Wednesday , September 10 2025
Booking.com

Secureworks reports
Booking.com hackers intensify attacks on customers

infosecbulletin Friday , December 1 2023 Cyber Attack, Hot Topic, International, Vulnerabilities

Booking.com, a major online travel agency, reported that customers have been targeted by hackers. While the agency’s systems are secure, online criminals have scammed many customers by stealing login credentials from the agency’s partner hotels. These criminals then pose as hotel staff to deceive customers.

(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points

By infosecbulletin / Wednesday , September 10 2025
Sophos fixed an authentication bypass vulnerability in its AP6 Series Wireless Access Points, preventing attackers from obtaining admin privileges. The...
Read More
(CVE-2025-10159) Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points

1.6M fitness phone call recordings exposed online

By infosecbulletin / Wednesday , September 10 2025
Security researcher Jeremiah Fowler discovered a database containing sensitive information from gym customers and staff, including names, financial details, and...
Read More
1.6M fitness phone call recordings exposed online

Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days

By infosecbulletin / Wednesday , September 10 2025
Microsoft patched September 2025 Patch Tuesday 81 flaws, including two publicly disclosed zero-day vulnerabilities. This Patch Tuesday addresses nine critical...
Read More
Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days

Elastic Security Incident : Hackers Accessed Email Account Contains Valid Credentials

By infosecbulletin / Tuesday , September 9 2025
Elastic reported a security incident caused by a breach at Salesloft Drift, leading to unauthorized access to an internal email...
Read More
Elastic Security Incident : Hackers Accessed Email Account Contains Valid Credentials

Hacker Exploit Amazon SES to Send 50K Phishing Emails

By infosecbulletin / Tuesday , September 9 2025
Researchers at Wiz discovered a complex phishing campaign using Amazon's Simple Email Service (SES) for large-scale attacks, showing how hacked...
Read More
Hacker Exploit Amazon SES to Send 50K Phishing Emails

SafePay Ransomware
SafePay Ransomware Attacks 73 Orgs in a Single Month

By infosecbulletin / Monday , September 8 2025
The global ransomware landscape continues to shift in 2025, with SafePay rapidly emerging as one of the most active and...
Read More
SafePay Ransomware SafePay Ransomware Attacks 73 Orgs in a Single Month

Bangladesh Cyber Threat Landscape- 2024
602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024

By infosecbulletin / Sunday , September 7 2025
Bangladesh Cyber Threat Landscape 2024, by BGD e-GOV CIRT, reveals a sharp escalation in cyber threats across Bangladesh. The year...
Read More
Bangladesh Cyber Threat Landscape- 2024 602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

By infosecbulletin / Sunday , September 7 2025
Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and...
Read More
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

ISC2 Aims to Bridge DFIR Skill Gap with New Certificate

By infosecbulletin / Saturday , September 6 2025
ISC2 has launched a Threat Handling Foundations Certificate to assist cybersecurity experts in enhancing Digital Forensics and Incident Response (DFIR)...
Read More
ISC2 Aims to Bridge DFIR Skill Gap with New Certificate

Misconfig Server Exposed 378GB of Navy Federal Credit Union Files

By infosecbulletin / Thursday , September 4 2025
Jeremiah Fowler, a cybersecurity researcher, found an unprotected server revealing 378 GB of Navy Federal Credit Union files, including operational...
Read More
Misconfig Server Exposed 378GB of Navy Federal Credit Union Files

What have the online attacks on Booking.com been like?

Fraudsters deceive hotels by pretending to be recent guests who left behind valuable items. They do this by calling the front desk and then sending an email with a link to a file on Google Drive.

The file was expected to be a picture of the item. But it turned out to be a malicious file called Vidar Infostealer. When the customer service representative opened it, it automatically stole login information from the hotel system and sent it to the fraudsters.

Hackers steal login information from Booking.com and use it to deceive hotel guests. They pretend to be hotels and ask guests to pay fake fees. Instead of using the official website, they send guests to a fake website or ask for credit card details over the phone. This scam is successful because the messages appear to come from legitimate hotel accounts on Booking.com.

Booking.com login credentials were found for sale on the Dark Web at a price of around $2,000. This suggests that these login details are highly effective. Booking.com has acknowledged the cyber-attacks on its partner hotels and is taking measures to stop them.

Check Also

Elastic

Elastic Security Incident : Hackers Accessed Email Account Contains Valid Credentials

Elastic reported a security incident caused by a breach at Salesloft Drift, leading to unauthorized …

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin