Skip to content
The Nexus
DossierENTITY

Phishing-as-a-service

Coverage of Phishing-as-a-service in the Nexus archive.

Earliest in view: Feb 20 · 20:00 UTCMost recent: Jun 14 · 14:36 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 14 · 14:36 UTCBLEEPING COMPUTER
    FBI disrupts massive AI-powered phishing service using a million URLs

    The FBI, in collaboration with Google and Black Lotus Labs, dismantled a Chinese phishing-as-a-service operation called Outsider Enterprise, which used AI-powered phishing websites to steal credit card data and passwords. The operation involved thousands of phishing websites and a million URLs.

  • SECURITYMay 22 · 20:41 UTCCYBERSCOOP
    FBI warns about fast-growing phishing kit targeting Microsoft 365 users

    The FBI warns about Kali365, a phishing-as-a-service platform targeting Microsoft 365 users by bypassing multi-factor authentication through OAuth device code phishing. The tool enables cybercriminals to steal access tokens, leading to data theft, ransomware, and other attacks. Researchers note its rapid growth, AI-driven tactics, and low barriers for less-technical attackers.

  • SECURITYFeb 20 · 20:00 UTCKREBS ON SECURITY
    ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

    Starkiller is a new phishing service that dynamically loads real login pages and forwards user credentials to attackers, offering real-time session monitoring and account takeover capabilities.