals using stolen credentials from infostealer infections, impacting hundreds of millions of people.
A new class of phishing: Verification phishing and cross-IdP impersonation
How phishing for email verification can be combined with cross-IdP impersonation to gain direct access to downstream SaaS and bypass hardened IdP accounts.
Why I’m joining Push Security, from our new Chief Revenue Officer
Push's new Chief Revenue Officer, Kevin Arsenault, shares why he decided to join the Push team.
Cross-IdP impersonation: Hijacking SSO to access downstream apps
Cross-IdP impersonation is a method of hijacking SSO to access downstream apps — without needing to compromise accounts on your company’s main IdP.
How AitM phishing kits evade detection: Part 2
How attackers are breaking detection signatures designed to identify phishing sites impersonating real login pages.
Product release: November 2024
Here’s what’s new on the Push platform for November 2024.
Don’t let attackers find the keys to your kingdom in a personal password manager
Make sure sensitive corporate credentials don’t leave your corporate environment and end up in personal password managers with Push.
What we can learn from the recent ServiceNow/Microsoft disclosure
Account takeover on third-party apps is the flavor of the month for security researchers — what can we learn from it?
Shifting detection left for more effective threat detection
Why relying on post-compromise detection and response is no longer an option for modern browser-based attacks.
Detecting and blocking phishing attacks in the browser
How Push detects and blocks phishing attempts in the browser – explained in less than two minutes.
How many vulnerable identities do you have?
Using Push data to calculate how many vulnerable identities the average organization has, and how they lead to different methods of account takeover.
The SaaS attack matrix: A year in review
It’s been almost exactly a year since we released our open source repository of SaaS-native attack techniques. Let's reflect on what’s changed.
Hackers don’t hack in, they log in: How to prevent account takeover with Push
How Push stops attackers from using identity attack tools and techniques to compromise your employee user accounts.
Adding cloned login page detection to your phishing defense arsenal
We've added cloned login page detection, providing yet another layer of protection against phishing attacks.
Our design philosophy: Detecting what matters
This is the first blog in a short series we’re putting together about the ‘why’ behind the ‘what’ at Push. This entry is focused on threat detection.
What the rise of infostealers says about identity attacks
What the rise in popularity of infostealers tells us about the cybercrime ecosystem and the shift toward identity attacks.
Push introduces support for Arc browser, securing users wherever they work
We're adding support for Arc, an increasingly popular browser with developers and engineers.
How AitM phishing kits evade detection
Taking a closer look at the steps that AitM phishing kits take to hide from the prying eyes of security teams and threat intelligence vendors.
Product release: July 2024
Here’s what’s new on the Push platform for July 2024.
5 reasons why Push Security shouldn’t exist
Breaking down common misconceptions about identity threats and controls like MFA, SSO, passkeys, password managers, and more.
Ghost logins: When forgotten identities come back to haunt you
How ghost logins can be used by cyber attackers for account takeover and persistence.
Introducing set-and-forget controls that stop real-world identity attacks
Enable detections and interventions in the browser using Push’s new security controls.
Combining the powers of Push and Panther to stop identity attacks
Push is excited to partner with Panther, bringing our unique browser telemetry to your SIEM.
Introducing session token theft detection: Why browser is best
Push's browser agent identifies session token theft by adding telemetry to the user agent string to create a new high-fidelity signal for your security team.
Investigating and responding to a third-party data breach using Push
How to use Push to investigate and respond to a third-party data breach, which results in credentials being stolen and sold on criminal marketplaces.
The web proxy is dead… long live the browser extension!
Right now the majority of detections for identity attacks rely on web proxy telemetry. Here’s why the browser can be a better alternative.
Introducing AitM phishing toolkit detection, powered by the Push browser agent
Push analyzes behavioral attributes of malware to identify phishing tools like Evilginx and NakedPages and immediately block end-users from visiting them.
Phishing 2.0 – how phishing toolkits are evolving with AitM
Attackers are using Adversary in the Middle (AitM) phishing toolkits to bypass MFA. We look at what AitM is, how it works, and what you can do about it.
Product release: May 2024
Here’s what’s new on the Push platform for May 2024.
Enforce end-user security controls with our new app banner options
Use Push's variety of app banner options to control which cloud apps employees use, and how they use them.
Dev diary: Phishing prevention behind the scenes
Behind the scenes of our approach to designing and developing our latest feature, SSO password protection.
Introducing SSO Password Protection: Stop employees’ IdP credentials being exposed or phished
Use the Push browser agent’s unique vantage point to protect SSO credentials by blocking employees from entering their password into any other site.
Product release: April 2024
Here’s what’s new on the Push platform for April 2024.
A year of building: Top features we shipped this year
Some highlights of what we've built over the last year on our mission of stopping identity attacks.
Tracking identity-based attacks in the wild
To keep track of how identity attacks are evolving, we’ve put together this helpful index of recent breaches, focusing on the latest identity-based techniques.
