GitHub Trends
Project Radar
- Dual-use project0xDanielLopez/TweetFeedRepo · 655 stars
- Blue team toolsjhgvr/oisdRepo · 202 stars
- Dual-use projectWhoisFreaks/daily-expired-and-dropped-domainsRepo · 6 stars
Issue DeskLatest update May 6, 202633 live stories
Independent Editorial Desk
Red Team · Blue Team · Dual-Use Research
PhishPond tracks campaign evolution, adversary tradecraft, detection engineering patterns, and practical mitigation lessons across email, identity, and browser-centric attack surfaces.
Red Team Lens
Campaign tradecraft, lure mechanics, infrastructure abuse, identity pressure, and adversary workflows worth modeling.
12 red-team readsBlue Team Lens
Detection engineering, user reporting, authentication controls, and response playbooks security teams can operationalize.
21 blue-team readsGitHub Trends
New Today
Lead Story
The phishing lesson is that attackers do not always need a fresh credential when a trusted app token already has delegated access.
Persistent OAuth grants let third-party apps keep operating after the original login, password reset, or employee lifecycle event has faded from view.
Read more:The Hacker NewsMicrosoft Learn
Live Collection
Finance workflows remain exposed when trust signals come from compromised inboxes.
Read more:The Hacker News
Trusted suppliers and developer channels can carry phishing risk past normal filters.
Read more:The Hacker News
Identity and session abuse can turn a single successful lure into account takeover.
Read more:The Hacker News
Mailbox and payment workflow abuse creates business risk without malware.
Read more:Microsoft Security Blog
Identity and session abuse can turn a single successful lure into account takeover.
Read more:BleepingComputer
TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Here you will find malicious URLs, domains, IPs, and SHA256/MD5 hashes. 655 stars.
Open project:GitHub
#blueteam#malware#malware-detection#malware-research
oisd blocklist 202 stars.
Open project:GitHub
#adblocking#adblocking-dns#adblocking-list#adblocklist
A public, research-focused dataset of expired, and recently dropped domains curated for cybersecurity analysis, brand monitoring, threat intelligence, and market research. 6 stars.
Open project:GitHub
#daily-dropped-domains#daily-expired-domains#domain-intelligence#drop-lists
Real-time phishing & scam domain blocklist — 130k+ curated threats, 888K+ community, free API, multiple formats Primary language: HTML. 999 stars.
Open project:GitHub
#anti-phishing#blacklist#blocklist#crypto-scam
🐟 PhishTank Blocklist for Pi-hole Primary language: Shell. 13 stars.
Open project:GitHub
#blocklist#hosts#phishing#pihole
Reader Map
Fast-turn reporting from tracked security sources.
Editorial coverage for threat trends workflows.
Editorial coverage for campaign analysis workflows.
Editorial coverage for email security workflows.
Editorial coverage for tooling & detection workflows.
Longer analysis tied to practical defender outcomes.
Search Tool
Search article titles, authors, tags, and body text across the PhishPond archive.
Showing 29 matching stories.Clear search
Field Analysis
Recent code-of-conduct phishing campaigns show how attackers blend HR pressure, PDF staging, CAPTCHA gates, and AiTM flows to steal session tokens.
Field Analysis
A static permission review cannot catch a trusted integration whose token is later stolen or whose behavior changes.
Read more:The Hacker NewsMicrosoft Learn
Field Analysis
Restricting new consent is only half the work. Existing app grants need review, ownership, and a path to removal when risk changes.
Read more:Microsoft LearnMicrosoft Learn
Field Analysis
Actor reporting on Octo Tempest and Scattered Spider shows how phishing, help desk social engineering, MFA reset abuse, and remote access tooling combine into identity-first intrusion chains.
Read more:CISAMicrosoft Security Blog
Field Analysis
Recent campaigns using SimpleHelp and ScreenConnect show how phishing can skip credential theft and move straight to persistent endpoint control.
Read more:The Hacker NewsDark Reading
Field Analysis
The Salesloft Drift incident showed how a trusted integration token can become an access path into customer SaaS data without a fresh user login.
Read more:The Hacker NewsThe Hacker News
Field Analysis
Abuse of legitimate email services such as Amazon SES shows why authentication pass results are not the same thing as sender trust.
Read more:BleepingComputerMicrosoft Security Blog
Field Analysis
Storm-1747 sells Tycoon 2FA - one of the most prolific reverse-proxy phishing kits in current circulation. This brief is what a defender team needs to know about the operator class.
Read more:Microsoft Threat IntelligenceSekoia
Field Analysis
Phishing-resistant authentication reduces token theft risk, but account recovery, device replacement, and exception handling can reintroduce phishable paths.
Read more:CISAMicrosoft Security Blog