SlashNext Blog
Phishing, social engineering, and modern threats.
Featured Article
Astaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and 3rd-Party Logins
Phishing attacks continue to evolve, pushing even the most secure authentication methods to their limits. First advertised on cybercrime networks in late January 2025, Astaroth is a brand new phishing kit that bypasses two-factor authentication (2FA) through session hijacking and real-time credential interception. Astaroth utilizes an evilginx-style reverse proxy to intercept and manipulate traffic between […]
Featured Article
10 Ways URL Analysis & Enrichment Can Help Ease Your SOC’s Challenges in 2020
On-demand phishing URL analysis solutions can help ease your SOC teams’ pain and challenges.
Blog Subscription
Astaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and 3rd-Party Logins
Phishing attacks continue to evolve, pushing even the most secure authentication methods to their limits. First advertised on cybercrime networks in late January 2025, Astaroth is a brand new phishing kit that bypasses two-fact…
Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns
Employees in most organizations receive countless communications daily—emails, Slack messages, or ticket updates, for example. Hidden among these routine interactions are phishing scams designed to exploit trust and compromise …
Is That Really ProtonMail? New Credential Harvesting Threats Targeting Cloud Apps
Imagine sipping your morning coffee, scrolling through your inbox, when a seemingly innocent ProtonMail message catches your eye. But this isn’t your typical email—it’s a credential-harvesting attempt targeting specific cloud s…
Inside a 90-Minute Attack: Breaking Ground with All-New AI Defeating Black Basta Tactics
Have you ever had your lunch interrupted by a sudden barrage of security alerts? That’s exactly what happened to one of our clients when a frantic call from their Security Operations Center revealed a flood of suspicious emails…

Meet PhishWP – The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps
One morning, you decide to make a purchase from a seemingly reputable online store. The website displays a familiar checkout interface resembling Stripe’s payment process. You enter your payment details, feeling confident…

Five Ways Spear Phishing Tactics are Evolving in 2025
What type of phishing became very effective around 2010 and still worries security teams today? Spear phishing. Spear phishing remains highly effective and is getting more dangerous by the day. What is spear phishing? What new…

Blov HTML Crypter: Phishing Evasion Through Encryption and Obfuscation
Cybercriminals are sharpening their phishing tactics with tools like Blov HTML Crypter — a utility that modifies HTML files to evade detection by security scanners. By employing techniques such as minification, encryption, and …

Government Agency Spoofing: DocuSign Attacks Exploit Government-Vendor Trust
The latest wave of DocuSign attacks has taken a concerning turn, specifically targeting businesses that regularly interact with state, municipal, and licensing authorities. Since November 8 through November 14, we have observed…

GoIssue – The Tool Behind Recent GitHub Phishing Attacks
We recently uncovered GoIssue, a tool marketed on a cybercrime forum that allows attackers to extract email addresses from GitHub profiles and send bulk emails directly to user inboxes. GoIssue signals a dangerous shift in targ…

New Anti-Bot Services on the Dark Web Help Phishing Pages Bypass Google’s Red Page
Novel anti-bot services are being advertised on the dark web, offering cybercriminals advanced tools to bypass Google’s protective ‘Red Page’ warnings in a concerning development for cybersecurity teams. These…

The Hidden Risks of URL Rewriting and the Superior Alternative for Email Security
URL rewriting, a service designed to neutralize malicious URLs by redirecting users to a safe environment, has been a common practice in email security. However, as cyberthreats evolve, it’s becoming clear that this appro…

Project Phantom: Revolutionary Zero-Trust Virtual Stealth Browser URL Analysis that’s Changing th...
In the ever-evolving landscape of cybersecurity, the cat-and-mouse game between defenders and attackers never ends. At SlashNext, we’ve been at the forefront of this battle, constantly innovating to stay ahead of sophisti…

It’s Time to Get Started with SlashNext
Learn how to leverage the industry’s best zero-hour phishing protection in your environment.
6701 Koll Center Parkway, Suite 250
Pleasanton CA 94566
800.930.8643
info@slashnext.com
© All Rights Reserved, SlashNext, Inc.