// #sso
3 articles
Fortinet Patches Critical Vulnerabilities in FortiAuthenticator and FortiSandbox — Enterprise SSO and Security Infrastructure at Risk
Fortinet released patches for critical vulnerabilities in FortiAuthenticator and FortiSandbox as part of the May 2026 patch cycle. FortiAuthenticator flaws can enable authentication bypass and session manipulation in enterprise SSO deployments, while FortiSandbox issues affect the analysis platform. Apply patches immediately given Fortinet's established exploitation history.
Cordial Spider and Snarky Spider Drive Multi-Sector SaaS Account Takeover via Vishing and SSO AiTM Attacks
Two newly-designated threat actor clusters — Cordial Spider (UNC6671) and Snarky Spider (UNC6661) — are conducting coordinated vishing and adversary-in-the-middle SSO phishing campaigns against enterprise organisations across finance, technology, and logistics sectors, bypassing MFA to harvest persistent OAuth tokens. Organisations should review SSO conditional access policies and verify help desk vishing verification procedures.
Four Critical Cisco Flaws: Webex SSO User Impersonation (CVSS 9.8) and ISE Root Code Execution (CVSS 9.9)
Cisco patched four critical vulnerabilities across Webex Services and Identity Services Engine. CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user via crafted SSO tokens. Three ISE flaws at CVSS 9.9 let read-only admins execute arbitrary commands as root. Webex deployments with SSO require urgent manual action — Cisco's cloud fix is not sufficient without administrator intervention.