Feed aggregator

Article URL: https://www.sfgate.com/cannabis/article/sonoma-county-drone-aclu-lawsuit-20363620.php

Comments URL: https://news.ycombinator.com/item?id=44201018

Points: 1

# Comments: 0

Robert Woodford, a recruitment marketing specialist, recently shared on LinkedIn how he fell victim to a highly sophisticated scam while booking a hotel in Verona through Booking.com, providing a striking example of how attacks on the hospitality industry affect travelers.

After completing a legitimate booking—and trading some communications with the hotel—Woodford received a separate message that he believed came from the official Booking.com messaging system. This message requested “missing details” and a prepayment.

But to be safe, Woodford logged into Booking.com directly rather than clicking any links. There, he found the same message in the same thread as his earlier communications with the hotel. The payment link also looked official, as it contained “bookingcom” in the URL. Woodford didn’t realize until after making the payment that the merchant’s name was incorrect and the payment was fraudulent.

Woodford’s story falls in line with a blog I wrote a few months ago about how phishers use fake CAPTCHAs to trick hotel staff into downloading malware. It also demonstrates how travelers can be deceived by increasingly sophisticated cybercriminals exploiting real booking data and trusted platforms.

The Swiss National Cyber Security Centre (NCSC) reported similar attacks where hotel staff were tricked into installing malware through fake CAPTCHAs and malicious clipboard commands. These infections compromise hotel booking systems, allowing attackers to manipulate guest communications and payments.

To be clear, these types of online scams are so effective because the hotel itself has been compromised, and travelers log into official, verified websites and services only to receive malicious messages from cybercriminals who are secretly in control. These aren’t fake websites—these are fake representatives for real hotels using the hotels’ own messaging platforms to speak with customers.

Once the criminals infect the booking system, they can access guest data, and payment information, enabling them to impersonate hotels and reach guests directly.

Adding to this picture is a warning from Arcona Hotels & Resorts who discovered “technical irregularities” and disconnected several locations from the central IT services as a precautionary measure to limit potential damage. ResponseOne GmbH, a company specializing in IT forensics, was brought in to conduct a technical analysis and manage the situation.

Arcona Hotels & Resorts is a German-based company specializing in operating and developing hotels, particularly focusing on leisure and holiday hotels, boutique hotels, and 5-star properties. While we have no direct information about what happened there, the timing and nature of their advisory suggest that this incident might be part of a wider campaign targeting the hospitality industry’s digital infrastructure.

Advice for travelers

 Cybercriminals are no longer just targeting guests. They are infiltrating hospitality systems themselves, turning trusted platforms into vectors for fraud.

Robert lost a few hundred quid and the trust in his bank, the travel platform he used, and a bit of trust in his own judgement. While Robert was vigilant and still became a victim, there are some tips to keep in mind:

• Always access booking platforms by typing URLs directly into your browser rather than clicking links in emails or messages.
• Verify any payment requests by contacting the hotel or booking platform through official channels. You can also call the hotel directly.
• Be suspicious of urgent payment demands or requests for unusual payment methods.
• Use credit cards for bookings where possible, or other options that provide fraud protection.
• Report suspicious messages to the booking platform immediately.
• Use browser protection against scams, credit card skimmers, and other malicious sites.

Be aware of the fact that the systems you trust might be compromised. Vigilance and proactive security measures are essential for both travelers and hotels to mitigate these risks.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Article URL: https://elixirforum.com/t/lt-resilient-code-resilient-engineer-lessons-from-changing-requirements-meks-mcclure-elixirconf/71161

Comments URL: https://news.ycombinator.com/item?id=44201010

Points: 1

# Comments: 0

Article URL: https://publicapis.io/

Comments URL: https://news.ycombinator.com/item?id=44201000

Points: 1

# Comments: 0

Article URL: https://lewiscampbell.tech/blog/250604.html

Comments URL: https://news.ycombinator.com/item?id=44200999

Points: 1

# Comments: 0

Article URL: https://mail-index.netbsd.org/netbsd-users/2025/06/06/msg032747.html

