Artificial intelligence has revolutionized web development, empowering even novice users to create professional-looking websites. Tools like Lovable enable anyone to build and host applications with little to no coding knowledge, while Netlify and Vercel position themselves as AI-native development platforms.
However, cybercriminals are increasingly exploiting these services to create and host fake captcha challenge websites, which serve as entry points for phishing campaigns. Since January, Trend Micro has observed a rise in fake captcha pages hosted on such platforms. These scams pose a dual threat: misleading users while evading automated security systems.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution
October 15, 2025
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs. To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will ...
- Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits
October 15, 2025
TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices. The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older ...
- Satellites found exposing unencrypted data, including phone calls and some military comms
October 14, 2025
Security researchers have discovered that as many as half of all geostationary satellites in Earth’s orbit are carrying unencrypted sensitive consumer, corporate, and military information, making this data wide open to eavesdropping. The researchers at UC San Diego and the University of Maryland spent $800 on an off-the-shelf satellite receiver and pointed it at the sky ...
- Qantas says customer data released by cyber criminals months after cyber breach
October 12, 2025
Australia’s Qantas Airways said on Sunday that it was one of the companies whose customer data had been published by cybercriminals after it was stolen by a hacker in a July breach of a database containing the personal information of the airline’s customers. The airline said in July that more than a million customers had sensitive ...
- ClayRat Android malware spoofs WhatsApp, TikTok and more
October 10, 2025
A new Android malware variant is posing as popular apps, stealing sensitive files and propagating further. Experts from Zimperium revealed ClayRat, targeting primarily Russian users by spoofing popular Android apps such as WhatsApp, TikTok, Google Photos, or YouTube, distributed mostly through Telegram channels and standalone phishing sites. Through typosquatting, the phishing sites trick victims into thinking ...
- The Golden Scale: Bling Libra and the Evolving Extortion Economy
October 10, 2025
In recent months, threat actors claiming to be part of a new conglomerate dubbed Scattered Lapsus$ Hunters (aka SP1D3R HUNTERS, SLSH) have asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom. At least one industry source refers to this criminal syndicate as ...