Phishing Kit
FBI disrupts massive AI-powered phishing service using a million URLs
In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. The cybercrime operation used AI and distributed phishing kits for campaigns impersonating various trusted brands in texts sent through […]
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. Despite an international law enforcement operation disrupting the Tycoon2FA phishing platform in March, the malicious operation was rebuilt on new infrastructure and quickly returned to regular activity levels. Earlier this month, Abnormal Security confirmed that Tycoon2FA had rebounded to normal operations and even […]
Hackers abuse Google ads for GoDaddy ManageWP login phishing
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy’s platform for managing fleets of WordPress websites. The threat actor is using an adversary-in-the-middle (AitM) approach where the fake login page acts as a real-time proxy between the victim and the legitimate ManageWP service. ManageWP is a centralized remote administration […]
New Bluekit phishing service includes an AI assistant, 40 templates
A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for generating campaign drafts. Available templates can be used to target email accounts (Outlook, Hotmail, Gmail, Yahoo, ProtonMail), cloud services (iCloud), developer platforms (GitHub), and cryptocurrency services (Ledger). What makes the kit stand out is the […]
New EvilTokens service fuels Microsoft device code phishing attacks
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks. The kit is sold to cybercriminals over Telegram and is under continuous development, its author stating that they plan to extend support for Gmail and Okta phishing pages. Device […]
Phishing campaign targets freight and logistics orgs in the US, Europe
A financially motivated threat group dubbed “Diesel Vortex” is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains. In a campaign that has been running since September 2025, the threat actor has stolen 1,649 unique credentials from platforms and service providers critical in the freight industry. Some of […]
Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts
The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. Originally a legitimate meeting scheduling tool for Outlook users, the module was developed by an independent publisher and has been on the Microsoft Office Add-in Store since December 2022. Office add-ins are just URLs pointing […]
Nigeria arrests dev of Microsoft 365 ‘Raccoon0365’ phishing platform
The Nigerian police arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing platform. The attacks led to business email compromise, data breaches, and financial losses affecting organizations worldwide. The law enforcement operation was possible thanks to intelligence from Microsoft, shared with the Nigeria Police Force National Cybercrime Centre (NPF–NCCC) via the FBI. The […]
New Spiderman phishing service targets dozens of European banks
A new phishing kit called Spiderman is targeting customers of numerous European banks and cryptocurrency services using pixel-perfect replicas of legitimate sites. The platform allows cybercriminals to launch phishing campaigns that can capture login credentials, two-factor authentication (2FA) codes, and credit card data. The Spiderman phishing kit, analyzed by researchers at Varonis, targets financial institutions in […]
Sneaky2FA PhaaS kit now uses redteamers’ Browser-in-the-Browser attack
The Sneaky2FA phishing-as-a-service (PhaaS) kit has added browser-in-the-browser (BitB) capabilities that are used in attacks to steal Microsoft credentials and active sessions. Sneaky2FA is a widely used PhaaS platform right now, alongside Tycoon2FA and Mamba2FA, all targeting primarily Microsoft 365 accounts. The kit was known for its SVG-based attacks and attacker-in-the-middle (AitM) tactics, where the authentication process is […]