Contain the SSO Blast Radius: Identity Security Beyond MFA
Over the past week, multiple research teams have documented a renewed wave of voice-led social engineering targeting identity providers and federated access. The entry point is not malware or a zero-day exploit. The goal is simple: persuade a user to help complete authentication in real time, then use that trusted session to move through SaaS applications and exfiltrate data.
