Key Findings Large-scale credential theft campaign targeted over 35,000 users across 26 countries between April 14-16, 2026 92% of targets were located in the U.S. across 13,000 organizations Healthcare and life sciences (19%), financial services (18%), professional services (11%), and technology sectors (11%) were primary targets Attackers used legitimate email delivery services to distribute phishing messages disguised as internal code of conduct reviews Campaign employed..