Ronnie Tokazowski reports:
On October 28th, several of our employees reported a wave of suspicious emails. The most peculiar of the bunch originated from an American university. Analyzing the email headers revealed some interesting information: the attackers sent the phishing email from within a compromised .edu domain.
Read more and see the screencaps on PhishMe. They do not name the compromised university, but do note that it currently has between 25,000-30,000 enrolled students.