GitHub Trends
Project Radar
- Dual-use project0xDanielLopez/TweetFeedRepo · 655 stars
- Blue team toolsjhgvr/oisdRepo · 202 stars
- Dual-use projectWhoisFreaks/daily-expired-and-dropped-domainsRepo · 6 stars
Issue DeskLatest update May 6, 202633 live stories
Independent Editorial Desk
Red Team · Blue Team · Dual-Use Research
PhishPond tracks campaign evolution, adversary tradecraft, detection engineering patterns, and practical mitigation lessons across email, identity, and browser-centric attack surfaces.
Red Team Lens
Campaign tradecraft, lure mechanics, infrastructure abuse, identity pressure, and adversary workflows worth modeling.
12 red-team readsBlue Team Lens
Detection engineering, user reporting, authentication controls, and response playbooks security teams can operationalize.
21 blue-team readsGitHub Trends
New Today
Lead Story
The phishing lesson is that attackers do not always need a fresh credential when a trusted app token already has delegated access.
Persistent OAuth grants let third-party apps keep operating after the original login, password reset, or employee lifecycle event has faded from view.
Read more:The Hacker NewsMicrosoft Learn
Live Collection
Finance workflows remain exposed when trust signals come from compromised inboxes.
Read more:The Hacker News
Trusted suppliers and developer channels can carry phishing risk past normal filters.
Read more:The Hacker News
Identity and session abuse can turn a single successful lure into account takeover.
Read more:The Hacker News
Mailbox and payment workflow abuse creates business risk without malware.
Read more:Microsoft Security Blog
Identity and session abuse can turn a single successful lure into account takeover.
Read more:BleepingComputer
TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Here you will find malicious URLs, domains, IPs, and SHA256/MD5 hashes. 655 stars.
Open project:GitHub
#blueteam#malware#malware-detection#malware-research
oisd blocklist 202 stars.
Open project:GitHub
#adblocking#adblocking-dns#adblocking-list#adblocklist
A public, research-focused dataset of expired, and recently dropped domains curated for cybersecurity analysis, brand monitoring, threat intelligence, and market research. 6 stars.
Open project:GitHub
#daily-dropped-domains#daily-expired-domains#domain-intelligence#drop-lists
Real-time phishing & scam domain blocklist — 130k+ curated threats, 888K+ community, free API, multiple formats Primary language: HTML. 999 stars.
Open project:GitHub
#anti-phishing#blacklist#blocklist#crypto-scam
🐟 PhishTank Blocklist for Pi-hole Primary language: Shell. 13 stars.
Open project:GitHub
#blocklist#hosts#phishing#pihole
Reader Map
Fast-turn reporting from tracked security sources.
Editorial coverage for threat trends workflows.
Editorial coverage for campaign analysis workflows.
Editorial coverage for email security workflows.
Editorial coverage for tooling & detection workflows.
Longer analysis tied to practical defender outcomes.
Search Tool
Search article titles, authors, tags, and body text across the PhishPond archive.
Showing 11 matching stories.Clear search
Field Analysis
Recent campaigns using SimpleHelp and ScreenConnect show how phishing can skip credential theft and move straight to persistent endpoint control.
Read more:The Hacker NewsDark Reading
Field Analysis
Storm-1747 sells Tycoon 2FA - one of the most prolific reverse-proxy phishing kits in current circulation. This brief is what a defender team needs to know about the operator class.
Read more:Microsoft Threat IntelligenceSekoia
Field Analysis
Device code phishing turns a legitimate OAuth flow into a credential-free token theft technique. Here is how it runs end-to-end and what defenders can hunt on in Sentinel and Defender XDR.
Read more:Microsoft Security BlogIETF
Field Analysis
AitM kits proxy a real identity provider page, so brand and URL checks fail. The detectable artifacts live one layer down - in TLS handshake fingerprints, in the cookies the proxy must rewrite, and in the small page-side tells that betray the relay.
Read more:SekoiaMicrosoft Threat Intelligence
Field Analysis
SVG attachments became one of 2024 and 2025's fastest-growing phishing payload formats. The reason isn't novelty - it is that SVG sits in a parsing gap most secure email gateways inherit.
Read more:Sophos NewsCisco Talos
Field Analysis
New phishing kits are pivoting from simple password theft to real-time token capture and replay workflows targeting modern MFA deployments.
Read more:The Hacker NewsThe Hacker News
Field Analysis
Storm-1811 chained voice phishing, Microsoft Teams external chats, and Quick Assist into a remote-control persistence path that ended in Black Basta deployments. Here is the chain step by step.
Read more:Microsoft Threat IntelligenceRapid7
Field Analysis
What started as a niche fake-CAPTCHA gimmick became one of 2026's most common stage-one execution pivots. This is what defenders are seeing in telemetry and what the response patterns look like.
Read more:Microsoft Threat IntelligenceProofpoint
Field Analysis
QR-based payload delivery continues to evade static scanning workflows and pushes users toward unmanaged mobile browsing paths.
Read more:Microsoft Security Blog