Reco Blog

In mid-2025, ShinyHunters breached Salesforce instances at Google and Workday using voice phishing and malicious OAuth apps. Learn what happened and how Reco’s SaaS security platform could have stopped it.

Discover the top cloud security trends, challenges, and strategies shaping 2025, with expert guidance on Zero Trust, AI security, and SaaS risk management.

Our threat intelligence team broke Cursor’s background agent and took over an EC2 instance machine. Learn how we did it, implications and next steps.

Ruby Life's CISO successfully secured budget for Reco by strategically aligning with both technical and business stakeholders, demonstrating how SaaS security would enable safe AI adoption and drive revenue growth rather than just mitigate risks. Discover the key to his success that helped Ruby Life gain executive support.

Discover how Coinbase's $400M breach was linked to an outsourced call center, where employees accessing sensitive data triggered phishing scams and social engineering attacks

A Deel insider used Slack to spy on Rippling. This case reveals how SaaS tools expose companies to insider threats and how Reco helps stop them.

ChatGPT now natively connects to Google Drive, Outlook, SharePoint, Box, Dropbox, and more. A valuable productivity boost – paired with a plethora of data security risks. Read this blog to understand SaaS-to-Ai Risks, plus how Reco can help.

Discover effective strategies for managing AI sprawl within your SaaS stack. Implement practical governance to address security, compliance, and data risks efficiently.

In May 2025, CISA issued a warning that Commvault's Metallic cloud backup service had been compromised by threat actors, enabling the adversaries to steal secrets from Commvault customers. Read this blog to learn what happened, how to remediate if you were affected, and how Reco can help you stop attacks like this.

The old days of SaaS, when companies only had a handful of core apps, are long gone. Today’s SaaS environments are no longer static—they’re dynamic, interconnected and AI-infused. Learn why the next revolution in SaaS security is Dynamic SaaS Security.

Threat detection and response for SaaS apps is critical. But should you build it or buy it? Read this blog to learn why building a homegrown solution with your SIEM may be prohibitively complex, costly, and fall short of providing adequate protection.

JPMorgan’s CISO Pat Opet issued a blunt warning that SaaS sprawl is “quietly enabling cyber attackers” and creating systemic vulnerabilities. He calls for new cybersecurity solutions and standards. Read this blog to understand why Dynamic SaaS Security is the answer.

An overpermissioned contractor with malicious intent led to a devastating SaaS security breach. Learn about Kate, Reco's Director of Demand Generation, and her true story of being part of a SaaS security attack.

Discover why browser extensions can harm SaaS security, creating risks and blind spots, and how agentless, dynamic solutions offer safer, smarter protection.

We’re here to lead the SaaS Security market — a space we believe is on the verge of massive growth. Learn why our investors are betting on Dynamic SaaS Security with an additional $25M.

Reco tackles the dangerous configuration sprawl by providing real-time visibility into security setting changes across your integrated applications. Learn about the associated risks and how with its Knowledge Graph technology and business context, Reco helps you quickly identify, prioritize and remediate critical configuration changes.

SaaS identity sprawl refers to the unchecked proliferation of user identities, access permissions, and authentication credentials across an organization's growing SaaS ecosystem. This phenomenon occurs as companies adopt more SaaS apps, each requiring separate user accounts, role definitions, and access controls.

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats - all while maintaining productivity.

Learn how Reco’s AI agents reduce alert overload for Security teams and improve SaaS security by turning unnecessary noise into clear, useful insights.

Learn how one CISO measures the ROI of SaaS security and 5 tips for increasing speed to value.

MFA fatigue attacks exploit user frustration by bombarding them with authentication requests until they approve one just to make the notifications stop. This sophisticated social engineering tactic turns a security measure into a vulnerability, threatening sensitive data and systems across an organization's SaaS ecosystem. Learn more about the risks with MFA fatigue and how by recognizing the warning signs of these attacks—such as unusual spikes in MFA declines or authentication attempts from suspicious locations —security teams can prevent attackers from bypassing this critical security layer.

Detecting ransomware in SaaS environments requires more than traditional security approaches as malicious files can spread through file synchronization and messaging platforms like Teams. While Microsoft and Google provide native scanning capabilities, Reco enhances detection by correlating alerts across platforms, providing crucial context about how ransomware originated, and enabling automated response before threats can spread through interconnected SaaS applications.

