Workday
-
Microsoft: Storm-2657 Used Phishing to Redirect University Payrolls via Workday Accounts
Microsoft said a gang known as Storm-2657 has used phishing and adversary-in-the-middle links to steal MFA and compromise university Workday-linked accounts since March 2025, altering payroll configurations to redirect salary payments and spreading further phishing inside and across campuses.
-
Workday says data breach tied to Salesforce-related social engineering campaign, broader breach wave observed
Workday disclosed a data breach after attackers gained access to a third-party CRM platform via a social engineering campaign. While customer tenants were not affected, some business contact information was exposed. The incident appears linked to a broader Salesforce data-theft campaign attributed to the ShinyHunters group, with Workday noting the discovery on August 6.
