DEV Community: chidambaram

PhishClean Affiliate Program

chidambaram — Mon, 06 Apr 2026 18:21:16 +0000

We just launched the PhishClean Affiliate Program.

If you create content around cybersecurity, phishing prevention, privacy, secure browsing, or developer security, you can now partner with us and earn 30% recurring commission on approved referrals.

PhishClean is a privacy-first browser security product that helps users detect:
phishing pages
suspicious login flows
JWT and token leaks
exposed API keys and secrets
hidden iframes
risky redirects and other browser-level threats

What makes PhishClean different is that detection runs locally in the browser.

We do not upload passwords or page content for detection.

We’re looking to work with:
cybersecurity bloggers
newsletter writers
YouTubers
technical educators
privacy-focused creators
developer-focused affiliates

Apply here:
https://www.phishclean.com/affiliate

PhishClean now has an MCP server!

chidambaram — Fri, 03 Apr 2026 11:49:34 +0000

🚨 Claude Code just leaked 512,000 lines of source code. And it revealed something interesting — their entire agentic system runs on MCP.

MCP (Model Context Protocol) is how AI agents like Claude connect to external tools and APIs.

Which means if you're building security tools in 2026, MCP compatibility isn't optional anymore — it's expected.

That's why I built phishclean-mcp 🛡️

PhishClean's MCP server lets you run security checks directly inside:
✅ Claude Desktop
✅ Claude Code
✅ Gemini CLI
✅ Any MCP-compatible client

What it can do right from your AI chat: 🔗 Scan URLs for phishing 🔑 Detect leaked API keys & secrets 📄 Audit JWT tokens 📧 Analyze email headers 🔍 Check password strength 🕵️ Detect backlink impersonation
One command to install:

npm i phishclean-mcp
npx phishclean-mcp

No cloud lookups. No data sent anywhere. Everything runs locally. 🔒
If you're using Claude Code or Claude Desktop — try it and let me know what you think 👇

🔗https://www.npmjs.com/package/phishclean-mcp?activeTab=readme
🌐phishclean.com

ClaudeCode #MCP #CyberSecurity #PhishClean #AITools #DevTools #Privacy

🚀 PhishClean v1.1.3 is here — faster, sharper, and more vigilant than ever.

chidambaram — Thu, 02 Apr 2026 16:14:40 +0000

We’ve just pushed a new update to our Chrome extension, and it’s currently under review on the Chrome Web Store. Here’s what’s new in v1.1.3 👇

🔍 Enhanced Detection Engine
Smarter identification of suspicious URLs with improved accuracy and reduced false positives.

⚡ Performance Boosts
Faster scanning and lighter footprint — protection that doesn’t slow you down.

🛡️ Improved Web Navigation Monitoring
Better real-time tracking of navigation and redirects to catch phishing attempts earlier.

🔧 Stability & Bug Fixes
Quietly fixing the cracks so your browsing stays smooth and secure.

💡 Our mission remains simple:
Make safe browsing effortless.
PhishClean works silently in the background, analyzing links before they become threats — so you don’t have to think twice before clicking.

📦 Version 1.1.3 is rolling out soon. Stay tuned.
If you're building products, platforms, or tools where user safety matters — we’re also working on something bigger 👀 (API coming soon).

CyberSecurity #Phishing #ChromeExtension #Startup #BuildInPublic #PhishClean

5 Scariest Cybersecurity Attacks of March 2026 — And How to Protect Yourself

chidambaram — Sun, 29 Mar 2026 19:14:27 +0000

March 2026 has been one of the most alarming months in recent cybersecurity history. Nation-state wiper attacks, phishing-as-a-service platforms, supply chain backdoors, and fake banking apps — attackers are hitting harder, faster, and smarter than ever.
Here's a breakdown of the five biggest attacks this month — and what you can do right now to protect yourself.

1. Stryker Corporation — Iran-Linked Wiper Attack
On March 11, 2026, Stryker Corporation — one of the world's largest medical device companies serving over 150 million patients across 61 countries — was hit by an Iran-linked wiper attack that forced tens of thousands of employees offline, causing global operational disruption.
This wasn't ransomware. There was no ransom demand. The goal was pure destruction — permanently erasing data with no recovery possible.

What makes this terrifying: Wiper attacks paired with phishing lures are a growing tactic. Unit 42 identified 7,381 conflict-themed phishing URLs across 1,881 unique hostnames Palo Alto Networks being used to lure victims — mimicking telecom providers, airlines, and law enforcement.
How PhishClean helps: PhishClean's domain mismatch detection and link safety tooltips flag suspicious URLs before you click them — catching phishing lures that precede these attacks at the browser layer.