As SaaS applications grew increasingly AI powered, CSK needed to visibility and control over AI usage at the organization. The goal was to support AI innovation, without slowing the business down. CSK turned to Reco to help. Read this blog from CSKs Chief Information Officer, Jason Thomas, to learn more.

Organizations face significant security and compliance vulnerabilities when third-party vendors share sensitive data with their own vendors (fourth parties) without adequate oversight. Learn how these fourth-party relationships create blind spots in your security posture that can lead to regulatory penalties and reputational damage when breaches occur.

The Oracle cloud breach underscores how vulnerable identities are, as hackers continuously find ways to expose credentials. This blog discusses what happened, how Oracle cloud users can mitigate risks, and how you can protect your SaaS apps, even when your credentials are exposed by a vendor.

Self-Service Password Reset (SSPR) systems enable users to reset passwords independently but create new security risks that require monitoring for unusual patterns. Learn how effective SSPR monitoring can help prevent account takeovers and how to integrate monitoring into security architecture.

Wellstar Health uses Reco to manage shadow SaaS. In this blog, Wellstar Health's Executive Director of Security & GRC provides 9 actionable tips for reducing shadow IT. By employing these strategies, you too can reduce your shadow SaaS footprint and create a manageable, sustainable, and effective program.

One of the biggest challenges of SaaS security is that SaaS ownership is fragmented. So how do you get app owners to embrace SaaS security in order to drive change? Read this blog from Jennifer Langford at CSK. She improved her posture score from 45 to 75. Learn 5 tips for success.

Microsoft Copilot helps businesses be more efficient, but it also allows malicious actors to potentially exploit your business data. Reco uses prompt analysis to identify and flag risky behavior within Microsoft Copilot. Read this blog to understand how Reco can help you keep Microsoft Copilot secure.

Legacy SSPM is static – it can't keep up with the SaaS rate of change. SSPM+ is the next revolution in SSPM. It covers not only existing apps you know about, but also new apps as soon as they hit your infrastructure. It offers visibility into the entire SaaS lifecycle, and adjusts as your environment changes and grows. ‍

Reco now supports over 160 SaaS apps. Through the SaaS App Factory™, Reco can release new integrations on request in just days.

RFA is a managed IT services provider. They wanted to offer Managed Detection & Response services for Microsoft365 to clients. They signed up with Reco to power this service. Read the blog from RFA's CIO to learn how they did it.

BigID was struggling to build a threat detection and response program for SaaS applications. They signed up with Reco and eliminated months of work. Today, Reco is an integral part of BigIDs SOC automation.

Implementing a robust SaaS security program can help you improve your company's overall security posture. But simply purchasing a security tool won't be enough – you must pay attention to certain critical organizational factors as well. This blog details 6 steps for success.

SaaS has taken over our enterprise world. But it's constantly outscaling Security due to five types of sprawl. Read this blog to understand why traditional solutions, like CASB and SSPM, are not enough for SaaS security and why you need a Dynamic SaaS Security Platform.

Learn more about ESET uncovering PlushDaemon, a China-linked APT behind a 2023 supply chain attack on IPanyVPN. The attackers trojanized the installer to deploy the SlowStepper backdoor, enabling long-term espionage across multiple regions.

Learn more about ESET uncovering PlushDaemon, a China-linked APT behind a 2023 supply chain attack on IPanyVPN. The attackers trojanized the installer to deploy the SlowStepper backdoor, enabling long-term espionage across multiple regions.

Reco identified an ongoing, global campaign targeting SaaS identities originating from Phoenix, Arizona. This technical analysis report identifies attack patterns, attacker infrastructure, targeted accounts, and security measures that prevented or allowed account takeovers.

SaaS supply chain attacks occur when a malicious actor compromises a third-party SaaS vendor and uses that as a launching pad to target the vendor’s customers. By exploiting the interconnected nature of SaaS ecosystems, attackers can scale their reach and impact more victims. Read this blog to learn about the risks and how to mitigate them.

DeepSeek has quickly upended the AI market. But is it safe to use? Short answer: probably not. Read this blog to understand the biggest DeepSeek security risks for organizations.

Deep dive into Reco's shadow app discovery technology, covered by The Hacker News. Reco uses AI-based graph technology and email filtering to discover shadow apps and shadow AI. Learn what Reco can do – and what Reco cannot do – for shadow IT security at organizations.

Mike D'Arezzo, Executive Director of Security and GRC at Wellstar Health, turned to Reco to help him manage shadow IT and secure SaaS deployments at the organization. Learn how Reco empowers him to effectively secure PHI in SaaS apps.

