Hackers Are Vibe Coding Phishing Websites To Steal Credentials

Executive summary: Researchers observed cybercriminals using AI-powered website builders (e.g., Lovable) to rapidly produce convincing phishing and malware-hosting sites — including MFA-phishing pages, credential harvesters, crypto wallet drainers, and malware loaders — with tens of thousands of malicious URLs seen in email campaigns and one campaign targeting over 5,000 organizations; defenders are advised to strengthen email security, MFA, and user training.