Safeguard
Tag

saas-security

Safeguard articles tagged "saas-security" — guides, analysis, and best practices for software supply chain and application security.

12 articles

Software Supply Chain Security

Vendor breach exposure: third-party risk lessons from the Klue incident

A single forgotten credential at Klue exposed Salesforce CRM data at 14+ companies, including Snyk and Huntress—here's what it teaches about vendor risk.

Jun 28, 20268 min read
Threat Intelligence

The Klue Breach: One Legacy Credential Turned Into a SaaS Supply Chain Attack on Salesforce and Gong

Attackers used a disused legacy credential at marketing-intelligence vendor Klue to push code that harvested customer OAuth tokens, then walked into Salesforce and Gong instances. A textbook SaaS-to-SaaS supply chain pivot.

Jun 17, 20266 min read
Compliance

SOC 2 Type II reporting for AppSec vendors and buyers

A SOC 2 Type II badge isn't enough due diligence for AppSec vendors. Here's what to actually check in the report—scope, exceptions, and subservice carve-outs—before you trust one.

Jun 17, 20268 min read
Threat Intelligence

OAuth Token Theft: The SaaS-to-SaaS Supply Chain Is the New Soft Target

The Klue and Salesloft Drift breaches showed the same pattern: steal one integration's OAuth tokens, inherit trusted access into hundreds of customer SaaS instances. Here is why third-party app grants are the supply chain risk most teams still aren't governing.

Jun 8, 20267 min read
Product

Cloud Scanning vs Hybrid Scanning: Deployment Models for ...

SaaS vs self-hosted SCA deployment compared on data residency, air-gap support, and audit scope, with a look at how Safeguard's flexible deployment model differs from cloud-only platforms.

May 20, 20268 min read
Cloud Security

Multi-Tenant SaaS Data Isolation: Patterns and Failure Modes

Every multi-tenant breach story ends the same way: one tenant reading another tenant's data. The isolation patterns that prevent it, the failure modes that cause it, and how to test which side you're on.

May 7, 20266 min read
Compliance

What is a SOC 2 report and why it matters for SaaS

SOC 2 explained for SaaS teams: what the report covers, how it differs from tools like Vanta, and why compliance alone won't stop supply chain attacks.

Mar 21, 20268 min read
Regulatory Compliance

GDPR compliance basics for US and global SaaS companies

A practical GDPR compliance checklist for US and global SaaS teams: fines, deadlines, and why documentation platforms like Vanta don't cover Article 32's technical controls.

Mar 20, 20267 min read
Industry Analysis

Third-party risk management for fintech SaaS vendors

A practical, step-by-step fintech third-party risk management playbook: vendor discovery, tiering, security review, continuous monitoring, and contract controls.

Jan 4, 20269 min read
Industry Analysis

Third-party risk assessment for insurtech SaaS platforms

A practical playbook for running an insurtech third-party risk assessment across vendors, APIs, and integrations before they touch policyholder data.

Dec 31, 20258 min read
AI Security

Asana MCP Cross-Tenant Leak: A SaaS Connector Failure Mode

From May 1 to June 17, 2025, Asana's MCP server exposed records from one customer's workspace to another. The bug was a textbook authorization break wearing an AI label.

Jul 2, 20257 min read
Ransomware

Kronos Ransomware Attack: When Payroll Systems Go Dark Before the Holidays

A ransomware attack on Ultimate Kronos Group disrupted payroll and workforce management for millions of workers at hospitals, governments, and major employers right before the holiday season.

Dec 14, 20215 min read
saas-security — Safeguard Blog