BrianKrebs
@briankrebs@infosec.exchange
Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09. Signal: briankrebs.07 krebsonsecurity @ gmail .com Linkedin: https://www. linkedin.com/in/bkrebs
infosec.exchange
BrianKrebs
@briankrebs@infosec.exchange
Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09. Signal: briankrebs.07 krebsonsecurity @ gmail .com Linkedin: https://www. linkedin.com/in/bkrebs
infosec.exchange
@briankrebs@infosec.exchange
·
Feb 23, 2026
A slick new phishing-as-a-service offering demonstrates just how easily a username+password and a one-time token can be phished. Dubbed "Starkiller," the service uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the victim and the legitimate site -- forwarding the victim's username, password and multi-factor authentication code to the legitimate site and returning its responses.
https://krebsonsecurity.com/2026/02/starkiller-phishing-service-proxies-real-login-pages-mfa/
#phishing #MFA #starkiller
View on infosec.exchange
103
0
116