On December 24, 2024, Cyberhaven experienced a security breach involving its Chrome browser extension. What started as a phishing email led to a poisoned Chrome extension, resulting in an estimated 400,000 compromised browsers.

Pat Opet, Chief information Security Officer (CISO) at JPMorgan Chase, recently named SaaS security as a top priority for 2025. Learn why it should be your top priority, too, and best practices for securing SaaS applications.

CISA recently released requirements for federal agencies to secure SaaS applications like Microsoft 365. Learn five steps to get SaaS security right.

Reco's shadow SaaS and shadow AI discovery solution can identify all applications and copilots being used by employees, rank their level of risk, and provide insight into who is using what and how.

The recent surge in generative AI adoption has given rise to a new security concern: shadow AI. A subset of shadow IT, shadow AI refers to the unapproved or unsanctioned use of AI tools and copilots within an organization. This blog discusses shadow AI security challenges, risks, and how to prevent data exposure by reducing shadow AI.

SailPoint includes two built-in organizational admin accounts that are used to provide customer support and ensure smooth operations. While these accounts are designed with good intentions, they introduce potential risks. Read this blog to learn about the risks and how Reco can help.

Discover how APT36's ElizaRAT leverages cloud platforms like Slack, Google Drive, and Telegram for stealthy cyber espionage. Explore its advanced evasion tactics, modular payloads, and evolving campaigns targeting Indian entities, highlighting its persistent threat and adaptability.

On October 30, 2024, Okta resolved a vulnerability affecting the Active Directory (AD) and LDAP delegated authentication systems that could allow unauthorized access to Okta accounts under specific conditions.

Building a strong security culture takes time and effort. Learn how CISOs can foster shared responsibility through foundational practices, policy enforcement, automation, and democratizing security knowledge to reduce risks, streamline compliance, and promote empathy for security requirements.

Find out how an ethical hacker uncovered a Zendesk flaw allowing anyone to impersonate Zendesk's agents, access connected platforms like Slack, and view private channels. The flaw can also let attackers view customer service tickets from any business using the platform by sending a crafted email to a Zendesk-managed support address.

Read our latest thought leadership piece for Forbes Technology Council on the importance of knowing your data exposure. Reco CEO & Cofounder Ofer Klein shares ways to prevent this risk and help organizations stay ahead of regulators and bad actors by gaining visibility into all connected SaaS apps and avoiding giving apps permissions when prompted.

Regular password changes and secure authentication methods are not enough to protect SaaS applications. Hackers can bypass these defenses without needing your password using ghost logins. This blog post by Reco covers how cyber attackers exploit ghost logins in platforms like Zapier using connected apps like Dropbox to maintain unauthorized access without detection.

Sophisticated cyber threats demand a new perspective—one that centers around the behavior of identities across the entire SaaS ecosystem. At Reco, we've developed an advanced analytics platform that leverages ClickHouse to detect and respond to threats like impossible travel, while reducing false positives and adapting to emerging attack vectors.

Darknet Diaries podcast provides true stories of hacking, cybercrime, and the dark web. A recent episode delves into how easily SaaS applications can be compromised, using dubstep music to highlight security vulnerabilities. This episode underscores the importance of SaaS security to protect against increasingly sophisticated web-based threats. We provide our top takeaways.

Explore a few widely used SaaS apps that fall outside what is normally characterized as a ‘crown jewel’ app, how attackers normally gain access to them, and perform reconnaissance to launch the next phases of their attack. We provide best practices that could help prevent these risks and limit the blast radius.

Read our latest thought leadership piece for Forbes Technology Council on zero trust and how it is critical for enterprises to secure their SaaS environment. Reco CEO & Cofounder Ofer Klein shares how in order for a zero-trust framework to be effective, organizations, first and foremost, must be aware of all of the applications that exist in their SaaS environment.

Explore Microsoft Copilot privacy concerns. Learn how Copilot manages user data, complies with regulations, and ensures data protection through encryption and pseudonymization. Find out how Microsoft aims to address evolving privacy challenges, maintaining user trust and data security.

Learn about the security risk connected with Microsoft 365 Copilot to avoid data leakage or unauthorized access while boosting productivity via AI-driven automation. Explore the best practices and strategies for secure Microsoft 365 Copilot deployment in our article.

Learn about the chain of events behind the recent Snowflake data breach from the perspective of a CISO, and gain step-by-step guidance from Reco on how you can secure your SaaS applications including Snowflake proactively.

