ZDNet

Should you stop logging in through Google and Facebook? Consider these SSO risks vs. benefits

Many sites let you sign in with an existing login from consumer SSO providers. This approach results in a potentially risky centralization of your credentials. Passkeys allow you to compartmentalize ...
Bleeping Computer

Mandiant details how ShinyHunters abuse SSO to steal cloud data

This allows attackers to successfully authenticate with stolen credentials and enroll their own devices in MFA. Once they gain access to an account, they log in to an organization's Okta, Microsoft ...
Hosted on MSN

Google's security team look at how ShinyHunters has rolled out SSO scams

ShinyHunters use vishing and custom phishing pages to bypass SSO protections Stolen MFA codes grant access to platforms like Salesforce, Microsoft 365, and Dropbox Other groups mimic tactics; experts ...