2. Tycoon 2FA — Phishing-as-a-Service Takedown
In a major coordinated disruption on March 4, 2026, Tycoon 2FA — a prolific adversary-in-the-middle phishing-as-a-service platform — was disrupted by Proofpoint, Microsoft, Europol, Cloudflare, and international law enforcement, resulting in the seizure of 330 control panel domains.
Hornetsecurity
In February 2026 alone, over three million phishing messages were tied to Tycoon 2FA campaigns, targeting organizations across virtually every major vertical — including schools, hospitals, and government institutions. Hornetsecurity
The platform worked by harvesting Microsoft 365 and Gmail session cookies through a transparent proxy — bypassing MFA entirely.
What makes this terrifying: Even with 2FA enabled, attackers could steal your session cookie and log in as you. No password needed.

How PhishClean helps: PhishClean's JWT token leak detection and auth header monitoring detect when session tokens are being exposed or sent to third-party domains — catching exactly the kind of cookie harvesting Tycoon 2FA relied on.

3. LiteLLM Supply Chain Attack — Backdoored Python Package
Versions 1.82.7 and 1.82.8 of LiteLLM — a popular AI proxy with 95 million monthly downloads — were found to contain malicious payloads that harvested AWS keys, Git credentials, and crypto wallets silently on startup. The malware self-replicated in Kubernetes environments and exfiltrated data to a fake domain.
PyPI pulled both versions. Safe version: 1.82.6.
What makes this terrifying: You install a trusted package and your AWS keys are gone within seconds — no interaction required.

How PhishClean helps: While supply chain attacks happen at the package level, PhishClean's secret leak scanner detects when AWS keys, Stripe keys, and other credentials are exposed in browser-visible content — giving you an extra layer of defense if compromised keys surface in dashboards or web UIs.

4. Fake IndusInd Bank App — Mobile Phishing
A sophisticated malware dropper was spotted mimicking the IndusInd Bank app, targeting Android users in a phishing scheme aimed at stealing sensitive financial information. Once installed, the malicious app displayed a fake banking interface, tricking users into entering mobile numbers, Aadhaar numbers, PAN numbers, and net banking credentials — sending the data to both a phishing server and a Telegram-controlled C2 channel. Cyber Security News
What makes this terrifying: The fake app looked identical to the real one. Most users had no idea they were on a phishing page.

How PhishClean helps: PhishClean's backlink impersonation detection flags pages that borrow legitimate brand assets — logos, policy links, support links — to appear trustworthy. This is exactly the technique fake banking apps use in their web-based phishing flows.

5. OAuth Redirect Abuse — Trust Hijacking via Microsoft & Google
Microsoft's security team reported attackers abusing legitimate OAuth redirect behavior to move users from trusted Microsoft or Google login URLs to phishing pages. The first domain the victim sees is completely legitimate — the danger comes in the redirect chain that follows.
What makes this terrifying: Your browser shows a real Microsoft URL. You trust it. Then you're silently moved to a phishing page before you notice.

How PhishClean helps: PhishClean analyzes where forms actually submit data — not just where the page says it's from. Even if the visible URL looks legitimate, PhishClean catches domain mismatches between what's displayed and where your credentials actually go.

The Common Thread Across All 5 Attacks
Every single one of these attacks exploits browser-layer trust:

A URL that looks legitimate
A page that looks identical to the real thing
Credentials submitted to the wrong server
Tokens and keys exposed without your knowledge

This is exactly the layer PhishClean was built to protect.

What Is PhishClean?
PhishClean is a free browser extension that runs 15 detection signals entirely on your device — no cloud lookups, no data sent anywhere. It catches:

✅ Phishing pages before you submit your credentials
✅ Exposed API keys and secrets in page source
✅ JWT token leaks in URLs
✅ Hidden iframes stealing credentials
✅ HTTPS downgrades on public WiFi
✅ Suspicious domain mismatches
✅ Auth headers sent to wrong servers

Available free on Chrome, Firefox, and Edge.
👉 Install PhishClean — https://www.phishclean.com

What You Should Do Right Now

Install a browser security extension — PhishClean catches threats that no blocklist has seen yet
Use a password manager — it won't autofill on fake domains
Enable 2FA everywhere — but use an authenticator app, not SMS
Never click login links in emails — type the URL directly
Rotate credentials if you used LiteLLM 1.82.7 or 1.82.8

The attacks of March 2026 are a reminder that the browser is the most overlooked security risk in everyday life. One click is all it takes.

This article was written by the PhishClean Research Team. PhishClean is a privacy-first browser security extension available at phishclean.com.