Find notable cyber news and cases, enriched with sources, timelines, and signals.

Jingle Thief cloud phishing and smishing gift card fraud campaign

Campaign
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

The Jingle Thief campaign is actively using phishing and smishing to steal cloud credentials and drive unauthorized gift card fraud against retail and consumer services organizations. Researchers observed a wave of coordinated attacks in April and May 2025, and the cluster has been active since at least late 2021. The operation matters because intruders can keep prolonged cloud access, broaden their foothold, and issue gift cards at scale with minimal traceability.

Related Happenings

Organization hit by network compromise linked to Velvet Ant

Incident
H score35 First: 13.06.2026 17:06 Last: 13.06.2026 17:06 Sources 1

About this happening: A **target organization** suffered a **10-year authentication stack compromise** that exposed **administrative activity** inside an **isolated critical infrastructure network**. T...

Senior executive at major global stock exchange hit by data theft breach

Incident
H score7 First: 03.06.2026 15:46 Last: 03.06.2026 15:46 Sources 1

About this happening: A senior executive at a major global stock exchange suffered an **email account compromise** that enabled **months of unauthorized mailbox access** and data theft. The intrusion b...

Storm-2949 Microsoft 365 and Azure data-theft campaign

Campaign
H score33 First: 19.05.2026 22:35 Last: 19.05.2026 22:35 Sources 1

About this happening: The **Storm-2949** campaign is targeting **Microsoft 365 and Azure production environments** to steal sensitive data, increasing the risk of privileged-account takeover and cloud...

PCPJack credential theft framework worms across exposed cloud infrastructure

Malware Activity
H score27 First: 08.05.2026 12:00 Last: 08.05.2026 12:00 Sources 1

About this happening: The **PCPJack** malware activity is extending a **credential-theft** operation across **exposed cloud infrastructure**, stripping **TeamPCP** artifacts and stealing access from se...

QR code phishing surged across email threats in Q1 2026

Trend
H score73 First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....

Timeline

  1. 23.10.2025 10:52 2 articles · 8mo ago

    Jingle Thief cloud phishing and smishing gift card fraud campaign

    Initial Disclosure

    In **April and May 2025**, **Jingle Thief** entered a coordinated credential-theft phase by sending **phishing and smishing** lures to capture **Microsoft 365** logins. That initial access was then used to search for gift-card issuance workflows and prepare follow-on fraud.

    Show sources