North America
Microsoft users
Microsoft disclosed details of a large-scale credential theft campaign that targeted more than 35,000 users across over 13,000 organizations in 26 countries.
The campaign used code-of-conduct-themed phishing lures, combined with legitimate email services, to redirect users to attacker-controlled domains and steal authentication tokens. The phishing emails featured polished, enterprise-style HTML templates with structured layouts and authenticity statements, making them appear more credible and convincing than typical phishing attempts.
Most of the phishing emails targeted organizations in the healthcare and life sciences, financial services, professional services and technology sectors. The disclosure comes just a month after Microsoft revealed another large-scale phishing campaign using device code authentication flows to compromise organizations worldwide.
SourceHow it could affect your business
Today’s phishing campaigns are becoming increasingly sophisticated, blending seamlessly into everyday business communications and making them harder for users to identify. Organizations should prioritize continuous user awareness training and leverage advanced technologies, such as GenAI, to detect and stop evolving phishing threats.
United States
Opexus
A software company that handles sensitive data for nearly every U.S. federal agency was reportedly the victim of an insider threat earlier this year.
Opexus, a software services provider used for processing U.S. government records, disclosed that two employees improperly accessed sensitive documents and compromised or deleted dozens of databases, including systems containing data from the Internal Revenue Service and the General Services Administration. The incident is now under investigation by the FBI and other federal law enforcement agencies.
According to reports, the two individuals, identified as twin brothers Muneeb and Suhaib Akhter, allegedly destroyed more than 30 databases and removed over 1,800 files tied to a government project. The incident also reportedly caused outages in key government software systems and, in some cases, permanent data loss.
SourceHow it could affect your business
Incidents like this are a reminder that some of the most damaging cyberthreats can come from within an organization, with insider threats capable of causing severe operational disruption and data loss. Organizations should enforce strict access controls, continuously monitor privileged activity and implement role-based permissions to reduce the risk of unauthorized access or misuse of sensitive systems.
North America
BWH Hotels
BWH Hotels, the parent company of Best Western, WorldHotels and SureStay, confirmed a major data breach that exposed sensitive customer information.
The global hospitality company, which operates more than 4,500 hotels across 100 countries, detected unauthorized activity in a web application containing guest reservation data on April 22. The company acknowledged that attackers had maintained access to the network for more than six months. Thousands of reservations tied to Best Western and other BWH brands may have been exposed, raising concerns over targeted phishing attacks against travelers.
The company has begun notifying affected guests and is warning them to remain cautious of fake booking pages, suspicious communications and urgent payment requests.
SourceHow it could affect your business
Breaches involving reservation and travel data can lead to highly targeted phishing attempts that appear legitimate and personalized. Organizations and individuals should stay alert to suspicious emails, fake booking links and urgent payment requests that attempt to exploit exposed customer information.
United States
West Pharmaceutical Services
West Pharmaceutical Services, a manufacturer of pharmaceutical packaging and drug delivery systems, experienced a ransomware attack on May 4 that prompted the company to proactively shut down and isolate portions of its on-premise infrastructure.
The Pennsylvania-based company, one of the world’s leading providers of drug-delivery technologies, detected unusual activity on its network and took systems offline as a precautionary measure. The shutdown disrupted access to enterprise systems and temporarily affected global business operations.
According to the latest updates, the company has made significant progress restoring operations globally, including restarting critical manufacturing, receiving and shipping systems at certain locations.
SourceHow it could affect your business
Ransomware attacks continue to disrupt organizations across sectors. To reduce risk and recover quickly, organizations should maintain a robust business continuity and disaster recovery (BCDR) strategy, along with immutable, ransomware-protected backups that cannot be altered or deleted by attackers.
United States
NYC Health + Hospitals Corporation
A data breach at NYC Health + Hospitals Corporation in late March may have affected more than 1.8 million individuals.
NYC Health + Hospitals is the largest public health system in the U.S. and serves more than 1 million New Yorkers. The Department of Health and Human Services Office for Civil Rights breach portal was updated to show that personal and protected health information belonging to approximately 1.8 million current and former patients and employees was compromised in the incident.
Investigators found that attackers had access to the network for 11 weeks, with the breach reportedly originating from a security incident involving one of the organization’s vendors.
SourceHow it could affect your business
Exposure of personally identifiable information and protected health information can create serious risks, including identity theft, insurance fraud and highly targeted phishing attacks. Healthcare organizations should strengthen third-party security oversight, enforce strict access controls, continuously monitor networks for suspicious activity and maintain strong incident response processes to reduce the impact of breaches involving sensitive patient data.
