Cybersecurity threats to the 2026 midterm elections are targeting the accounts and platforms that campaigns, donors and voters use to communicate, according to a security report released Monday by Check Point Software Technologies.
So far in this election cycle, threats are not aimed at voting machines or ballot-counting systems. Instead, threat actors are going after the email accounts, websites and fundraising platforms that election organizations depend on.
Jeremy Fuchs, a campaign manager for Check Point, told CyberScoop that the report’s core findings reflect a broader trend in cybersecurity: Bad actors are using AI to make their attacks larger and more effective.
“The barrier to entry is lower and the quality is so much higher than it was three years ago, 10 years ago, that everything is going to look more realistic and it’s going to be more effective at accomplishing whatever goals [attackers] have,” he said.
Email remains the easiest way for hackers to perpetuate election-related schemes. Check Point found that 82% of malicious attacks arrive through email, where threat actors covertly trick users into handing over their passwords for major fundraising sites. Approximately 9,500 stolen passwords were tied to ActBlue, which collects donations for Democratic candidates. Approximately 6,500 were linked to WinRed, a Republican fundraising platform.
Fuchs noted that this information may not be directly used for election-related schemes, yet could be leveraged for opportunistic follow-on attempts at accessing other accounts.
“Whenever an exposure like this happens, whether it’s with a political site or not, oftentimes it’s saved for later,” he said. “If I have your email and password, if I have your phone number, I can just start an attack, a simple phishing attack that has nothing to do with the election right now.”
Threat actors are also registering many new websites with election-related names. In January, about 1,300 new websites included the word “election” and about 4,010 included the word “vote.” These websites can be used for phishing scams, where hackers trick people into giving up their passwords by pretending to be legitimate election organizations.
Fuchs noted that not every website may turn out to be malicious, but the speed with which these sites have been established — especially when legitimate campaign sites have been running years before an election — has led researchers to believe that the majority will be used for nefarious purposes.
“If you’re spinning up these websites very quickly and at scale, there’s a reason for it,” he said.
Misinformation and manipulated content present another layer of concern, especially as AI-generated political content has become increasingly visible in the 2026 cycle. Earlier this month, OpenAI rolled out a suite of tools and safeguards that’s meant to provide a layer of security for this particular election cycle.
Fuchs said this AI-powered manipulation is only going to grow as we get closer to Election Day, and as the models get better, so too will actors’ ability to deceive people with fake content.
“It’s really hard to make sense of these things when the AI, and the attacks, have just become so good,” he said. “It was hard when they weren’t good. So now imagine how much harder it’s going to be when it is good, and it’s continuing to get better and better.”
Fuchs warned that the speed at which AI-powered election threats are evolving presents a challenge that extends beyond technical defenses, saying that the true challenge lies in a threat landscape that’s changing faster than public understanding can keep pace.
“There’s so much more that we as a society can truly fathom,” he told CyberScoop. Generative AI “is moving so fast. It’s getting so good. And if we’re not having those conversations about, ‘hey, this is how things might change,’ all this stuff is just going to continue to get more difficult and more difficult. And it’s going to flare at these inflection points, whether an election is kind of the perfect place for it, because there’s just so much at stake for so many people.”
You read the full report on Check Point’s website. **Update, 6/2/2026, 4:30 p.m.: *** This story has been amended to further clarify how threat actors are obtaining passwords for campaign donation sites. *