University of Cambridge
April 17, 2026
•[ phishing, credential theft, account compromise ]
Students and staff received phishing emails appearing to come from compromised University of Cambridge accounts; related messages contained links designed to steal login credentials and enable further account compromise.
Infinite Campus
March 18, 2026
•[ unauthorized access, data leak, account compromise ]
An unauthorized actor accessed an Infinite Campus employee's Salesforce account, exposing names and contact information for school staff; Infinite Campus said no student databases were accessed.
One Syrian government email account
March 12, 2026
•[ phishing, credential harvesting, account compromise ]
Proofpoint also observed activity from a cluster tracked as UNK_NightOwl that sent phishing emails to a Middle Eastern government ministry using both a compromised Syrian government account and an attacker-controlled address. The emails referenced the escalating conflict and directed recipients to a domain spoofing Microsoft OneDrive that hosted an Outlook Web App-style credential harvesting page before redirecting victims to a legitimate conflict monitoring site.
At least one undisclosed retail/consumer-services organisation
October 23, 2025
•[ financial fraud, account compromise, cloud security ]
Threat cluster Jingle Thief compromises cloud accounts at retailers/consumer services to issue high-value gift cards at scale, maintaining persistence (rogue MFA apps, Entra enrollments) and living-off-the-land in M365; activity spiked AprilMay 2025 and is financially motivated fraud rather than service disruption. Campaign-level intel, not a single-victim event.
Zerodha
October 15, 2025
•[ phishing, account compromise ]
Economic Times details Kamaths brief X account compromise after clicking phishing email
Charles County Public Schools
February 26, 2025
•[ social engineering, account compromise, payroll fraud ]
Caller convinced staff to reset MFA, accessed employee email and Oracle accounts, and attempted payroll change (stopped).
First Contact Health
May 1, 2024
•[ phishing, unauthorized access, health data ]
Guernseys Office of the Data Protection Authority (ODPA) sanctioned First Contact Health after cyber criminals successfully targeted an employee email account in a phishing attack, gaining unauthorized access to confidential health data. The practice reported the breach to the ODPA in May 2024, and the unauthorized access was believed to have occurred at least five months earlier. The enforcement action cited failures in key security controls intended to prevent phishing-based account compromise.
