Mandiant details how ShinyHunters abuse SSO to steal cloud data

Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) ...
The Hacker News

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet released updates for an actively exploited FortiOS SSO authentication bypass flaw, CVE-2026-24858, now listed by CISA in KEV.
The Hacker News

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate devices via ...

Okta SSO accounts targeted in vishing-based data theft attacks

Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks.
CSOonline

SSO explained: Single sign-on definition, examples, and terminology

Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications. Its beauty is in its simplicity; the ...
ZDNet

Should you stop logging in through Google and Facebook? Consider these SSO risks vs. benefits

Many sites let you sign in with an existing login from consumer SSO providers. This approach results in a potentially risky centralization of your credentials. Passkeys allow you to compartmentalize ...
SlashGear

Stop Signing Into Websites With Google And Facebook And Do This Instead

On most major websites, you're bound to see a handful of familiar icons under the login credential fields. Likely, an option to sign in to that particular website via Google, Facebook, Apple, and ...