Cybercriminals have started a campaign of redirecting links placed on gaming sites and social media—and as sponsored ads—that lead to fake websites posing as Booking.com.
According to Malwarebytes research, 40% of people book travel through a general online search, creating a lot of opportunities for scammers. The first signs of the campaign showed up mid-May and the final redirect destination changes every two to three days. Following the links brings visitors to a familiar strategy where fake CAPTCHA websites hijack your clipboard and try to trick visitors into infecting their own device.
Read more…
Source: Malwarebytes Labz
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Hacktivist deletes white supremacist websites live onstage during hacker conference
January 5, 2026
A hacktivist remotely wiped three white supremacist websites live onstage during their talk at a hacker conference last week, with the sites yet to return online. The pseudonymous hacker, who goes by Martha Root — dressed as Pink Ranger from the Power Rangers — deleted the servers of WhiteDate, WhiteChild, and WhiteDeal in real time ...
- 2025 was a terrible year for the ‘Four Families’ accused of running global cyber scam operations
January 4, 2026
People traded as commodities, iron cages used for punishment, severed fingers and even human sacrifice. These grisly details, revealed during interrogations of some of Asia’s most notorious criminal magnates, expose the horror of life in the many scam factories that dot Myanmar’s rugged and lawless border with China. The suspects were alleged members of powerful crime ...
- US cyber attacks plunged Caracas into darkness
January 4, 2026
US cyber attacks cut off power to large areas of Caracas to allow planes and helicopters to strike key military sites and capture Nicolás Maduro. Cyber command, space command and other American agencies layered effects to ensure more than 150 of its planes, drones and helicopters could approach the Venezuelan capital undetected. Cyber operators blacked out ...
- Cybercrook claims to be selling infrastructure info about three major US utilities
January 2, 2026
A cybercrook claims to have breached Pickett and Associates, a Florida-based engineering firm whose clients include major US utilities, and is selling what they claim to be about 139 GB of engineering data about Tampa Electric Company, Duke Energy Florida, and American Electric Power. The price is 6.5 bitcoin, which amounts to about $585,000. Based in ...
- In 2025, age checks started locking people out of the internet
December 31, 2025
If 2024 was the year lawmakers talked about online age verification, 2025 was the year they actually flipped the switch. In 2025, across parts of Europe and the US, age checks for certain websites (especially pornography) turned long‑running child‑protection debates into real‑world access controls. Overnight, users found entire categories of sites locked behind ID checks, platforms ...
- European Space Agency confirms data breach
December 30, 2025
MILAN — The European Space Agency has confirmed a security breach of unclassified material from science servers following reports on social media. A threat actor claimed to have compromised ESA systems and to have leaked roughly 200 gigabytes of data. According to screenshots shared on X by French cybersecurity professional Seb Latom, the actor alleges they ...