PhishLumos: Exposing phishing campaigns that evade detection by hiding content - Help Net Security

PhishLumos is a system that exposes phishing campaigns by analyzing URL infrastructure—such as IP addresses and SSL certificates—rather than relying on easily cloaked web content. By mapping these connections into a graph, it enables LLM-powered agents to generate effective detection rules even when attackers attempt to hide malicious pages.