SSO

Google lets Workspace admins apply one policy across all SAML apps

Google, Google Workspace, News, SSO, update /

Google lets Workspace admins apply one policy across all SAML apps 2026-05-15 at 16:07 By Sinisa Markovic Google has updated Context-Aware Access (CAA) in Google Workspace to introduce a default policy assignment for SAML applications. SAML applications are third-party or internal applications that use the Security Assertion Markup Language (SAML) protocol to enable single sign-on […]

Google lets Workspace admins apply one policy across all SAML apps Read More »

ShinyHunters flip the script on MFA in new data theft attacks

data theft, Don't miss, extortion, Google Cloud, Hot stuff, Mandiant, News, Silent Push, social engineering, SSO, tips, vishing /

ShinyHunters flip the script on MFA in new data theft attacks 2026-02-02 at 18:50 By Zeljka Zorz Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in ongoing social engineering attacks aimed at bypassing it. Among those successfully targeted in

ShinyHunters flip the script on MFA in new data theft attacks Read More »

ShinyHunters-Branded Extortion Activity Expands, Escalates

cybercrime, ShinyHunters, SSO, vishing /

ShinyHunters-Branded Extortion Activity Expands, Escalates 2026-02-02 at 17:54 By Ionut Arghire Hackers rely on evolved vishing and login harvesting to compromise SSO credentials for unauthorized MFA enrollment. The post ShinyHunters-Branded Extortion Activity Expands, Escalates appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

ShinyHunters-Branded Extortion Activity Expands, Escalates Read More »

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)

0-day, Don't miss, firewall, Fortinet, FortiOS, Hot stuff, News, SSO, vulnerability /

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) 2026-01-28 at 02:21 By Zeljka Zorz Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. “This vulnerability was found being exploited in the wild by two malicious FortiCloud accounts, which were locked out

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) Read More »

Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices

exploited, FortiCloud, Fortinet, SSO, Vulnerabilities /

Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices 2026-01-23 at 16:05 By Ionut Arghire Similar to recent FortiCloud single sign-on (SSO) login vulnerabilities, the attacks bypass authentication. The post Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices Read More »

Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718?

Arctic Wolf Networks, Don't miss, firewall, Fortinet, FortiOS, Hot stuff, Huntress, News, privileged accounts, SSO, vulnerability /

Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718? 2026-01-21 at 22:22 By Zeljka Zorz CVE-2025-59718, a critical authentication bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to persist in newer, purportedly fixed releases of the underlying FortiOS. According to Fortinet, CVE-2025-59718 had been fixed in FortiOS versions 7.6.4 or

Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718? Read More »

Rethinking governance in a decentralized identity world

Allegro Solutions, CISO, cybersecurity, Don't miss, Features, Hot stuff, LogicGate, News, SSO, strategy, tips /

Rethinking governance in a decentralized identity world 2025-06-04 at 07:36 By Mirko Zorz Decentralized identity (DID) is gaining traction, and for CISOs, it’s becoming a part of long-term planning around data protection, privacy, and control. As more organizations experiment with verifiable credentials and self-sovereign identity models, a question emerges: Who governs the system when no

Rethinking governance in a decentralized identity world Read More »

Cross-IdP impersonation bypasses SSO protections

Don't miss, identity, News, Push Security, SaaS, SSO /

Cross-IdP impersonation bypasses SSO protections 2024-11-19 at 18:22 By Help Net Security Cross-IdP impersonation – a technique that enables attackers to hijack the single sign-on (SSO) process to gain unauthorized access to downstream software-as-a-service (SaaS) applications without compromising a company’s primary identity provider (IdP) – is expected to gain popularity with attackers, according to Push

Cross-IdP impersonation bypasses SSO protections Read More »

How hybrid workforces are reshaping authentication strategies

authentication, biometrics, cybersecurity, Don't miss, Features, FusionAuth, Hot stuff, identity verification, MFA, News, opinion, SSO /

How hybrid workforces are reshaping authentication strategies 2024-10-08 at 07:01 By Mirko Zorz In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometrics, to enhance security while maintaining productivity.

