SecurityWeek

ShinyHunters-Branded Extortion Activity Expands, Escalates

Mandiant has observed an increase in ShinyHunters-branded attacks using evolved vishing and credential harvesting.
Bleeping Computer

Okta SSO accounts targeted in vishing-based data theft attacks

Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these kits are being used in active attacks to ...
Bleeping Computer

Mandiant details how ShinyHunters abuse SSO to steal cloud data

They used this access to steal data from cloud applications based on whatever permissions were available through the compromised SSO session. Mandiant believes this activity is opportunistic, with the ...