Advisories 4 May 2026 / 0 Comments

BlueKit Phishing-as-a-Service Platform – AI-Assisted Credential Theft Campaigns

Scope: Enterprise Platforms and Online Services (Broad)

Severity: High

BlueKit is an emerging phishing-as-a-service platform that leverages AI-assisted capabilities and ready-made attack templates to significantly lower the technical barrier for conducting credential theft campaigns against popular online services and enterprise environments. Successful attacks result in credential and session token theft, account takeover, unauthorized access to enterprise services, and business email compromise. Organizations should strengthen phishing awareness training, enforce MFA, deploy advanced email security controls including URL analysis and attachment scanning, and implement risk-based conditional access policies.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

BlueKit Phishing-as-a-Service Platform – AI-Assisted Credential Theft Campaigns

ConsentFix v3 – OAuth Consent Phishing Campaign Targeting Microsoft Azure and M365

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

BlueKit Phishing-as-a-Service Platform – AI-Assisted Credential Theft Campaigns

RELATED ADVISORIES

ConsentFix v3 – OAuth Consent Phishing Campaign Targeting Microsoft Azure and M365

Recent Advisories

Categories