Four new phishing kits, BlackForce, GhostFrame, InboxPrime AI, and Spiderman, are making waves in the cybersecurity world due to their advanced capabilities for credential theft. BlackForce, detected in August 2025, specializes in stealing credentials and bypassing multi-factor authentication through Man-in-the-Browser attacks. It targets major brands like Disney and Netflix and is sold on Telegram for €200 to €300. The kit uses sophisticated evasion techniques, such as filtering out security vendors and employing cache-busting JavaScript to ensure victims always load the latest malicious script. GhostFrame, discovered in September 2025, employs a hidden iframe within a simple HTML file to redirect victims to phishing pages aimed at stealing Microsoft 365 or Google credentials. It generates random subdomains to evade detection and modifies visible outer pages to impersonate trusted services. This kit is designed to be highly adaptable, allowing attackers to easily change their phishing tactics without altering the main page. InboxPrime AI takes phishing to another level by automating email campaigns using artificial intelligence. Sold for $1,000 on a Telegram channel, it mimics human emailing behavior and creates phishing emails that resemble legitimate business communications. The platform allows attackers to customize parameters for generated emails, making them harder to detect. Spiderman targets European banks and online financial services, replicating their login pages for credential theft. It operates as a full-stack framework, enabling attackers to manage phishing campaigns and stolen data seamlessly. The kit is marketed in a Signal messenger group, marking a shift from Telegram for such services. Each of these kits not only simplifies the process for cybercriminals but also raises significant challenges for cybersecurity defenses.