At least one undisclosed retail/consumer-services organisation
October 23, 2025
•[ financial fraud, account compromise, cloud security ]
Threat cluster Jingle Thief compromises cloud accounts at retailers/consumer services to issue high-value gift cards at scale, maintaining persistence (rogue MFA apps, Entra enrollments) and living-off-the-land in M365; activity spiked AprilMay 2025 and is financially motivated fraud rather than service disruption. Campaign-level intel, not a single-victim event.
ConnectWise
May 29, 2025
•[ nation-state attack, security incident, cloud security ]
ConnectWise reported a suspected nation-state breach impacting a small number of ScreenConnect cloud customers; investigation with Mandiant ongoing; no counts shared.
