
Malware Impersonating Booking.com Targets Hospitality Sector
Microsoft Threat Intelligence researchers have been tracking a cybercriminal group targeting the hospitality industry. Known as Storm-1865, this group is spreading credential-stealing malware, with activities dating back to late 2024. The attackers have created a fake Booking.com page, sending fraudulent messages to hotel managers about a non-existent review. Clicking the provided link redirects victims to a credential-harvesting site.
So far, businesses in North America, Oceania, South Asia, and parts of Europe have been primarily affected. This ongoing attack is severely damaging the reputation of the Dutch-based startup.
Volt Typhoon Infiltrates U.S. Electric Grid Since 2023
The White House recently confirmed that a cyberattack group named Volt Typhoon has infiltrated at least 14 U.S. telecom networks since 2019, likely transmitting sensitive data to foreign data centers. More troubling news emerged when Volt Typhoon was found inside the network of a U.S. electric grid, specifically targeting Littleton Electric Light and Water Departments in Massachusetts. The attack began in November 2023.
An Industrial security firm, Dragos, uncovered the breach and revealed it to the media. Although the incident was contained by response teams in February 2025, more information on the attack will be released soon.
FCC Updates Cybersecurity Guidelines for Undersea Cable Operators
The U.S. Federal Communications Commission (FCC) has updated its regulations for companies operating submarine internet cables. These new guidelines, which amend rules in place since 2001, require all applicants and licensees to adhere to strict Cybersecurity Risk Management (CRM) standards.
Under the revised rules, companies must ensure the protection of their systems’ confidentiality, integrity, and availability, while also implementing proactive measures to detect and mitigate cyber threats. The renewal of cable operation licenses for up to 25 years will depend on compliance with these cybersecurity requirements.