Mandiant details how ShinyHunters abuse SSO to steal cloud data

Mandiant details how threat actors, including ShinyHunters, are exploiting vishing attacks and fake company SSO portals to steal credentials and MFA codes, enabling them to access and exfiltrate sensitive cloud data from various SaaS applications.