GitHub Trends
Project Radar
- Dual-use project0xDanielLopez/TweetFeedRepo · 655 stars
- Blue team toolsjhgvr/oisdRepo · 202 stars
- Dual-use projectWhoisFreaks/daily-expired-and-dropped-domainsRepo · 6 stars
Issue DeskLatest update May 6, 202633 live stories
Independent Editorial Desk
Red Team · Blue Team · Dual-Use Research
PhishPond tracks campaign evolution, adversary tradecraft, detection engineering patterns, and practical mitigation lessons across email, identity, and browser-centric attack surfaces.
Red Team Lens
Campaign tradecraft, lure mechanics, infrastructure abuse, identity pressure, and adversary workflows worth modeling.
12 red-team readsBlue Team Lens
Detection engineering, user reporting, authentication controls, and response playbooks security teams can operationalize.
21 blue-team readsGitHub Trends
New Today
Lead Story
The phishing lesson is that attackers do not always need a fresh credential when a trusted app token already has delegated access.
Persistent OAuth grants let third-party apps keep operating after the original login, password reset, or employee lifecycle event has faded from view.
Read more:The Hacker NewsMicrosoft Learn
Live Collection
Finance workflows remain exposed when trust signals come from compromised inboxes.
Read more:The Hacker News
Trusted suppliers and developer channels can carry phishing risk past normal filters.
Read more:The Hacker News
Identity and session abuse can turn a single successful lure into account takeover.
Read more:The Hacker News
Mailbox and payment workflow abuse creates business risk without malware.
Read more:Microsoft Security Blog
Identity and session abuse can turn a single successful lure into account takeover.
Read more:BleepingComputer
TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Here you will find malicious URLs, domains, IPs, and SHA256/MD5 hashes. 655 stars.
Open project:GitHub
#blueteam#malware#malware-detection#malware-research
oisd blocklist 202 stars.
Open project:GitHub
#adblocking#adblocking-dns#adblocking-list#adblocklist
A public, research-focused dataset of expired, and recently dropped domains curated for cybersecurity analysis, brand monitoring, threat intelligence, and market research. 6 stars.
Open project:GitHub
#daily-dropped-domains#daily-expired-domains#domain-intelligence#drop-lists
Real-time phishing & scam domain blocklist — 130k+ curated threats, 888K+ community, free API, multiple formats Primary language: HTML. 999 stars.
Open project:GitHub
#anti-phishing#blacklist#blocklist#crypto-scam
🐟 PhishTank Blocklist for Pi-hole Primary language: Shell. 13 stars.
Open project:GitHub
#blocklist#hosts#phishing#pihole
Reader Map
Fast-turn reporting from tracked security sources.
Editorial coverage for threat trends workflows.
Editorial coverage for campaign analysis workflows.
Editorial coverage for email security workflows.
Editorial coverage for tooling & detection workflows.
Longer analysis tied to practical defender outcomes.
Search Tool
Search article titles, authors, tags, and body text across the PhishPond archive.
Showing 2 matching stories.Clear search
Field Analysis
Restricting new consent is only half the work. Existing app grants need review, ownership, and a path to removal when risk changes.
Read more:Microsoft LearnMicrosoft Learn
Field Analysis
OAuth app grants accumulate over time, and stale consent can become a hidden access path when vendors, users, or integrations are later compromised.
Read more:Microsoft LearnThe Hacker News