At least one undisclosed retail/consumer-services organisation
October 23, 2025
•[ financial fraud, account compromise, cloud security ]
Threat cluster Jingle Thief compromises cloud accounts at retailers/consumer services to issue high-value gift cards at scale, maintaining persistence (rogue MFA apps, Entra enrollments) and living-off-the-land in M365; activity spiked AprilMay 2025 and is financially motivated fraud rather than service disruption. Campaign-level intel, not a single-victim event.
National prison management platform of the National Penitentiary Administration (ANP)
August 1, 2025
•[ insider threat, financial fraud, unauthorized access ]
A prisoner in the Dej hospital prison hacked tablet/kiosk systems used to access the national inmate-services portal, manipulating requests and financial accounts tied to commissary and sentence-credit workflows. Activity persisted for weeks across multiple institutions before detection; the union and national media detail platform misuse and credential abuse rather than broad IT outages.
PIX banking transaction system
July 4, 2025
•[ cybercrime, financial fraud ]
Police in Brazil arrested a suspect tied to a $100M+ banking hack scheme; article frames it as multi-bank cybercrime operation.
KT Corporation
June 1, 2025
•[ financial fraud, data breach ]
KT told lawmakers its CEO would step down once the unauthorized micropayment breach is resolved. The case involves widespread illicit small-value charges through subscriber accounts, prompting government probes, customer redress, and leadership accountability. Technical details point to abuse of payment flows rather than core network outage; impact is financial and reputational, not operational.
