Vercel v0.dev phishing campaign using GenAI-built lure pages
Campaign
Summary
Hide ▲
Show ▼
A campaign using Vercel v0.dev to build highly convincing phishing pages has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity has been observed across Microsoft-themed landing pages, Spotify emails, and fake job postings for Adidas, Ferrari, Louis Vuitton, and Nike, making the lure set broader and more credible. The use of hosted GenAI page generation matters because it lets low-skilled actors rapidly create and relaunch malicious sites for malicious gain.
Related Happenings
Phantom squatting AI-hallucinated domain phishing campaign
Campaign
H score35
First: 01.07.2026 10:20
Last: 01.07.2026 10:20
Sources 1
About this happening:
A **phantom squatting** campaign is turning **AI-hallucinated domains** into live phishing and malware lures, putting **AI-referred traffic** at immediate risk. Attackers are regi...
Phantom squatting AI-hallucinated domain phishing campaign
CampaignAbout this happening: A **phantom squatting** campaign is turning **AI-hallucinated domains** into live phishing and malware lures, putting **AI-referred traffic** at immediate risk. Attackers are regi...
OpenAI ChatGPT renderer Markdown link/image phishing security flaw
Vulnerability
H score16
First: 29.05.2026 21:07
Last: 29.05.2026 21:07
Sources 1
About this happening:
**ChatGPT** has a **response-renderer vulnerability** that turns summarized third-party pages into **live phishing links** and auto-fetched **attacker-hosted images** inside the t...
OpenAI ChatGPT renderer Markdown link/image phishing security flaw
VulnerabilityAbout this happening: **ChatGPT** has a **response-renderer vulnerability** that turns summarized third-party pages into **live phishing links** and auto-fetched **attacker-hosted images** inside the t...
FBI public service announcement on fake FIFA websites
Public Sector Action
H score21
First: 28.05.2026 22:08
Last: 28.05.2026 22:08
Sources 1
About this happening:
The **FBI** and security researchers warn that **FIFA-themed fraud** is already targeting **World Cup 2026** fans ahead of the **June 11 kickoff**. Reported activity includes **mo...
FBI public service announcement on fake FIFA websites
Public Sector ActionAbout this happening: The **FBI** and security researchers warn that **FIFA-themed fraud** is already targeting **World Cup 2026** fans ahead of the **June 11 kickoff**. Reported activity includes **mo...
Ghost Stadium FIFA World Cup fraud campaign
Campaign
H score41
First: 27.05.2026 14:28
Last: 27.05.2026 14:28
Sources 1
About this happening:
A **Ghost Stadium**-linked **FIFA impersonation fraud campaign** is targeting **2026 FIFA World Cup** fans with cloned **fifa.com** pages, fake ticket and hospitality offers, and...
Ghost Stadium FIFA World Cup fraud campaign
CampaignAbout this happening: A **Ghost Stadium**-linked **FIFA impersonation fraud campaign** is targeting **2026 FIFA World Cup** fans with cloned **fifa.com** pages, fake ticket and hospitality offers, and...
Google sponsored search ManageWP phishing campaign
Campaign
H score13
First: 07.05.2026 00:36
Last: 07.05.2026 00:36
Sources 1
About this happening:
A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Google sponsored search ManageWP phishing campaign
CampaignAbout this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Timeline
-
07.05.2026 11:30 2 articles · 2mo ago
Cofense warns of Vercel v0[.]dev phishing abuse
Initial DisclosureCofense warns that low-skilled threat actors are abusing Vercel's v0[.]dev GenAI tool to generate highly convincing phishing pages and fake brand or job lures, including Microsoft landing pages, Spotify emails, and job postings for Adidas, Ferrari, Louis Vuitton, and Nike. The abuse is described as increasing over time because Vercel-hosted pages are easy to create, relaunch, and submit for takedown, and Cofense urges organizations to report malicious Vercel-hosted sites.
Show sources
- Researchers Spot Uptick in Use of Vercel for Phishing Campaigns — www.infosecurity-magazine.com — 07.05.2026 11:30
- Researchers Spot Uptick in Use of Vercel for Phishing Campaigns — www.infosecurity-magazine.com — 07.05.2026 11:30