Can my admins steal my cloud password manager secrets?
Can admins access the secrets from your corporate password manager? If so, how does this affect incident response in a compromised admin account scenario?
5 ways to defeat identity-based attacks
In this blog post we will cover what identities are, how we secure perimeters in general, and and how this maps to the identity space.
Product release: February 2024
Here’s what’s new on the Push platform for February 2024.
Introducing in-browser app banners: Set guardrails for cloud apps
Don’t leave it up to your employees to figure out how to use cloud apps securely. Guide them directly in their browsers when they access their apps.
Phishing Microsoft Teams for initial access
In this article, we will cover a number of spoofing and phishing strategies that can be employed by external attackers to target an organization using Teams.
Product release: January 2024
Here’s what’s new on the Push platform for January 2024.
What is SAML SSO?
In this article, we'll explain what SAML SSO is, how it works, and clarify some common misconceptions.
Oktajacking
In this article, we'll show you how to use Okta to do keylogging for you, without needing to have your own malicious domain hosting your malicious SAML server.
Abusing Okta's SWA authentication
We'll cover the implications of using Okta's SWA authentication method. Learn what security teams need to know in an account breach and IR scenario.
Product release: November 2023
Here’s what’s new on the Push platform for November 2023.
Understanding Third-Party Risk Management (TPRM): how to protect your organization
In this article, we define third-party risk management and explore additional approaches that can help manage third-party risk.
Slack Attack: A phisher's guide to persistence and lateral movement
In this post, we're going to demonstrate how to phish via Slack to gain persistence and move laterally.
Slack Attack: A phisher's guide to initial access
In this article, we’ll demonstrate how IM apps, specifically Slack, are an increasingly attractive target for a range of phishing & social engineering attacks.
6 ways to manage third-party access to your data with Push
Employees are self-adopting SaaS apps and creating new cloud identities without IT approval. Learn how to manage which third parties have access to your data.
6 surprising takeaways from a recent report on identity-based attacks
A new report on securing digital identities has some interesting takeaways to consider as we think about securing identities in the cloud. Here's our take.
Product release: September 2023
Here’s what’s new on the Push platform for September 2023.
Credential stuffing: The most common attack against SaaS identities
Credential stuffing attacks are incredibly common, but they often go undetected. These attacks are often the entry point for attack. Learn how to prevent them.
Get out of the dark: Manage the risk of shadow identities
Employees sign up to cloud apps on their own every day. Each time, they create a new account and a new identity on that app. How do you find and secure them?
The shadow workflow’s evil twin: A nearly invisible attack chain
In this article, we’re going to demonstrate how combining two of our favorite new SaaS attack techniques makes a simple, but very stealthy persistence approach.
Under the radar: The risky terrain of OAuth scopes in third-party Integrations
While OAuth scopes provide seamless online user authentication, they also carry significant risk. Watch out for these common, dangerous scopes.
Understanding Shadow IT and Shadow SaaS: Definition, security risks, and how to manage it
We’ll define shadow IT, talk through the security risks associated with it and give some actionable guidance on how to manage it.
SAMLjacking a poisoned tenant
In this article, we’re going to demo combining two of our favorite new SaaS attack techniques to make a simple, but effective attack chain.
Focus on account and identity security to reduce SaaS risks
You’ve probably locked down the known cloud services your company is using, but what about all those other SaaS apps people in the company are using?
SaaS Security: what is it & how to manage the risk
We'll quickly define SaaS security and help you better understand how to manage the risk SaaS applications introduce to your business
Product release: July 2023
Here’s what’s new on the Push platform for July 2023.
Let’s talk about SaaS attack techniques
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face.
Free and trial SaaS applications are even riskier than paid apps
Free and trial SaaS accounts are often invisible to security teams and still interact with real, live corporate data.
The no-jargon guide to solving shadow SaaS
Adapt your thinking to secure your data. Security needs to move from being the Department of No to the Department of Yes, Unless...
7 Steps to secure your data across shadow SaaS apps
Attackers commonly target SaaS apps because they know employees sign up without running them past IT first. Learn how to adjust to secure your data.
SaaS sprawl isn't a problem - if you completely change your approach
Employees using a new work app used to be the final step of the software-onboarding process. Now it's the first. Security must adapt to secure business data.
Half of account compromise attacks included malicious mail rules
Attackers routinely use mail rules to hide their attacks, exfiltrate sensitive data, and to get persistent access to victim accounts.
Product Release: June 2023
Here’s what’s new on the Push platform for June 2023.
Want to discover the full extent of your SaaS sprawl? Embrace browser extensions
Browser extensions are the most effective SaaS discovery tool because they can capture employee SaaS use and adoption in real time, as employees sign up.
