Find notable cyber news and cases, enriched with sources, timelines, and signals.

Bluekit alliance reshapes ransomware ecosystem operations

Threat Actor Meta
First reported
Last updated
Happening score
H score 25
1 unique sources, 2 articles

Summary

Hide ▲

Bluekit's AI-assisted phishing kit has expanded into an all-in-one service, lowering the barrier for cybercriminal operators and signaling a more industrialized phishing market. It bundles 40+ templates for major email, cloud, developer, and crypto services, including Outlook, Gmail, iCloud, GitHub, and Ledger. The platform's AI Assistant panel supports models such as Llama, GPT-4.1, Claude, Gemini, and DeepSeek to help generate campaign drafts.

Related Happenings

Bluekit adopts rrweb-based BitM session streaming for login theft

Technical Analysis
H score34 First: 25.06.2026 18:00 Last: 25.06.2026 18:00 Sources 1

How related: A new report from digital risk protection company Netcraft warns that Bluekit has switched from adversary-in-the-middle to a BitM mechanism that uses the open-source JavaScript library ‘rrweb’ to serialize the page’s DOM and stream it over a WebSocket connection to the victim.

About this happening: **Bluekit** has added **browser-in-the-middle (BitM)** login theft to its phishing stack, increasing the risk of **session-token theft** and **account takeover**. The mechanism us...

Sniper Dz free PhaaS ecosystem rebranded to scale phishing operations

Threat Actor Meta
H score43 First: 12.06.2026 11:52 Last: 12.06.2026 11:52 Sources 1

About this happening: A long-running **Sniper Dz** ecosystem operated as a **free phishing-as-a-service (PhaaS)** platform that repeatedly rebranded, lowering the barrier for large-scale credential the...

Latest development: 15.06.2026 09:30

Fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations targeted users across the Middle East and North Africa with fake offers for free mobile internet packages, financial compensation, and government subsidy programs, then routed victims through Linkbio and Linktree decoy pages into Sniper Dz phishing and traffic monetization infrastructure that abuses browser notification permissions, back-button hijacking, tab-under redirections, premium SMS subscriptions, premium-rate calls, and investment scams.

Willow raises $7M seed round for AI agent IAM platform

Industry Action
H score10 First: 04.06.2026 17:22 Last: 04.06.2026 17:22 Sources 1

About this happening: **Willow** emerged from stealth with **$7 million in seed funding**, giving the startup new capital to scale an **identity and access platform** for enterprise AI agents. The comp...

GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations

Campaign
H score39 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...

ATHR productized automated vishing platform for credential theft

Threat Actor Meta
H score39 First: 16.04.2026 17:09 Last: 16.04.2026 17:09 Sources 1

About this happening: ATHR is turning **automated vishing** into a **productized underground service**, lowering the barrier for credential theft across **Google**, **Microsoft**, **Coinbase**, and oth...

Timeline

  1. 25.06.2026 18:00 1 articles · 14d ago

    Bluekit adds BitM login theft and nearly 70 hostnames

    Campaign Scope Update

    Bluekit phishing-as-a-service added browser-in-the-middle (BitM) login theft and nearly 70 new hostnames over the past week. Netcraft said the kit now uses the open-source JavaScript library rrweb to serialize the page DOM and stream it over a WebSocket connection, while the live 5-second monitoring system and victim qualification checks remain in use.

    Show sources
  2. 30.04.2026 21:58 2 articles · 2mo ago

    Bluekit phishing kit debuts with AI-assisted campaign drafting

    Initial Disclosure

    Bluekit emerges as a phishing kit offering more than 40 templates for Outlook, Hotmail, Gmail, Yahoo, ProtonMail, iCloud, GitHub, Ledger, and other services, alongside an AI Assistant panel that supports Llama, GPT-4.1, Claude, Gemini, and DeepSeek to help draft phishing emails and campaign skeletons. The platform also bundles domain purchase and registration, phishing page setup, campaign management, anti-analysis controls, real-time session monitoring, and Telegram-based exfiltration, while Varonis found placeholder content in the limited AI output and described the system as under active development.

    Show sources