How hybrid workforces are reshaping authentication strategies Read More »

Reducing credential complexity with identity federation

authentication, credentials, cybersecurity, Descope, Don't miss, Features, Hot stuff, identity management, News, opinion, SSO /

Reducing credential complexity with identity federation 2024-10-01 at 07:01 By Mirko Zorz In this Help Net Security interview, Omer Cohen, Chief Security Officer at Descope, discusses the impact of identity federation on organizational security and user experience. He explains how this approach streamlines credential management and enhances security by leveraging trusted identity providers while simplifying

Reducing credential complexity with identity federation Read More »

Critical Authentication Flaw Haunts GitHub Enterprise Server

CVE-2024-6800, GitHub, GitHub Enterprise Server, Identity & Access, SSO, Vulnerabilities /

Critical Authentication Flaw Haunts GitHub Enterprise Server 2024-08-21 at 20:01 By Ryan Naraine GitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users. The post Critical Authentication Flaw Haunts GitHub Enterprise Server appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

Critical Authentication Flaw Haunts GitHub Enterprise Server Read More »

How passkeys eliminate password management headaches

authentication, cybersecurity, Don't miss, Features, Hot stuff, Industry news, opinion, passwords, rf IDEAS, SSO, standards /

How passkeys eliminate password management headaches 2024-08-15 at 07:01 By Mirko Zorz In this Help Net Security interview, David Cottingham, President at rf IDEAS, discusses the key benefits organizations can expect when implementing passkeys. Cottingham addresses the misconceptions surrounding the adoption of passkeys, particularly in the B2B landscape. What are the key benefits that organizations

How passkeys eliminate password management headaches Read More »

Product showcase: How to track SaaS security best practices with Nudge Security

access management, News, Nudge Security, OAuth, Product showcase, SaaS, SSO /

Product showcase: How to track SaaS security best practices with Nudge Security 2024-03-13 at 06:37 By Help Net Security As technology adoption has shifted to be employee-led, IT and security teams are contending with an ever-expanding SaaS attack surface. At the same time, they are often spread thin, meaning they need ways to quickly identify

Product showcase: How to track SaaS security best practices with Nudge Security Read More »

Phishers target FCC, crypto holders via fake Okta SSO pages

Cryptocurrency, Don't miss, fcc, Hot stuff, Lookout, News, Okta, phishing, SSO /

Phishers target FCC, crypto holders via fake Okta SSO pages 2024-03-04 at 14:46 By Helga Labus A new phishing campaign is using fake Okta single sign-on (SSO) pages for the Federal Communications Commission (FCC) and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The phishing campaign By pretending to be

Phishers target FCC, crypto holders via fake Okta SSO pages Read More »

Understanding zero-trust design philosophy and principles

authentication, Bloomberg, cybersecurity, Don't miss, Features, Hot stuff, identity management, News, opinion, SSO, standards, zero trust /

Understanding zero-trust design philosophy and principles 2024-01-09 at 07:32 By Mirko Zorz In this Help Net Security interview, Phil Vachon, Head of Infrastructure in the Office of the CTO at Bloomberg, discusses the varying definitions of zero trust among security professionals and companies, emphasizing its broad design philosophy. Vachon explores challenges in implementing zero trust,

Understanding zero-trust design philosophy and principles Read More »

The new imperative in API security strategy

access control, API security, authentication, cybersecurity, News, report, SSO, survey, Wallarm /

The new imperative in API security strategy 16/11/2023 at 07:01 By Help Net Security Of the 239 vulnerabilities, 33% (79 out of 239) were associated with authentication, authorization and access control (AAA) — foundational pillars of API security, according to Wallarm. Prioritizing AAA principles Open authentication (OAuth), single-sign on (SSO) and JSON Web Token (JWT),

The new imperative in API security strategy Read More »

Is the new OWASP API Top 10 helpful to defenders?

API security, attacks, authentication, automation, bot, Cequence Security, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, OWASP, SSO /

Is the new OWASP API Top 10 helpful to defenders? 30/08/2023 at 07:32 By Help Net Security The OWASP Foundation’s Top Ten lists have helped defenders focus their efforts with respect to specific technologies and the OWASP API (Application Programming Interface) Security Top 10 2023 is no exception. First drafted five years ago and updated

Is the new OWASP API Top 10 helpful to defenders? Read More »

Adapting authentication to a cloud-centric landscape

access control, authentication, biometrics, CISO, Compliance, credentials, cybersecurity, Don't miss, Features, Hot stuff, MFA, News, opinion, passwordless, policy, regulation, SSO, zero trust, ZITADEL /

Adapting authentication to a cloud-centric landscape 28/08/2023 at 07:33 By Mirko Zorz In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies. What are

Adapting authentication to a cloud-centric landscape Read More »

Scroll to Top