Booking.com data breach April 14, 2026

  Customers began receiving notifications April 12-13

According to Booking.com’s own notifications and follow‑up reporting, the exposed information may include:

• Names
• Email addresses
• Phone numbers
• Postal addresses
• Reservation details (dates, property info, itinerary)
• Messages or notes shared with accommodation providers

Booking.com has repeatedly stated that payment and credit‑card data were not accessed.

Booking.com reports it:

• Reset reservation PIN codes tied to affected bookings
• Contacted impacted customers directly by email
• Advised customers to be vigilant for phishing attempts
• Stated the incident is now “under control”, though investigations are ongoing

The company has not disclosed:

• How many customers were affected
• Exactly when the breach occurred
• Technical details of how the access happened

• While no financial data was taken, experts warn that the combination of personal info + travel details makes this breach particularly dangerous. Attackers can craft highly convincing phishing messages (email, SMS, WhatsApp, or phone calls) that reference real bookings.

  Reports already show customers receiving scam contacts pretending to be Booking.com or their hotel, asking for “verification” or payments.

   

  Booking.com has emphasized that it will never:

  • Ask for credit‑card details
  • Request bank transfers
  • Ask for personal information via email, phone, text, or WhatsApp

  Customers are strongly advised not to click links in unsolicited messages claiming to be from Booking.com or properties. 

   

  Based on Booking.com’s guidance and security reporting:

  • ✅ Treat unexpected messages about bookings as suspicious
  • ✅ Verify any issue by logging directly into Booking.com (not via links)
  • ✅ Be cautious of urgent payment or “verification” requests
  • ✅ Monitor email and messaging apps for phishing attempts

   

Anthropic Mythos

  AI giant Anthropic announced a new model called Mythos..
Mythos finds security flaws in software. Windows, MacOS, Linux, browsers, aps, ANYTHING.

 This prompted a urgent meeting with the Treasury Secretary, the Federal Reserve, and Wall Street executives.

 Given the scope of this tool  it might be good to use more acceptance to offered patching.

WARNING from FBI, NSA, CISA and Department of Energy - Ireanian hackers

 Collective alarm from US government agencies citing Iranian attacks in US Critical Infrastructure via exploits in Programmable Logic Controllers (PLCs).

 Mutually Assured Disruption

A report cites 5,200 device reachable on the Internet.

 

Russia spy agency reported to be hacking into home and small business routers

 As a follow on to the recent blog post of  March 30 where the FCC has banned almost all consumer grade routers not made in the United States - a Russian spy agency was recently found to be hacking into TP-Link and MicroTik routers with known vulnerabilities to route victim's Internet traffic to servers under the control of Russian hacking unit known as Fancy Bear.

 The intent is to steal passwords and OAuth tokens to gain access th those accounts.

 The FBI has secured a court order allowing them to effectively hack into the affected routers and remove the dodgy DNS records.
 

 

ClickFix exploits on the rise

 

ClickFix tricks users into running malicious commands themselves by pretending they’re “fixing” a problem or completing a verification.

Why ClickFix is so dangerous

• ✅ Bypasses security tools – the action looks legitimate
• ✅ Cross‑platform – Windows, macOS, and Linux are all targeted
• ✅ No vulnerability required – exploits human behavior instead
• ✅ Very fast – compromise can happen in seconds

Microsoft and other vendors report ClickFix has surpassed traditional phishing in some environments as an initial access method

Common ClickFix disguises you’ll see

• Fake “I am not a robot” CAPTCHA
• Fake Cloudflare verification
• Fake Windows Update screen
• “Browser error – fix required”
• “Document failed to load – run this to fix”
• Fake IT support instructions 
  
  
  Legitimate websites will NEVER ask you to paste commands into Terminal, PowerShell, or Run to verify or fix something.
   

FCC recent ban on all foreign made routers

 

In March 2026, the Federal Communications Commission (FCC) added all foreign‑made consumer‑grade routers to its “Covered List”, which means new router models that are made (or even partially made) outside the U.S. can no longer be approved for sale or import in the United States.

This is implemented through the FCC’s equipment authorization process—if a device can’t get FCC authorization, it can’t legally be imported or sold.No existing routers  

No existing routers are banned, consumers may continue to use them, firmware updates can continue.

BUT, this may make us more insecure s consumers may continue to use older routers

https://www.malwarebytes.com/blog/news/2026/03/new-fcc-router-ban-could-leave-home-networks-less-secure

Apple Released Air Pods firmware updates

 As of March 25, 2026, Apple’s latest AirPods firmware is version 8B39 — but it depends on which AirPods model you have.

✅ Latest firmware by model

• AirPods Pro (3rd generation): 8B39 [macrumors.com], [iclarified.com]
• AirPods Pro (2nd generation, USB‑C or Lightning): 8B39 [macrumors.com], [iclarified.com]
• AirPods (4th generation, with or without ANC): 8B39 [macrumors.com], [iclarified.com]

Other models (unchanged in this release):

• AirPods Pro (1st gen): 6F21 [support.apple.com]
• AirPods (3rd gen): 6F21 [support.apple.com]
• AirPods (2nd gen): 6F21 [support.apple.com]
• AirPods Max (USB‑C): 7E108 [support.apple.com]
• AirPods Max (Lightning): 6F25 [support.apple.com]

ℹ️ Notes

• Apple released firmware 8B39 on March 24, 2026, primarily listing bug fixes and performance improvements. [macrumors.com]
• AirPods firmware updates install automatically when your AirPods are in their case, charging, near an iPhone/iPad/Mac connected to Wi‑Fi. [macrumors.com]