OpenAI recently released a connector in ChatGPT that requires access to shared drives where personal and organizational environments are located. Preventing potential data exposure is crucial. Learn our recommendations to prevent threat surface from widening.

Explore key pillars of Microsoft 365’s security infrastructure and learn about 21 best practices for securing Microsoft 365. Find out which activities to monitor and how to protect your organization’s data and minimize exposure risk across different devices and applications.

AI-powered assistants, known as Copilots, are becoming more and more popular as they automate routine activities and provide useful insights. However, they also introduce security challenges, such as data leaks and privacy breaches. Ensuring their security is crucial, particularly with laws like GDPR and CCPA. This article explores how various SaaS Copilots handle security, helping businesses understand how to safely integrate these tools into their operations.

Learn our key takeaways for SaaS security from Verizon’s 2024 Data Breach Investigations Report (DBIR). This annual report provides an in-depth analysis of breaches from organizations of all sizes and industries, giving insights into trends and changes in the threat and security landscapes.

Read our latest thought leadership piece for Forbes Technology Council on the importance of SaaS Security Posture Management. Reco CEO & Cofounder Ofer Klein shares how by focusing on the unique security issues of SaaS alone, SSPM solutions help organizations stay ahead of regulators and bad actors.

Microsoft Copilot is transforming the way businesses interact with data and applications through its integration with Microsoft 365, offering a range of tools powered by advanced AI. Getting full visibility on the cost of using Microsoft Copilot is essential, as there can be unexpected charges beyond the basic price.

From antivirus basics to AI-driven solutions, cybersecurity tools have evolved to address increasingly complex threats. Advances in AI, especially Large Language Models (LLMs), have significantly enhanced threat detection and incident response, enabling better protection of digital assets. Explore the list of security tools with LLM capabilities.

Global software automation leader UiPath simplified SaaS data exposure and access management by sending alerts to Microsoft Sentinel of publicly exposed data located in shared Drives with the help of Reco.

Learn how to prepare your business for Microsoft Copilot. Discover Copilot’s functionalities and capabilities but also its potential risks and challenges. Learn about the advantages of using Microsoft Copilot for your business and follow the best practices for secure deployment.

Organizations are looking to generative AI (GenAI) governance as the technology's risks and opportunities continue to emerge. Learn from the world's leading AI experts about security industry priorities around AI safety and governance in our recap of the Digital World Conference Summit.

Microsoft Copilot for Security is an AI-driven platform enhancing cybersecurity across organizations by automating threat detection, analysis, and response, and ensuring data privacy and compliance with advanced encryption and strict regulations. Learn how Microsoft Copilot handles data and discover the best practices for its implementation.

Learn about Microsoft Copilot, an AI chatbot launched earlier this year and its insecurities including potential data leakage from account takeover. Gain an understanding of how easy it is for a threat actor to gain elevated access to organizational data from executing a simple GenAI prompt in Copilot, and learn best practices to secure your Copilot instance.

Learn about the SaaS App Factory from Reco, which extends SaaS security expertise, insights, and continuous monitoring from Reco to any SaaS application.‍ Enterprises can implement a common security framework to ensure universal coverage of all SaaS applications in their tech stack.

Reco CEO and Cofounder Ofer Klein sat down with Chief Digital Evangelist of eViRa Health, Evan Kirstel as part of the podcast What's Up in Tech? to discuss the cybersecurity landscape, the explosion in adoption of SaaS applications, and why SaaS security is no longer an option.

Hear from SaaS security experts on the effectiveness of the National Cybersecurity Strategy to help organizations secure their SaaS applications as we approach the one-year anniversary.

Gain an understanding of the recent Midnight Blizzard cyber attack: how the threat actors were successful, techniques used, and actionable recommendations to protect your Microsoft environment.

Our SaaS security experts use the cyber kill chain to walk through the phases of a SaaS application cyberattack, told from the perspective of a threat actor.

Discover how to leverage Reco AI with Cortex XSOAR for automated SaaS security. Streamline threat detection, automate remediation workflows, and fortify your organization's security posture.

Learn about the importance of Zero Trust and SaaS security for continuous verification of identities, strict access control, and total context across infrastructure.

Reco joins CISO Series, Super Cyber Friday to discuss hacking the SaaS security journey, the evolution of SaaS and security priorities, and the best methods for aligning SaaS security with business goals.

Connecting in Minutes, Reco Discovers Every App, Its Users, and Actions to Seamlessly Prioritize and Control the Risks in the SaaS Ecosystem

Intellyx, an industry analyst firm, named Reco to its 2023 Digital Innovator list. This annual list recognizes fast-rising technology companies committed to delivering enterprise digital transformation.