Comments URL: https://news.ycombinator.com/item?id=44200997

Points: 1

# Comments: 0

Article URL: https://www.nytimes.com/2025/06/05/business/economy/marina-von-neumann-whitman-dead.html

Comments URL: https://news.ycombinator.com/item?id=44200988

Points: 1

# Comments: 1

Article URL: https://lithub.com/want-to-reduce-crime-science-says-build-libraries/

Comments URL: https://news.ycombinator.com/item?id=44200956

Points: 1

# Comments: 0

Article URL: https://www.youtube.com/watch?v=EyR2-C9ggi0

Comments URL: https://news.ycombinator.com/item?id=44200945

Points: 1

# Comments: 0

Article URL: https://spin.atomicobject.com/problem-like-genai-addiction/

Comments URL: https://news.ycombinator.com/item?id=44200933

Points: 1

# Comments: 0

Article URL: https://gomarketme.co/blog/gomarketme-influencer-marketplace/

Comments URL: https://news.ycombinator.com/item?id=44200915

Points: 2

# Comments: 1

Article URL: https://sebastiano.tronto.net/blog/2025-06-06-webdev/

Comments URL: https://news.ycombinator.com/item?id=44200895

Points: 2

# Comments: 0

Article URL: https://samy.pl/pwnat/

Comments URL: https://news.ycombinator.com/item?id=44200881

Points: 1

# Comments: 0

Article URL: https://patloeber.com/gemini-ai-sdk-cheatsheet/

Comments URL: https://news.ycombinator.com/item?id=44200874

Points: 1

# Comments: 0

Article URL: https://esham.io/2025/05/shell-history

Comments URL: https://news.ycombinator.com/item?id=44200870

Points: 1

# Comments: 0

Article URL: https://odyc.dev

Comments URL: https://news.ycombinator.com/item?id=44200866

Points: 2

# Comments: 0

Article URL: https://www.nytimes.com/2025/06/06/us/kentucky-organ-donations.html

Comments URL: https://news.ycombinator.com/item?id=44200850

Points: 2

# Comments: 1

Over Easter, retail giant Marks & Spencer (M&S) discovered that it had suffered a highly damaging ransomware attack that left some shop shelves empty, shut down online ordering, some staff unable to clock in and out, and caused some of its major suppliers to resort to pen and paper. In a gloating abuse-filled email to M&S CEO Stuart Machin, the DragonForce hacker group claimed responsibility for the attack. Read more in my article on the Hot for Security blog.

Article URL: https://ratfactor.com/cards/pl-small

Comments URL: https://news.ycombinator.com/item?id=44200797

Points: 3

# Comments: 0

I’ve tried a bunch of habit tracking apps, but most of them don’t do much more than replicate checkboxes on paper. Meanwhile, I’ve got a Home Assistant instance running my entire environment. So I thought: what if my lights only turned off at night after I finished that chapter? Or the AC kicked in only after I went for that run? Maybe tying habits to the real world could make them stick.

I’ve been building HabitBridge as a way to track - and enforce - my own daily routines. It’s a habit tracker built with developers and hackers in mind, thanks to its JavaScript plugin framework. You can write your own “plugins” (and publish them here: https://github.com/joshspicer/habitbridgemarketplace) that run right in the app and define what a habit is—like conjugating 10 Italian verbs.

When a habit is completed, HabitBridge can fire a webhook to any URL you want (you’ll see the JSON structure in the app). I even put together a small Home Assistant add-on to receive that data and trigger automations based on your completions.

Check it out—it’s totally free. It’s still early days, and there are a few rough edges, but I’d love your feedback. Feel free to reach out here or on GitHub: https://github.com/joshspicer/habitbridge-release/issues

Comments URL: https://news.ycombinator.com/item?id=44200782

Points: 1

# Comments: 0