Blog
/
Release notes

Product release: September 2025

Attack timeline, screenshots & classifications for Detections, blog cloned login pages, and more.

What’s new this month:

  • Attack timeline, screenshots & classifications for Detections

  • Block cloned login pages

  • Block URL schema obfuscation

  • Identify browsers synced to personal profiles

  • Enhanced dashboard

  • Configure a custom data retention period

  • Debug logs for SIEM & webhooks integrations

Attack timeline, screenshots & classifications for Detections

You can now get deeper context and telemetry to investigate attacks that Push intercepts in the browser using these recently released enrichments for Push’s Detections:

  • Timeline: An attack timeline of where a phishing link originated, how a user interacted with the page, and how Push responded.

  • Screenshots: Optional screenshots of the suspicious page, to quickly triage detections.

  • Blast radius: A view of the impact of this attack and whether other apps are also compromised or at risk as a result.

You can also now classify a detection to record the outcome of your investigation. Options include: true positive, benign true positive (such as a detection triggered by a phishing simulation exercise), and false positive. The default state is not classified.

Detections page - timeline - for release notes - Sept. 2025

Learn more

Block cloned login pages

You can now Warn or Block employees when Push detects that they’re visiting a cloned login page.

Cloned login page detection, which you can configure on the Controls page of the Push admin console, has become a highly effective and low false-positive control. We recommend that you move to using Block mode for your organization — if you’re not already!

Cloned login block page - for release notes - Sept. 2025

Learn more

Identify browsers synced to personal profiles

The Push browser extension can now identify the email address that’s used to log in to a browser, as well as whether browser sync is enabled.

Using this data, you can see whether any employees are signed in to work browsers with non-company identities and syncing their browsers, which can result in work credentials being synced to personal profiles.

To find this data, go to the Push admin console and view the Browsers page under Investigate in the left toolbar.

Learn more

Enhanced dashboard for easier monitoring

We’ve improved the data and design of the Push admin console Dashboard so you can keep track of the important developments in your environment.

A few of the changes:

  • A snapshot of recent Detections activity

  • An overview of all events on the platform, including activity related to Controls

  • Performance improvements so the page load is fast for even very large deployments

Dashboard - for release notes - Sept. 2025

Configure a custom data retention period

You can now configure how long activity data will be retained in Push by configuring a data retention period.

From the admin console, go to Settings > Organization > Data retention and select the data retention period in years.

Learn more

Easier debugging for webhook or integration error messages

We’ve added a debug log to make it easier to see what’s not working when you receive an error related to your Push webhooks or SIEM integrations.

You can access the debug log by opening the details slideout in the Push admin console for the webhook or integration you’ve created. Go to Settings > Webhooks or Settings > Integrations.

Learn more

Subscribe to get updates from Push
The latest news, articles, and resources, sent to your inbox