Find notable cyber news and cases, enriched with sources, timelines, and signals.

BlackForce, GhostFrame, InboxPrime AI, and Spiderman phishing kits scaling credential theft

Malware Activity
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

BlackForce, GhostFrame, InboxPrime AI, and Spiderman are newly documented phishing kits that expand credential theft at scale and make it easier to bypass MFA, impersonate brands, and target banking and email logins. BlackForce adds MitB-based OTP capture and MFA bypass, while GhostFrame hides phishing content behind an iframe delivery chain. InboxPrime AI automates mass mailing with AI-generated lures, and Spiderman clones European bank login pages and session-theft workflows for financial fraud.

Related Happenings

Indirect prompt-injection web campaigns targeting AI agents

Campaign
H score37 First: 06.07.2026 18:00 Last: 06.07.2026 18:00 Sources 1

About this happening: **Two real-world campaigns** are using **indirect prompt injection** and **SEO poisoning** to steer **AI agents** into fraudulent actions and false legitimacy judgments. The lures...

Phantom squatting AI-hallucinated domain phishing campaign

Campaign
H score35 First: 01.07.2026 10:20 Last: 01.07.2026 10:20 Sources 1

About this happening: A **phantom squatting** campaign is turning **AI-hallucinated domains** into live phishing and malware lures, putting **AI-referred traffic** at immediate risk. Attackers are regi...

Hotel and hospitality photo-ZIP phishing campaign

Campaign
H score40 First: 26.06.2026 12:27 Last: 26.06.2026 12:27 Sources 1

About this happening: An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...

OpenAI ChatGPT renderer Markdown link/image phishing security flaw

Vulnerability
H score16 First: 29.05.2026 21:07 Last: 29.05.2026 21:07 Sources 1

About this happening: **ChatGPT** has a **response-renderer vulnerability** that turns summarized third-party pages into **live phishing links** and auto-fetched **attacker-hosted images** inside the t...

FBI public service announcement on fake FIFA websites

Public Sector Action
H score21 First: 28.05.2026 22:08 Last: 28.05.2026 22:08 Sources 1

About this happening: The **FBI** and security researchers warn that **FIFA-themed fraud** is already targeting **World Cup 2026** fans ahead of the **June 11 kickoff**. Reported activity includes **mo...

Timeline

  1. 12.12.2025 16:04 2 articles · 6mo ago

    BlackForce, GhostFrame, InboxPrime AI, and Spiderman documented

    Initial Disclosure

    Cybersecurity researchers documented BlackForce, GhostFrame, InboxPrime AI, and Spiderman as phishing kits that facilitate credential theft at scale. BlackForce uses Man-in-the-Browser (MitB) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA), GhostFrame hides phishing login content behind an embedded iframe to steal Microsoft 365 and Google credentials, InboxPrime AI automates mass mailing with AI-generated lures and Gmail web interface evasion, and Spiderman replicates European banking login pages while managing stolen session data in real time.

    Show sources