Storm-2657 exploits phishing and weak MFA to hijack HR SaaS accounts and redirect payroll funds.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

Microsoft's Threat Intelligence team has identified Storm-2657, a threat actor targeting U.S. organizations, particularly universities, to hijack employee accounts and redirect salary payments. The attackers use phishing emails with adversary-in-the-middle techniques to harvest credentials and MFA codes, gaining access to HR SaaS platforms like Workday through single sign-on. They modify payment information, create inbox rules to hide notifications, and enroll their own devices for persistent access. Since March 2025, 11 accounts at three universities were compromised and used to send phishing emails to nearly 6,000 accounts across 25 universities. Microsoft recommends implementing passwordless, phishing-resistant MFA methods like FIDO2 security keys and monitoring for suspicious account activity.

Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries