https://jh.live/vanta || Automate and prove your security compliance with Vanta! Get $1,000 off with my link to cruise through compliance across SOC 2, ISO 27001, ISO 42001, NIST AI RMF, HIPAA, GDPR, and more! https://jh.live/vanta

Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter

ℹ️ Resources:
See what cybersecurity events are happening: https://jh.live/infosecmap
Learn how to code with CodeCrafters: https://jh.live/codecrafters
Host your own VPN with OpenVPN: https://jh.live/openvpn
Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense

John Hammond

A detailed walkthrough of a sophisticated phishing campaign that abuses legitimate Facebook Business Manager email notifications. Attackers register business accounts with names like 'Your account will be locked in 24 hours' so the threat appears in official Facebook emails. The phishing sites are built with Next.js/Webpack, collect credentials via an encrypted API endpoint, and exfiltrate data to Telegram server-side. The analysis covers the email lure mechanics, live site inspection, network traffic analysis, base64/OpenSSL encrypted payload decoding, and JavaScript source debugging to trace the data exfiltration path.

the WORST phishing email i've ever seen