NationStates
February 3, 2026
•[ vulnerability, remote code execution, data leak ]
NationStates confirmed a data breach after taking its website offline to investigate a security incident. The operator stated that on January 27, 2026 a player reported a critical vulnerability, then exceeded authorized boundaries and obtained remote code execution on the main production server, allowing them to copy application code and user data. NationStates indicated the only way to restore confidence was to rebuild the server and determine what was accessed or copied, leading to site instability and downtime during response. The incident combines confirmed unauthorized access/data copying with operational disruption from the shutdown/rebuild.
At least one Booking.com user
January 7, 2026
•[ phishing, social engineering, malware ]
Research summarized by Cybernews described a ClickFix social-engineering campaign abusing Booking.com branding. Victims receive phishing emails about a cancelled reservation and a large charge; clicking through leads to a fake Booking.com page with a fake refresh flow and a simulated Blue Screen of Death. The page instructs the user to paste/run a malicious script (PowerShell) via Windows Run, which then fetches and executes remote code, disables Windows Defender, and establishes persistence with C2 connectivity. The link is campaign/threat-intel reporting and does not provide a single confirmed victim organization or a bounded incident count, but it describes successful infections driven by user-executed commands.
University of California San Diego (USArhythms subdomain)
June 22, 2025
•[ botnet, infrastructure compromise, remote code execution ]
CloudSEK and HackRead report the Androxgh0st botnet compromised a UC San Diego subdomain to host command-and-control/logging infrastructure using RCE and web shells; no confirmed data theft or service disruption reported.
