Today we’re hitting on phishing‑as‑a‑service, critical infrastructure exploits, and the growing risk from dev/AI‑secret leakage.
🎣 1. Lighthouse Phishing‑as‑a‑Service Operation
It’s a massive SMS/text‑phishing kit being turnkey‑sold to criminals, enabling fake sites, brand mimicry, and large‑scale credential harvests.
Why it matters: Easy access to phishing tools means attackers scale faster — your users might be the target of a template campaign next.
🧱 2. Amazon Uncovers Exploits in Cisco Identity Services Engine & Citrix NetScaler ADC
Amazon’s threat intel team discovered attacks leveraging zero‑day flaws in major network/identity controllers.
Why it matters: If your identity infra or network edge is compromised — all controls can be bypassed. Lead with identity assumption of breach.
🛠️ 3. Dev/AI Ecosystem Secret Leaks
Top AI and dev firms are leaking keys, tokens and secrets on GitHub and similar dev repos — major exposure.
Why it matters: Dev environments and AI toolchains are now prime attack surfaces. Even advanced firms are stumbling on basic hygiene.
🔍 Summary
Theme: The attack surface keeps shifting — phishing becomes service‑based, infrastructure is openly exploited, dev/AI pipelines leak secrets.
Takeaway: Defences must consider: tools criminals buy, infra criminals attack, and secrets we leak.
Action for you: Pick one: phishing template monitoring, identity/edge exploit readiness, or dev‑secret hygiene. Make it your week’s focus.