At least one undisclosed retail/consumer-services organisation
October 23, 2025
•[ financial fraud, account compromise, cloud security ]
Threat cluster Jingle Thief compromises cloud accounts at retailers/consumer services to issue high-value gift cards at scale, maintaining persistence (rogue MFA apps, Entra enrollments) and living-off-the-land in M365; activity spiked AprilMay 2025 and is financially motivated fraud rather than service disruption. Campaign-level intel, not a single-victim event.
Zerodha
October 15, 2025
•[ phishing, account compromise ]
Economic Times details Kamaths brief X account compromise after clicking phishing email
Charles County Public Schools
February 26, 2025
•[ social engineering, account compromise, payroll fraud ]
Caller convinced staff to reset MFA, accessed employee email and Oracle accounts, and attempted payroll change (stopped).
