Cybersecurity Today Spiderman and Cybersecurity.
Dec 12, 2025
Explore the intriguing Spider-Man phishing kit, which crafts convincing attacks on European banks and crypto users while harvesting credentials. Delve into the Gogs zero-day vulnerability allowing remote code execution on self-hosted Git servers. Discover the importance of timely patching, highlighted by recent fixes for PowerShell and a zero-click flaw in Google's Gemini. Gain insights on managing AI risks, encouraging user education, and ensuring secure environments for AI tools. Stay vigilant in the ever-evolving world of cybersecurity!
AI Snips
Chapters
Transcript
Episode notes
Phishing Kit Mimics Real Sites Perfectly
- Spider-Man phishing kit creates near-perfect copies of bank and crypto sites to harvest credentials and 2FA codes.
- The platform is modular and lets operators monitor sessions in real time and export captured data with one click.
Verify Domains And Treat Unexpected 2FA As A Red Flag
- Check the domain carefully before entering credentials and be suspicious of unexpected browser-in-browser prompts.
- Treat any unexpected 2FA prompt as a warning someone may be trying to take over your account.
Symlink Bypass Enables Gogs RCE
- A Gogs symlink bypass lets authenticated users overwrite files outside repositories to achieve remote code execution.
- Attackers can overwrite .git/config and abuse SSH command to execute arbitrary commands and take over servers.