Find notable cyber news and cases, enriched with sources, timelines, and signals.

ESentire-observed account compromise surged 389% in 2025

Trend
First reported
Last updated
Happening score
H score 52
1 unique sources, 1 articles

Summary

Hide ▲

Account compromise surged 389% year over year in 2025, making it the dominant observed attack pattern and increasing credential theft and account takeover risk across business users. Microsoft 365 accounts were a prime target, and much of the activity was enabled by phishing-as-a-service (PhaaS) kits. The trend matters because it shows credential abuse is driving a large share of current malicious activity and sustaining BEC operations across multiple sectors.

Related Happenings

O-UNC-066 / Pink Microsoft Entra passkey vishing campaign

Campaign
H score37 First: 08.07.2026 19:47 Last: 08.07.2026 19:47 Sources 1

About this happening: The **O-UNC-066 / Pink** operation is using **voice-based phishing** to push **Microsoft 365** users into enrolling attacker-controlled **Entra passkeys**, creating a direct path...

Microsoft Azure CLI password-spray campaign using ROPC

Campaign
H score24 First: 01.07.2026 08:46 Last: 01.07.2026 08:46 Sources 1

About this happening: A **massive automated password-spray campaign** against **Microsoft Azure CLI** compromised **at least 78 accounts** across **64 organizations**, expanding access risk across clou...

Enterprise browser users face a rising shadow AI, credential abuse, and browser-native attack trend

Trend
H score22 First: 05.06.2026 17:00 Last: 05.06.2026 17:00 Sources 1

About this happening: **Enterprise users** are showing a sharp rise in **shadow AI**, **credential abuse**, and **browser-native attack exposure**, increasing risk at the browser layer. The trend matte...

CypherLoc phishing-led browser scareware campaign

Campaign
H score49 First: 20.05.2026 13:00 Last: 20.05.2026 13:00 Sources 1

About this happening: The **CypherLoc** operation has driven **around 2.8 million attacks** since the start of **2026**, using **phishing emails** to send users to malicious pages that lock browsers an...

Storm-2949 Microsoft 365 and Azure data-theft campaign

Campaign
H score33 First: 19.05.2026 22:35 Last: 19.05.2026 22:35 Sources 1

About this happening: The **Storm-2949** campaign is targeting **Microsoft 365 and Azure production environments** to steal sensitive data, increasing the risk of privileged-account takeover and cloud...

Timeline

  1. 15.01.2026 02:00 2 articles · 5mo ago

    eSentire reports 389% rise in account compromise

    Initial Disclosure

    eSentire's 2025 Year in Review & 2026 Threat Landscape Outlook Report says account compromise rose 389% year over year in 2025, making up 55% of all attacks observed by the cybersecurity firm and 75% of the malicious activity tracked by its Threat Response Unit. The report says credential theft drove most of the activity, Microsoft 365 accounts were prime targets, and phishing-as-a-service kits such as Tycoon2FA, FlowerStorm and EvilProxy enabled account takeovers and business email compromise across sectors including real estate, finance, retail and construction.

    Show sources