A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts.”Storm-2657 is actively targeting a range of U.S.-based organizations, particularly employees in sectors like higher education, to gain access to third-party human resources (HR) software as a service (SaaS) platforms like Workday,” the
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/10/microsoft-warns-of-payroll-pirates.html
