Interesting report on threat actor using XSS to phish Group-IB employess (via @simontsui) :
https://www.group-ib.com/blog/resumelooters/
At first glance these appear to be stored XSS attacks, so not relevant to xss-reflections.