Fake News Sites Are Flooding the Internet Ahead of the 2026 Midterms — And CISA Just Lost $707 Million

The biggest threat to the 2026 midterm elections is not hackers changing vote tallies. It is something far more insidious: a flood of fake news websites designed to make voters doubt whether they can trust anything they read online.

New research from Check Point Software reveals that sophisticated operators have already cloned major media brands — Reuters, the Washington Post, and Fox News — using look-alike domains that can fool even attentive readers. The goal is not to alter ballots. It is to make people stop believing that truth itself can be verified.

The scale is staggering. In January, around 1,300 domains containing the word "election" and just under 3,000 containing "vote" were registered. By mid-April to mid-May, "election" registrations held steady at roughly 1,140 — but "vote" domain registrations surged to approximately 4,010. The shift toward voter-facing language suggests the infrastructure is being positioned for deployment during key moments in the election cycle, then removed before detection systems can catch up.

How the fake sites work Check Point's research shows that these look-alike domains are used for phishing pages impersonating voter information portals, fraudulent donation collection, candidate impersonation, and misinformation distribution designed to mimic official election communications. The sites are professionally constructed, hosted on infrastructure that can be spun up and torn down quickly, and promoted through social media algorithms that reward engagement regardless of accuracy.

The credential exposure problem compounds the risk. As of May, Check Point has tracked approximately 9,500 leaked credentials tied to the Democratic fundraising platform ActBlue and 6,500 tied to the Republican equivalent WinRed. These credentials are already available in criminal marketplaces, enabling account takeover, donor fraud, and targeted social engineering attacks against both parties' fundraising operations.

The CISA cut that makes this worse The timing could hardly be worse. The Trump administration has cut $707 million from the Cybersecurity and Infrastructure Security Agency's budget, describing the spending as "weaponization and waste" and "focused on censorship." CISA is the federal agency responsible for protecting election infrastructure, coordinating threat intelligence across states, and providing real-time incident reporting.

Senator Mark Warner, vice chairman of the Senate Select Committee on Intelligence, warned that the cuts leave states to fend for themselves. "While the states are taking valiant and expensive measures to protect their elections, it is impossible for states to independently obtain intelligence, subject-matter expertise, and real-time incident reporting, and information at the scale and speed required to protect state elections from physical and cyber threats."

The result is a dangerous asymmetry: the tools for deception are scaling up rapidly through AI-generated content, cloned media sites, and credential-based attacks, while the federal government's capacity to help states defend against those threats has been deliberately reduced.

Why AI makes this different from 2020 or 2022 Previous election cycles dealt with disinformation, but the AI tools available in 2026 are fundamentally more capable. Large language models can generate convincing articles, social media posts, and even video content at a scale and speed that was impossible two years ago. Deepfake technology has improved dramatically. The fake Reuters and Fox News sites identified by Check Point do not require armies of trolls — a small team with access to AI tools can produce and distribute convincing misinformation across dozens of domains simultaneously.

This is not speculation. Check Point's domain registration data shows the infrastructure being built now, months before the election. The 4,010 "vote" domains registered in a single month represent a significant increase over previous cycles, suggesting that bad actors are preparing for a larger and more coordinated effort than anything seen before.

What this means for you If you are a voter, treat every election-related website with skepticism. Verify that the URL matches the legitimate domain exactly — look-alike sites use subtle misspellings or extra characters. Get your election information directly from official government websites and well-known news organizations. If you are a donor, check your accounts on ActBlue or WinRed regularly and enable two-factor authentication. If you encounter a news story that seems designed to provoke outrage, check whether the same story appears on multiple established outlets before sharing it.

The 2026 midterms will be decided by voters who can distinguish real information from manufactured deception. That distinction is getting harder to make every day, and the federal agency that used to help make it just lost $707 million in funding.