Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Jinkusu-Starkiller ecosystem shift changes threat-actor operations

Threat Actor Meta
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

Jinkusu is marketing Starkiller as a phishing-as-a-service platform that proxies live login pages to bypass MFA and capture session tokens. The service lets customers pick a brand to impersonate or enter a real URL, turning brand spoofing into a managed workflow. Its AitM reverse proxy design keeps pages current and reduces the need for custom templates, which makes detection harder. The result is a lower barrier for account takeover and session hijacking at scale.

Related Happenings

Infostealer malware operation targeting online store users

Malware Activity
First: 21.05.2026 00:36 Last: 21.05.2026 00:36 Sources 1

About this happening: A **malware operation** using **infostealer** tools infected users’ devices between **2024 and 2025**, stealing browser sessions and account credentials that enabled account theft...

Open Happening

Vercel v0.dev phishing campaign using GenAI-built lure pages

Campaign
First: 07.05.2026 11:30 Last: 07.05.2026 11:30 Sources 1

About this happening: A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...

Open Happening

W3LL Microsoft 365 adversary-in-the-middle phishing campaign

Campaign
First: 13.04.2026 21:55 Last: 13.04.2026 21:55 Sources 1

About this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...

Open Happening

Storm-2755 payroll pirate campaign targeting Canadian employees

Campaign
First: 10.04.2026 14:56 Last: 10.04.2026 14:56 Sources 1

About this happening: The **Storm-2755** campaign is stealing **Canadian employees' salary payments** by hijacking accounts through **Microsoft 365** phishing pages, creating immediate payroll-diversio...

Open Happening

Microsoft AiTM payroll pirate attack mitigation

Advisory/Mitigation
First: 10.04.2026 14:56 Last: 10.04.2026 14:56 Sources 1

About this happening: **Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...

Open Happening

Timeline

  1. 03.03.2026 13:10 2 articles · 2mo ago

    Starkiller phishing-as-a-service disclosure

    Initial Disclosure

    Jinkusu markets Starkiller as a phishing-as-a-service platform that uses a headless Chrome instance inside a Docker container to load a brand's real website, act as a reverse proxy, and capture keystrokes, form submissions, and session tokens. Customers can choose a brand to impersonate or enter a real URL, while the control panel centralizes infrastructure management, phishing page deployment, session monitoring, and URL masking.

    Show sources
    Open in new tab