Find notable cyber news and cases, enriched with sources, timelines, and signals.

Jinkusu-Starkiller ecosystem shift changes threat-actor operations

Threat Actor Meta
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

Jinkusu is marketing Starkiller as a phishing-as-a-service platform that proxies live login pages to bypass MFA and capture session tokens. The service lets customers pick a brand to impersonate or enter a real URL, turning brand spoofing into a managed workflow. Its AitM reverse proxy design keeps pages current and reduces the need for custom templates, which makes detection harder. The result is a lower barrier for account takeover and session hijacking at scale.

Related Happenings

Bluekit adopts rrweb-based BitM session streaming for login theft

Technical Analysis
H score34 First: 25.06.2026 18:00 Last: 25.06.2026 18:00 Sources 1

About this happening: **Bluekit** has added **browser-in-the-middle (BitM)** login theft to its phishing stack, increasing the risk of **session-token theft** and **account takeover**. The mechanism us...

OpenAI ChatGPT renderer Markdown link/image phishing security flaw

Vulnerability
H score16 First: 29.05.2026 21:07 Last: 29.05.2026 21:07 Sources 1

About this happening: **ChatGPT** has a **response-renderer vulnerability** that turns summarized third-party pages into **live phishing links** and auto-fetched **attacker-hosted images** inside the t...

Infostealer malware operation targeting online store users

Malware Activity
H score32 First: 21.05.2026 00:36 Last: 21.05.2026 00:36 Sources 1

About this happening: A **malware operation** using **infostealer** tools infected users’ devices between **2024 and 2025**, stealing browser sessions and account credentials that enabled account theft...

Vercel v0.dev phishing campaign using GenAI-built lure pages

Campaign
H score29 First: 07.05.2026 11:30 Last: 07.05.2026 11:30 Sources 1

About this happening: A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...

W3LL Microsoft 365 adversary-in-the-middle phishing campaign

Campaign
H score39 First: 13.04.2026 21:55 Last: 13.04.2026 21:55 Sources 1

About this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...

Timeline

  1. 03.03.2026 13:10 2 articles · 4mo ago

    Starkiller phishing-as-a-service disclosure

    Initial Disclosure

    Jinkusu markets Starkiller as a phishing-as-a-service platform that uses a headless Chrome instance inside a Docker container to load a brand's real website, act as a reverse proxy, and capture keystrokes, form submissions, and session tokens. Customers can choose a brand to impersonate or enter a real URL, while the control panel centralizes infrastructure management, phishing page deployment, session monitoring, and URL masking.

    Show sources