Artificial intelligence has revolutionized web development, empowering even novice users to create professional-looking websites. Tools like Lovable enable anyone to build and host applications with little to no coding knowledge, while Netlify and Vercel position themselves as AI-native development platforms.
However, cybercriminals are increasingly exploiting these services to create and host fake captcha challenge websites, which serve as entry points for phishing campaigns. Since January, Trend Micro has observed a rise in fake captcha pages hosted on such platforms. These scams pose a dual threat: misleading users while evading automated security systems.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Unmasking MuddyWater’s New Malware Toolkit Driving International Espionage
October 22, 2025
Group-IB Threat Intelligence uncovered a sophisticated phishing campaign orchestrated by the Advanced Persistent Threat (APT) MuddyWater, targeting international organizations worldwide to gather foreign intelligence. MuddyWater accessed the compromised mailbox through NordVPN(a legitimate service abused by the threat actor), and used it to send phishing emails that appeared to be authentic correspondence. By exploiting the trust and ...
- CISA warns high-severity Windows SMB flaw now exploited in attacks – update now
October 22, 2025
Microsoft has acknowledged older versions of Windows 10, Windows 11 and Windows Server could be exploited due to a vulnerability related to SMB. The vulnerability, tracked as CVE-2025-33073 with a score of 8.8, was added to America’s Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) list on October 20. Thankfully, Microsoft has already issued ...
- Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities
October 21, 2025
On October 6, 2025, the developer known as “Loadbaks” announced the release of Vidar Stealer v2.0 on underground forums. This new version features a complete transition from C++ to a pure C implementation, allegedly enhancing performance and efficiency. Its release coincides with a decline in activity surrounding the Lumma Stealer, suggesting cybercriminals under its operation ...
- PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations
October 21, 2025
Back in 2024, Kaspersky researchers gave a brief description of a complex cyberespionage campaign that we dubbed “PassiveNeuron”. This campaign involved compromising the servers of government organizations with previously unknown APT implants, named “Neursite” and “NeuralExecutor”. However, since its discovery, the PassiveNeuron campaign has been shrouded in mystery. For instance, it remained unclear how the implants ...
- The Golden Scale: Notable Threat Updates and Looking Ahead
October 20, 2025
Palo Alto Unit 42 recently published an Insights piece “The Golden Scale: Bling Libra and the Evolving Extortion Economy,” which primarily focused on the Salesforce data theft extortion activity. This was associated with the cybercriminal syndicate known as Scattered LAPSUS$ Hunters. Since early October 2025, the researchers have observed several notable developments within a Telegram channel ...
- China accuses US of cyber breaches at national time centre
October 20, 2025
China has accused the U.S. of stealing secrets and infiltrating the country’s national time centre, warning that serious breaches could have disrupted communication networks, financial systems, the power supply and the international standard time. The U.S. National Security Agency has been carrying out a cyberattack operation on the National Time Service Center over an extended period ...