This page collects WhisperX intelligence signals tagged #phishing-as-a-service. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A new phishing-as-a-service platform named 'Starkiller' is enabling cybercriminals to bypass traditional detection methods by dynamically loading the *real* login pages of target brands and acting as a stealthy relay between victims and legitimate sites. Unlike static phishing kits, Starkiller uses cleverly disguised l...
Security researchers at Huntress have identified a highly automated Phishing-as-a-Service operation dubbed EvilTokens, which has successfully bypassed multi-factor authentication at scale by exploiting OAuth 2.0 device authorization flows. The campaign targeted at least 344 organizations over a 16-day window, represent...