"Mandiant is tracking a new, ongoing ShinyHunters-branded campaign using evolved vishing techniques to successfully compromise SSO credentials from victim organisations, and enrol threat actor controlled devices into victim MFA solutions," he told Computer Weekly via email. "This is an active and ongoing campaign. After gaining initial access, these actors pivot into SaaS environments to exfiltrate sensitive data. An actor that identifies as ShinyHunters has approached some of the victim organisations with an extortion demand.
Organizations are heavily investing in zero trust, a security framework that requires strict verification and ongoing monitoring of every user, device, and application. As of 2025, the size of the zero trust market is estimated at $38.37 billion USD and is projected to grow to $86.57 billion USD by 2030. Investmentsinclude not only tools but also organizational transformation, policy overhaul, and long-term architectural changes. When combined with strong, phishing-resistant multi-factor authentication (MFA) and AI-powered threat detection, a move toward zero trust will significantly enhance cybersecurity. However, help desks often lack robust identity verification, creating a critical vulnerability.