Security news aggregator

Latest coverage for SSO

SSO lets one identity access multiple services, reducing password reuse while making account, session, and identity-provider security critical.

8 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Single sign-on (SSO) lets a user authenticate once with a central identity provider and then access multiple applications without signing in separately to each one. Applications commonly rely on federation protocols such as SAML or OIDC to accept an assertion or token from that provider. SSO centralizes authentication; it does not by itself make every connected application secure or eliminate the need for authorization.

The concentration of access makes the identity provider a high-value target: a stolen password, session, or authentication token may provide access to many services. Phishing-resistant MFA, risk-based access controls, secure token and session handling, and careful configuration of application trust reduce that exposure. Organizations should also monitor provider and federation logs, review which applications can rely on SSO, and promptly disable accounts and sessions when roles change or employment ends. Misconfigured claims or overly broad application permissions can otherwise grant more access than intended.

Showing 8 most recent headlines Filtered view
Bank Info Security 5 months, 2 weeks ago

Fortinet Locks Down FortiCloud SSO Amid Zero-Day Attacks

Mitigation: SSO Access Restricted After Attackers Compromised Fully Patched DevicesNetwork security giant Fortinet locked out cloud customers from its single sign-on service until they update device firmware with a patch against active attacks exploiting an improper access control zero day. Only Fortinet devices running the latest, patched firmware versions can use Fortinet SSO.

Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions. [...]

Plus, the gang says it got in via Microsoft Entra SSO ShinyHunters says it stole several slices of data from Panera Bread, but that's just the yeast of everyone's problems. The extortionist gang also claims to have stolen data from CarMax and Edmunds, in addition to three other organizations it posted to its blog last week.…