GitHub Trends
Project Radar
- Dual-use project0xDanielLopez/phishing_kitsRepo · 267 stars
- Dual-use projectphishdestroy/destroylistHTML · 999 stars
- Dual-use project0xDanielLopez/TweetFeedRepo · 655 stars
Issue DeskLatest update May 6, 202633 live stories
Independent Editorial Desk
Red Team · Blue Team · Dual-Use Research
PhishPond tracks campaign evolution, adversary tradecraft, detection engineering patterns, and practical mitigation lessons across email, identity, and browser-centric attack surfaces.
Red Team Lens
Campaign tradecraft, lure mechanics, infrastructure abuse, identity pressure, and adversary workflows worth modeling.
12 red-team readsBlue Team Lens
Detection engineering, user reporting, authentication controls, and response playbooks security teams can operationalize.
21 blue-team readsGitHub Trends
New Today
Lead Story
The phishing lesson is that attackers do not always need a fresh credential when a trusted app token already has delegated access.
Persistent OAuth grants let third-party apps keep operating after the original login, password reset, or employee lifecycle event has faded from view.
Read more:The Hacker NewsMicrosoft Learn
Live Collection
Finance workflows remain exposed when trust signals come from compromised inboxes.
Read more:The Hacker News
Trusted suppliers and developer channels can carry phishing risk past normal filters.
Read more:The Hacker News
Identity and session abuse can turn a single successful lure into account takeover.
Read more:The Hacker News
Mailbox and payment workflow abuse creates business risk without malware.
Read more:Microsoft Security Blog
Identity and session abuse can turn a single successful lure into account takeover.
Read more:BleepingComputer
Exposing phishing kits seen from phishunt.io 267 stars.
Open project:GitHub
#malware#osint#phishing#phishing-attacks
Real-time phishing & scam domain blocklist — 130k+ curated threats, 888K+ community, free API, multiple formats Primary language: HTML. 999 stars.
Open project:GitHub
#anti-phishing#blacklist#blocklist#crypto-scam
TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Here you will find malicious URLs, domains, IPs, and SHA256/MD5 hashes. 655 stars.
Open project:GitHub
#blueteam#malware#malware-detection#malware-research
Aggregation of lists of malicious domains (phishing) that can be integrated into FortiGate firewalls and other products. Primary language: DIGITAL Command Language. 96 stars.
Open project:GitHub
#blocklist#blocklists#domains-blacklist#domains-list
Aggregation of lists of malicious IP addresses (C2, malware, phishing), to be blocked in the LAN > WAN direction, integrated into firewalls: FortiGate, Palo Alto, pfSense, IPtables 26 stars.
Open project:GitHub
#blocklist#blocklists#c2#firewall
Reader Map
Fast-turn reporting from tracked security sources.
Editorial coverage for threat trends workflows.
Editorial coverage for campaign analysis workflows.
Editorial coverage for email security workflows.
Editorial coverage for tooling & detection workflows.
Longer analysis tied to practical defender outcomes.
Search Tool
Search article titles, authors, tags, and body text across the PhishPond archive.
Showing 2 matching stories.Clear search
Field Analysis
Device code phishing turns a legitimate OAuth flow into a credential-free token theft technique. Here is how it runs end-to-end and what defenders can hunt on in Sentinel and Defender XDR.
Read more:Microsoft Security BlogIETF
Field Analysis
Most M365 phishing incidents are decided in the first hour. This walkthrough lays out a 60-minute response chain from user report to refresh-token revocation and consent reversal.