- 8 ways I use Microsoft's Copilot Vision AI to save time on my phone and PC
- I prefer this OnePlus tablet over iPads for mobile entertainment - and it's on sale
- I found AirTag alternatives that are tough, loud, and compatible with Android phones
- The best AI for coding in 2025 (including two new top picks - and what not to use)
- 3 Apple devices you definitely shouldn't buy this month (and 9 to get instead)
FBI Publishes 42,000 LabHost Phishing Domains
The FBI has released details of 42,000 phishing domains, which it said could help network defenders to build cyber resilience and investigate historic breaches.
The domains are linked to prolific phishing-as-a-service (PhaaS) operation LabHost. According to British prosecutors, the platform resulted in fraud losses totalling more than £100m ($133m) between 2021 and 2024.
The FBI said that LabHost was used by around 10,000 cybercriminals, enabling them to impersonate over 200 sites in order to harvest victims’ personal information, credentials and two-factor authentication codes.
LabHost enabled the theft of data on 500,000 credit cards, along with over one million passwords, it added.
After obtaining the domain names of related phishing sites from the LabHost backend server, the Feds are now releasing them to help security teams and threat intelligence researchers.
Read more on PhaaS: Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge.
Network defenders could block these domains in case they are reactivated by threat actors, and investigate any possible incidents that may have gone undetected until now.
“Though the LabHost domains are historical in nature, this list of over 42,000 domains may provide insight for network defenders and cyber-threat intelligence personnel on adversary tactics and techniques,” the FBI said.
“Historical research that identifies connections to any of these domains should prompt additional response and follow up with the impacted user(s).”
The law enforcement agency urged organizations to take action if they discover any unusual network activity related to these domains “and prepare their environment for incident response.”
It said that further investigation may unearth additional malicious domains or infrastructure.
“Organizations may also consider taking forward-looking steps to protect their environments, such as blacklisting domains or configuring alerts for connections made to domains that they have vetted and deemed to be malicious,” the alert added.
Last month, a British man was sentenced to eight-and-a-half-years behind bars for masterminding LabHost. Zak Coyne, 23, of Woodbine Road, Huddersfield, was sentenced in Manchester Crown Court on Monday after admitting his crimes in September 2024.
The site was finally taken down in April 2024 after an operation involving London’s Metropolitan Police, the UK’s National Crime Agency (NCA), Microsoft, Europol and others
