Artificial intelligence has revolutionized web development, empowering even novice users to create professional-looking websites. Tools like Lovable enable anyone to build and host applications with little to no coding knowledge, while Netlify and Vercel position themselves as AI-native development platforms.
However, cybercriminals are increasingly exploiting these services to create and host fake captcha challenge websites, which serve as entry points for phishing campaigns. Since January, Trend Micro has observed a rise in fake captcha pages hosted on such platforms. These scams pose a dual threat: misleading users while evading automated security systems.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- South Korea cyber crisis deepens as Coupang data leak exposes national vulnerabilities
December 1, 2025
An investigation is under way into the cause of the breach. The leak raised concerns about phishing attempts targeting customers. Telecom, payments and crypto firms also reported recent breaches. A major data breach at South Korea’s biggest e-retailer has intensified concerns about the country’s digital preparedness, with the latest incident now seen as part of a ...
- Thousands of Airbus planes grounded after faulty software detected
November 29, 2025
Airlines around the world have been forced to ground thousands of Airbus planes following the discovery of a software problem which may have contributed to a sudden drop in the altitude of a plane last month, injuring 15 people. Around 6,000 A320 planes are thought to be affected, delaying and cancelling flights over the weekend. Airbus ...
- Tomiris wreaks Havoc: New tools and techniques of the APT group
November 28, 2025
While tracking the activities of the Tomiris threat actor, Kaspersky researchers identified new malicious operations that began in early 2025. These attacks targeted foreign ministries, intergovernmental organizations, and government entities, demonstrating a focus on high-value political and diplomatic infrastructure. In several cases, Kaspersky traced the threat actor’s actions from initial infection to the deployment of post-exploitation ...
- Organised crime online: How Europol disrupts cybercrime
November 27, 2025
How does Europol target cybercrime networks? Investigate phishing-as-a-service platforms? Or help tackle child sexual exploitation? This publication, presented at the Committee on Civil Liberties, Justice and Home Affairs Ordinary (LIBE), provides a general overview on how Europol disrupts cybercrime, taking the key insights from the Internet Organised Crime Threat Assessment (IOCTA) and EU Serious and Organised ...
- The Golden Scale: ‘Tis the Season for Unwanted Gifts
November 26, 2025
In October 2025, we published two Insights blogs on threat activity affiliated with the cybercriminal alliance known as Scattered LAPSUS$ Hunters (SLSH). After a few weeks of apparent inactivity, the threat actors have returned with a vengeance based on open-source reporting and conversations obtained from a new Telegram channel (scattered LAPSUS$ hunters part 7). This latest ...
- Bug in jury systems used by several US states exposed sensitive personal data
November 26, 2025
Several public websites designed to allow courts across the United States and Canada to manage the personal information of potential jurors had a simple security flaw that easily exposed their sensitive data, including names and home addresses, TechCrunch has exclusively learned. A security researcher, who asked not to be named for this story, contacted TechCrunch with ...