[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEdVnUXMaljKSDu6VY-LzZ823NHT1M9-28E40YH8ByIk":3},{"article":4,"iocs":54},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":33,"category":34,"article_tags":38},"9c273dab-9c8e-4fcd-ad38-4dec8fedd4e2","Hackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites","hackers-exploit-vercel-genai-to-mass-produce-convincing-phishing-sites-9e0dac","Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect.","Cybersecurity researchers at Cofense have discovered hackers exploiting Vercel's v0.dev generative UI platform to create high-quality phishing websites that mimic major brands like Microsoft, Adidas, Nike, and Spotify. By leveraging GenAI, even minimally skilled attackers can now rapidly produce convincing fake login pages and integrate them with Telegram bots for real-time credential theft, making detection significantly harder. The low barrier to entry (free\u002Fcheap Vercel accounts) and ease of regenerating sites after takedown represent a new threat vector that traditional security detection methods struggle to identify.","Hackers abuse Vercel GenAI to mass-produce convincing phishing sites mimicking Microsoft, Adidas, Nike.","Security Artificial Intelligence Phishing ScamHackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect. byDeeba AhmedMay 11, 20262 minute read Cybersecurity researchers at Cofense have discovered a sharp rise in hackers using the web development platform Vercel to launch high-quality scams. In a report shared with Hackread.com, the firm explained that scammers are now using Generative AI (GenAI) to build fake websites that are almost impossible to distinguish from real ones. According to researchers, by using Vercel’s Generative UI system, v0.dev, even scammers with very little technical skill can now create pages that copy the look and feel of major brands. The process is fast and cheap. Researchers noted that in the past, building a fake site required manual work, but now, GenAI allows minimally skilled scammers to create high-quality traps that were once only possible for advanced groups. How Hackers Use the Cloud Vercel is a legitimate cloud platform for web developers, but it is easy for hackers to join. There is a free version and a pro version for $20 a month. These accounts allow threat actors to host their pages online without managing their own servers, and they can quickly set up a new page in case of seizure, since the AI creates a slightly different version each time. “With Vercel’s hosting capabilities, attackers no longer have to maintain their own phishing website or recreate their whole server structure if the site gets taken down or removed. Even if the website created using Vercel’s v0.dev is taken down, nothing is stopping the attacker from creating a brand-new website using what they have learned from their previous mistakes,” Cofense threat intelligence researchers explained in the blog post. Further investigation revealed that hackers are also linking these sites to Telegram. When a victim enters their details into a fake login screen, a Telegram bot API sends that data to the hacker in real-time. This automated deployment interface allows scammers to monitor their victims without needing to maintain their own complex servers. Real Examples of the Threat The team at Cofense has tracked several campaigns in their database of Active Threat Reports (ATR). Some key findings include: Nike Job Scams (ATR 406705): A fake recruitment page is created mimicking Nike to trick people into scheduling an interview via fake Google or Facebook logins. Adidas Hiring Lure (ATR 403225): Posing as Adidas hiring managers for executive roles, scammers use Telegram bots to steal credentials in real time. Microsoft and Spotify (ATR 402228 & 385870): Hackers copied the exact logos and colours of these brands to steal login info and credit card numbers. Fake webpages of Microsoft and Adidas (Source: Cofense) A New Normal for Cyber Defences Researchers noted that because GenAI doesn’t make the typical spelling mistakes we used to look for, the new normal for security is much more difficult. They suggest that users should always check the actual website address (URL) and report any suspicious Vercel-hosted pages directly to the company for removal. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts Cyber AttackCyber CrimeCybersecurityFraudGenAIMicrosoftPhishingScamVercel Leave a Reply Cancel reply View Comments (0) Related Posts Android Malware Security GriftHorse Android malware hit 10 million devices in 70 countries Dubbed GriftHorse by researchers; the malware has stolen millions of dollars from its victims across 70 countries around the world. byDeeba Ahmed Leaks Security Hundred thousand Spotify accounts leaked in credential stuffing attack Spotify has suffered its second credential stuffing attack in three months. bySaad Rajpoot Read More Malware Security OpenAI’s ChatGPT Can Create Polymorphic Malware The researchers managed to create the Polymorphic malware by bypassing the content filters in ChatGPT by using an authoritative tone. byWaqas Security New vulnerability lets hackers use your credit card without pin code The vulnerability was revealed in a report called “The EMV Standard: Break, Fix, Verify.” Every time we make… bySudais Asif","https:\u002F\u002Fhackread.com\u002Fhackers-exploit-vercel-genai-phishing-sites\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fhackers-exploit-vercel-genai-phishing-sites.png","2026-05-11T10:34:38+00:00","2026-05-11T12:00:11.986057+00:00",8,[18,21,24,26,28,30],{"name":19,"type":20},"Vercel","vendor",{"name":22,"type":23},"Vercel v0.dev","product",{"name":25,"type":23},"Telegram",{"name":27,"type":20},"Microsoft",{"name":29,"type":20},"Cofense",{"name":31,"type":32},"Generative AI","technology","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":33,"icon":35,"name":36,"slug":37},null,"Vulnerabilities","vulnerabilities",[39,44,49],{"category":40},{"id":41,"icon":35,"name":42,"slug":43},"2c8f44d4-b56e-47cf-9677-04f22c9ee78d","Identity & Access","identity-access",{"category":45},{"id":46,"icon":35,"name":47,"slug":48},"839da5c1-3c34-47e2-9499-f7201640e3ac","AI Security","ai-security",{"category":50},{"id":51,"icon":35,"name":52,"slug":53},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[55],{"type":56,"value":57,"context":58},"malware","Telegram bot API integration for credential harvesting","Attackers link phishing pages to Telegram bots that exfiltrate stolen credentials in real-time"]