GitHub Trends
Project Radar
- Dual-use project0xDanielLopez/TweetFeedRepo · 655 stars
- Blue team toolsjhgvr/oisdRepo · 202 stars
- Dual-use projectWhoisFreaks/daily-expired-and-dropped-domainsRepo · 6 stars
Issue DeskLatest update May 6, 202633 live stories
Independent Editorial Desk
Red Team · Blue Team · Dual-Use Research
PhishPond tracks campaign evolution, adversary tradecraft, detection engineering patterns, and practical mitigation lessons across email, identity, and browser-centric attack surfaces.
Red Team Lens
Campaign tradecraft, lure mechanics, infrastructure abuse, identity pressure, and adversary workflows worth modeling.
12 red-team readsBlue Team Lens
Detection engineering, user reporting, authentication controls, and response playbooks security teams can operationalize.
21 blue-team readsGitHub Trends
New Today
Lead Story
The phishing lesson is that attackers do not always need a fresh credential when a trusted app token already has delegated access.
Persistent OAuth grants let third-party apps keep operating after the original login, password reset, or employee lifecycle event has faded from view.
Read more:The Hacker NewsMicrosoft Learn
Live Collection
Finance workflows remain exposed when trust signals come from compromised inboxes.
Read more:The Hacker News
Trusted suppliers and developer channels can carry phishing risk past normal filters.
Read more:The Hacker News
Identity and session abuse can turn a single successful lure into account takeover.
Read more:The Hacker News
Mailbox and payment workflow abuse creates business risk without malware.
Read more:Microsoft Security Blog
Identity and session abuse can turn a single successful lure into account takeover.
Read more:BleepingComputer
TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Here you will find malicious URLs, domains, IPs, and SHA256/MD5 hashes. 655 stars.
Open project:GitHub
#blueteam#malware#malware-detection#malware-research
oisd blocklist 202 stars.
Open project:GitHub
#adblocking#adblocking-dns#adblocking-list#adblocklist
A public, research-focused dataset of expired, and recently dropped domains curated for cybersecurity analysis, brand monitoring, threat intelligence, and market research. 6 stars.
Open project:GitHub
#daily-dropped-domains#daily-expired-domains#domain-intelligence#drop-lists
Real-time phishing & scam domain blocklist — 130k+ curated threats, 888K+ community, free API, multiple formats Primary language: HTML. 999 stars.
Open project:GitHub
#anti-phishing#blacklist#blocklist#crypto-scam
🐟 PhishTank Blocklist for Pi-hole Primary language: Shell. 13 stars.
Open project:GitHub
#blocklist#hosts#phishing#pihole
Reader Map
Fast-turn reporting from tracked security sources.
Editorial coverage for threat trends workflows.
Editorial coverage for campaign analysis workflows.
Editorial coverage for email security workflows.
Editorial coverage for tooling & detection workflows.
Longer analysis tied to practical defender outcomes.
Search Tool
Search article titles, authors, tags, and body text across the PhishPond archive.
Showing 6 matching stories.Clear search
Field Analysis
Actor reporting on Octo Tempest and Scattered Spider shows how phishing, help desk social engineering, MFA reset abuse, and remote access tooling combine into identity-first intrusion chains.
Read more:CISAMicrosoft Security Blog
Field Analysis
Recent campaigns using SimpleHelp and ScreenConnect show how phishing can skip credential theft and move straight to persistent endpoint control.
Read more:The Hacker NewsDark Reading
Field Analysis
Device code phishing turns a legitimate OAuth flow into a credential-free token theft technique. Here is how it runs end-to-end and what defenders can hunt on in Sentinel and Defender XDR.
Read more:Microsoft Security BlogIETF
Field Analysis
Enterprise identity teams are treating phishing-resistant authentication as an operating control, not a future-state roadmap item.
Read more:BleepingComputerBleepingComputer
Field Analysis
Attackers are blending push prompts, urgent collaboration lures, and identity fatigue to move users from suspicion to accidental approval.
Read more:The Hacker NewsThe Hacker News
Field Analysis
Storm-1811 chained voice phishing, Microsoft Teams external chats, and Quick Assist into a remote-control persistence path that ended in Black Basta deployments. Here is the chain step by step.
Read more:Microsoft Threat IntelligenceRapid7