While GenAI provides efficiency at scale, it also poses risks that Security leaders can't ignore. Learn about the most common security risks associated with GenAI integrations and tactics to protect your data.

Learn about a real-world use case involving the Reco SaaS Threat Detection module and its revelation of a common threat within Office 365: disabled users retaining access to company data,

Learn about the recent cyberattack on Okta that led to the theft of HAR files from their customer support system. Reco shares how SaaS security (SSPM) solutions can be used to prevent techniques used in the Okta attack, detect session hijacking, and protect valuable data.

Learn about the recent exploit and ransomware attack with MOVEit. Reco shares how their SaaS security (SSPM) solution can be used to prevent techniques used by Clop to infiltrate data, exfiltrate data, and encrypt data.

Learn about Lapsus$, a data extortion group and their recent cyberattacks against Okta, Uber, and Microsoft. Reco shares how their SaaS security (SSPM) solution can be used to prevent techniques used by Lapsus$ including privilege escalation, and user execution.

Learn how a misconfigured SaaS token in Microsoft led to 38TB of data being exposed, and how to prevent misconfigurations using configuration management and event monitoring.

Reco CTO and Cofounder Tal Shapira shares insights on the transformative power of GenAI and its implications on cybersecurity from the SECtember AI Think Tank Day. Learn how AI innovators and experts came together to discuss the industry priorities for AI research and soft launch the Cloud Security Alliance’s AI Safety Initiative.

Learn how SaaS super admins targeted Okta in a social engineering campaign, and how to keep your Okta tenant and highly privileged SaaS accounts secure using Reco’s AI-driven approach and comprehensive mapping of data, apps, and identities.

Discover the benefits of Multi-Factor Authentication (MFA) for SaaS app security, and learn how MFA enhances protection against cyber threats and improves compliance.

See how organizations are underestimating the extent of their SaaS attack surface risk due to a lack of unified risk visibility.

Learn how Reco is transforming application governance and tackling the challenges of shadow applications using Generative AI. By leveraging Large Language Models and Google search, Reco's unique 'application consolidation' process brings clarity to complex landscapes, enhances app governance, and shadow app discovery. Join us on the forefront of security innovation with Reco.

Reco and Wiz have joined forces to create a comprehensive cloud security solution. Reco's contextual AI enhances Wiz's understanding of user privileges and activity in SaaS applications, while Wiz helps Reco users track and protect cloud assets. This collaboration ensures complete visibility, control, and protection across SaaS and cloud environments.

The partnership of Reco and Torq offers a powerful data protection and workflow automation solution for businesses utilizing SaaS applications. Reco identifies and flags sensitive data across platforms, providing insight into potential exposure risks. Meanwhile, Torq's hyperautomation ensures automatic risk remediation. Together, they have yielded an impressive 80%-90% reduction in exposure risk for their customers. By leveraging Reco's data insights and Torq's automation capabilities, businesses can secure their data, streamline workflows, and focus on their core operations.

Shadow threats—Shadow Identities, Shadow Applications, and Shadow Data—pose risks to organizational security, compliance, and efficiency. To address these threats, organizations must adopt a comprehensive strategy supported by AI-powered SaaS security solutions. A whole systems security approach driven by AI offers scalability, visibility, detection and remediation. Leveraging context analysis solutions enables organizations to safeguard information assets, improve operational efficiency, and foster secure collaboration.

Discover how Reco’s AI-driven approach and comprehensive mapping of data, apps, and identities perfectly aligned with the needs of our customer, Cresta. By going beyond security posture, Reco enabled proactive detection and response to sensitive data exposure and leakage.

Reco has empowered SolarEdge to enhance their SaaS security and productivity exponentially. By providing comprehensive visibility, reducing false positives, and streamlining the protection of sensitive data, Reco has proven instrumental in SolarEdge's pursuit of securing their intellectual property, maintaining data privacy, and achieving operational excellence.

The impacts of data leaks not only result in the loss of critical medicines that save lives and put operators in danger, but also cause disruptions to essential systems, such as food, water, electricity, heat, and the monetary system, with significant impacts on the economy. Furthermore, they can have severe consequences for education, collaboration, the environment, and other vital aspects of modern life. In the realm of cybersecurity, cybercriminals, hackers, and ransomware gangs can do more than just damage businesses - they can destroy lives on a grand scale.