Vercel v0.dev phishing campaign using GenAI-built lure pages
Campaign
Summary
Hide ▲
Show ▼
A campaign using Vercel v0.dev to build highly convincing phishing pages has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity has been observed across Microsoft-themed landing pages, Spotify emails, and fake job postings for Adidas, Ferrari, Louis Vuitton, and Nike, making the lure set broader and more credible. The use of hosted GenAI page generation matters because it lets low-skilled actors rapidly create and relaunch malicious sites for malicious gain.
Related Happenings
Google sponsored search ManageWP phishing campaign
Campaign
First: 07.05.2026 00:36
Last: 07.05.2026 00:36
Sources 1
About this happening:
A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Google sponsored search ManageWP phishing campaign
CampaignAbout this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Formbook phishing campaign using DLL sideloading and obfuscated JavaScript
Campaign
First: 20.04.2026 18:01
Last: 20.04.2026 18:01
Sources 1
About this happening:
The **Formbook** phishing operation is targeting **Windows** organizations across **Greece, Spain, Slovenia, Bosnia, Croatia** and **South America**, using **DLL sideloading** and...
Formbook phishing campaign using DLL sideloading and obfuscated JavaScript
CampaignAbout this happening: The **Formbook** phishing operation is targeting **Windows** organizations across **Greece, Spain, Slovenia, Bosnia, Croatia** and **South America**, using **DLL sideloading** and...
FBI-led takedown of W3LL phishing network
Law Enforcement
First: 13.04.2026 13:35
Last: 13.04.2026 13:35
Sources 1
About this happening:
**FBI Atlanta** and **US and Indonesian law enforcement** took down the **W3LL** phishing network, escalating a cross-border cybercrime case tied to **more than $20 million in fra...
FBI-led takedown of W3LL phishing network
Law EnforcementAbout this happening: **FBI Atlanta** and **US and Indonesian law enforcement** took down the **W3LL** phishing network, escalating a cross-border cybercrime case tied to **more than $20 million in fra...
OAuth device-code phishing campaign targeting SaaS accounts
Campaign
First: 04.04.2026 17:17
Last: 04.04.2026 17:17
Sources 1
About this happening:
A **device code phishing** campaign now includes **EvilTokens**, a **phishing-as-a-service** kit sold on **Telegram** that uses the **OAuth 2.0 device authorization flow** to hija...
OAuth device-code phishing campaign targeting SaaS accounts
CampaignAbout this happening: A **device code phishing** campaign now includes **EvilTokens**, a **phishing-as-a-service** kit sold on **Telegram** that uses the **OAuth 2.0 device authorization flow** to hija...
FAUX#ELEVATE phishing campaign targeting French-speaking corporate environments
Campaign
First: 24.03.2026 18:35
Last: 24.03.2026 18:35
Sources 1
About this happening:
The **FAUX#ELEVATE** phishing campaign is actively targeting **French-speaking corporate environments** with **fake resume/CV lures** that deliver malware for **credential theft**...
FAUX#ELEVATE phishing campaign targeting French-speaking corporate environments
CampaignAbout this happening: The **FAUX#ELEVATE** phishing campaign is actively targeting **French-speaking corporate environments** with **fake resume/CV lures** that deliver malware for **credential theft**...
Timeline
-
07.05.2026 11:30 2 articles · 20d ago
Cofense warns of Vercel v0[.]dev phishing abuse
Initial DisclosureCofense warns that low-skilled threat actors are abusing Vercel's v0[.]dev GenAI tool to generate highly convincing phishing pages and fake brand or job lures, including Microsoft landing pages, Spotify emails, and job postings for Adidas, Ferrari, Louis Vuitton, and Nike. The abuse is described as increasing over time because Vercel-hosted pages are easy to create, relaunch, and submit for takedown, and Cofense urges organizations to report malicious Vercel-hosted sites.
Show sources
- Researchers Spot Uptick in Use of Vercel for Phishing Campaigns — www.infosecurity-magazine.com — 07.05.2026 11:30
- Researchers Spot Uptick in Use of Vercel for Phishing Campaigns — www.infosecurity-magazine.com — 07.05.2026 11:30