A threat actor known as Storm-2657 has been observed hijacking
employee accounts with the end goal of diverting salary payments to
attacker-controlled accounts. "Storm-2657 is actively targeting a
range of U.S.-based organizations, particularly employees in
sectors like higher education, to gain access to third-party human
resources (HR) software as a service (SaaS) platforms like
Workday," the
Read more https://thehackernews.com/2025/10/microsoft-warns-of-payroll-pirates.html