Embrace SaaS to move faster than your competitors
Look at enabling SaaS from a broader understanding of the business and not just the impact to security
Push it real good: Why I’m excited to join Push’s board
SaaS sprawl is not just a raw increase of apps in-use, but also due to employees self-adopting new apps. Orgs need sensible guardrails for employees.
From launch to series A
We’re proud to announce our $15M Series A round, led by GV. Here's what we've learned about what our customers need since we launched in July 2022.
Product Release: March 2023
Here’s what’s new on the Push platform for March 2023.
An investigation guide for assessing app-to-app OAuth integration risk
An employee has added a new integration to your Azure tenant or Google Workspace. How do you assess risk? We’ll cover a few techniques in this article.
How attackers compromise Azure organizations through SaaS apps
This article covers common ways an app could lead to compromise in Microsoft Azure, and what to look out for when determining risk to your organization.
Password expirations don’t work. Try these best practices instead.
Password expirations are still commonly recommended, but most security pros agree that they lead to more predictable passwords. Here's what to do instead.
Product Release: December 2022
Here’s what’s new on the Push platform for December 2022.
Maintaining persistent access in a SaaS-first world
Attackers have loads of persistence options in an endpoint compromise scenario, but what changes in a SaaS-first world? We talk new attack methods in this post.
Is it safe to allow my employees to connect third-party apps to our M365/Google Workspace tenant?
Learn about the benefits and risks of SaaS integrations and get tips for how to manage the risks.
Should I let my employees login with their work Google account?
Is logging in with Google or Microsoft secure? Yes, with caveats.
How to kick off an incident response investigation for a compromised SaaS account
We'll walk through how to quickly detect and mitigate business email compromise (BEC) and then prevent future attacks.
Product release: August 2022
Here’s what’s new on the Push platform for August 2022.
How to discover SaaS use without invading employee privacy
Learn how to manage SaaS in a way that keeps employees productive and doesn't compromise privacy.
5 steps to manage the risk of unsanctioned SaaS
Learn some lightweight ways to manage the risks SaaS introduces without relying on restrictive policies that block employees from using their preferred tools.
How to find the right SaaS security solution for your organization
In this guide, we’ll break down some major SaaS use cases and match them up with solutions that can address them, covering pros and cons for each.
What we’ve been up to with our seed funding: a peek behind the curtain
Yesterday, we announced our official launch and what Push Security is all about following our $4m series seed.
Building a culture of trust to secure SaaS, together
We’re excited to announce our $4M seed round, led by Decibel. See how we’re building tech that allows companies to let employees freely & securely adopt SaaS.
Push Security Announces $4M Seed Round to Introduce User-Centric Approach to Securing SaaS
Launches solution that finds SaaS apps employees are using and guides them to fix issues
Product release: July 2022
Here’s what’s new on the Push platform for July 2022.
Microsoft rolls out Security Defaults for Azure AD to secure access
Microsoft is starting to roll out Security Defaults for Azure AD for those who haven’t turned them on yet. Here’s what you need to know.
How to roll-your-own SaaS discovery
We’ve compiled some methods for discovering SaaS. Lets explore each approach and learn new ways to discover unknown SaaS, capture SaaS use, and secure it.
How to find a malicious OAuth app on Microsoft 365
How do you find a malicious Microsoft 365 OAuth app? Learn what to look for, and what to ignore, when checking your users haven't been consent phished.
Investigating user delegated OAuth tokens in Google Workspace - a ride along
Introduction to OAuth tokens in Google Workspace, how they are used, reasons you might want to review them, and a discussion of how you might go about it.
Consent phishing: the emerging phishing technique that can bypass 2FA
Consent phishing is an emerging technique attackers are using to compromise user accounts, even if they have Multi-factor Authentication (MFA or 2FA) enabled.
Case study: Business Email Compromise (BEC) attack nearly cost us millions
A story by the owner of an Engineering company on how they almost lost millions from a Business Email Compromise (BEC) style attack. An interesting BEC example.
Email security: How hackers use mail rules to access your inbox
After phishing campaigns target Office 365 and Google Workspace users, malicious mail rules are automatically added to the user’s mailbox. Take steps to defend.
Should you disable external email auto-forwarding?
External email auto-forwarding is a feature but also a risk; learn whether you should disable it, and, if you can't, how to manage the risk through detection.
How to set up Multi-Factor Authentication for Microsoft 365
Conditional Access, Security Defaults, or Legacy? Figuring out how to deploy MFA in Microsoft 365 can be complex. This post summarises your options.
Multi-Factor Authentication is the top security control for most small and medium-sized businesses
Why Multi-Factor Authentication (MFA aka 2FA) is so useful for small and medium-sized businesses, and how to deploy it successfully.
Which MFA methods should you use?
SMS, Authenticator apps, Security Keys, and more! We compare them from a user experience, security, cost, and security aspect.
Subscribe to get updates from Push
The latest news, articles, and resources, sent to your inbox.