Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Reduce Alert Fatigue to Improve SOC Efficiency and Cut Business Costs
July 1, 2026
Home/Threats/Vercel AI Tools Abused to Create Realistic Phishing Sites
Threats

Vercel AI Tools Abused to Create Realistic Phishing Sites

Key Takeaways A surge in phishing attacks is leveraging Vercel’s AI-powered web development platform to create highly convincing fake login pages. The platform’s GenAI tool, v0.dev,...

Jennifer sherman
Jennifer sherman
May 12, 2026 4 Min Read
52 0

Key Takeaways

  • A surge in phishing attacks is leveraging Vercel’s AI-powered web development platform to create highly convincing fake login pages.
  • The platform’s GenAI tool, v0.dev, allows attackers to generate realistic web pages from simple text prompts, significantly lowering the technical barrier for launching sophisticated phishing campaigns.
  • Cybersecurity firm Cofense has observed a sharp increase in Vercel-based phishing since 2022, with the trend continuing into 2025.
  • The ease of use, low cost, and automation provided by Vercel, including integration with Telegram for real-time credential theft, make it a potent tool for threat actors.
  • Traditional security awareness training focusing on typos is outdated; users must now meticulously verify URLs, and organizations should monitor Vercel subdomains and report malicious sites.

A disturbing trend in cybercrime reveals that threat actors are increasingly exploiting Vercel, an advanced AI-driven web development platform, to streamline sophisticated credential theft operations. Attackers are leveraging Vercel’s robust capabilities to rapidly construct highly deceptive fake login pages that meticulously mimic legitimate websites, as detailed in a recent analytical report.

Table Of Content

  • Key Takeaways
  • Vercel Enables Mass Phishing
  • What You Should Do

This accessible and cost-effective methodology has dramatically expanded the pool of potential attackers, enabling individuals with limited technical expertise to execute highly effective phishing campaigns previously only achievable by more skilled operators.

Vercel’s generative AI tool, v0.dev, is at the core of this exploitation. This tool can produce fully functional web pages from straightforward text commands. For instance, a threat actor can simply input “create a Microsoft sign-in page with official logos and colors,” and the AI will generate a functional replica within moments.

The implications are significant: individuals lacking deep technical knowledge can now readily deploy phishing campaigns that appear almost indistinguishable from authentic corporate login interfaces.

Cofense, a cybersecurity firm specializing in phishing defense, has actively tracked a substantial increase in Vercel-based phishing campaigns since 2022. Their analysts have noted the platform’s deployment across a spectrum of attacks, varying in skill and complexity. Data indicates a persistent upward trajectory in Vercel abuse, showing no signs of abatement as of 2025.

The gravity of this threat stems from its ability to effortlessly supplant conventional phishing infrastructure. Historically, threat actors were burdened with establishing their own hosting servers, procuring phishing kits from illicit online marketplaces, and managing complex backend systems. Vercel consolidates these disparate tasks, handling hosting, deployment, and page generation within a single integrated environment.

The ramifications extend beyond individual users, posing a significant risk to organizations of all sizes. Attackers are actively spoofing prominent brands that employees routinely interact with, including major entities like Microsoft, Spotify, and various popular job platforms.

Vercel Enables Mass Phishing

Vercel’s GenAI tool introduces an unprecedented level of automation to phishing operations. Each prompt submitted to the AI generates a slightly varied output, allowing threat actors to continuously produce new versions of phishing pages without needing to craft entirely new prompts. If a malicious site is detected and taken down, a fresh one can be generated with minimal effort.

Furthermore, the platform’s integration with Telegram via its Bot API allows attackers to receive real-time notifications when victims submit credentials. This Telegram bot actively monitors the Vercel-hosted page and transmits stolen login information directly to the attacker’s account. This combination transforms what was once a multi-tool, technically demanding process into an almost fully automated operation.

Cofense analysts have documented specific campaigns where attackers impersonated hiring managers for globally recognized brands such as Adidas, Nike, Ferrari, and Louis Vuitton. These sophisticated phishing emails mimicked legitimate job offers and interview invitations, directing victims to fabricated career pages that subsequently led to fraudulent Facebook or Google login portals. All these deceptive pages were meticulously constructed using Vercel’s GenAI product.

Fake Adidas Careers page created using Vercel from ATR 403225 (Source - Cofense)
Fake Adidas Careers page created using Vercel from ATR 403225 (Source – Cofense)

In one particularly convincing incident, attackers engineered a Spotify login page that perfectly replicated the authentic site’s logos, color scheme, and layout.

Example of a Spotify spoofing web page created using Vercel (Source - Cofense)
Example of a Spotify spoofing web page created using Vercel (Source – Cofense)

Upon victims submitting their credentials, the fraudulent page not only forwarded the stolen information to the attacker but also redirected users to a secondary page requesting credit card details, maximizing the potential for financial fraud.

What You Should Do

  • Verify URLs Meticulously: Always inspect the full URL in the browser’s address bar before entering any login credentials. Even a pixel-perfect replica cannot mask a fraudulent domain. Look for subtle misspellings or unexpected subdomains.
  • Update Security Awareness Training: Traditional advice about spotting typos and formatting errors is largely obsolete. Training should emphasize URL verification, the dangers of unexpected login prompts, and the importance of directly navigating to official websites.
  • Implement Multi-Factor Authentication (MFA): MFA adds a critical layer of security, making it significantly harder for attackers to gain access even if they steal credentials.
  • Monitor for Vercel Subdomains: Security teams should configure email gateways and network monitoring tools to flag or block inbound links containing “vercel.app” subdomains, as these are common indicators of hosted phishing pages.
  • Report Malicious Sites: Users and organizations should promptly report any suspected malicious Vercel-hosted sites directly to Vercel for swift takedown.
  • Stay Informed: Continuously update threat intelligence and ensure staff are educated on the latest phishing techniques and emerging attack patterns.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCybersecurityExploitphishingSecurityThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Critical Microsoft Teams Flaw Lets Attackers Hijack Accounts, Deliver ModeloRAT

Next Post

New Vidar Stealer Campaign Evades EDR, Steals Credentials

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Critical Buffa Rust Library 0-Day DoS Vulnerability in Anthropic
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us