Customer data from more than 350 hotels around the world may have been accessed as part of realistic reservation-hijacking scams. Travelers' information and booking details may have been stolen from hundreds of hotels around the world, according to new findings from security researchers. These swiped trip details, such as booking names and reservation information, are then being repurposed by cybercriminals to create highly targeted phishing messages used to steal credit card information. At least 350 hotels, vacation rentals, motels, and guesthouses in 50 different countries have been caught up in so-called reservation hijacking scams, according to an analysis of phishing messages and cybercriminal infrastructure by security company Norton. Researchers say the use of legitimate booking information in phishing messages may increase the chances that someone clicks on a fraudulent link and hands over other sensitive details to criminals.

An ethical hacker who just won major prizes at a prestigious international competition says her days of competing could be numbered due to the rise of AI tools like Claude Mythos. Valentina Palmiotti - better known as Chompie - was the most successful individual at the annual Pwn2Own hacking competition in Berlin. She told BBC News that, for now, AI tools were helping her to win bug bounties - money given to hackers who spot vulnerabilities in online systems before they can be exploited by cyber-criminals. But she said systems like Mythos were so powerful that even champion hackers like her would soon struggle to compete with them. AI has shaken the cyber-security world, with concerns focussing on Mythos in particular.

As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly. A decade ago, programs to reward researchers for submitting software vulnerability findings were just starting to go mainstream. Vulnerability disclosure and "bug bounty" programs represented a paradigm shift years in the making--moving institutions from hostility and defensiveness about security research findings to acknowledgement that receiving input and releasing fixes was necessary. When Apple finally announced a bug bounty in 2016, the top reward was $200,000. It rose to $1 million in 2019 and $2 million last year .

Plus: Instructure's Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more. The worst part of your iPhone getting stolen may not be the theft itself. Instead, it's the phishing attacks waged against people in your contacts. New research this week shows that there's a thriving ecosystem for tools that let criminals unlock iPhones and target the phone numbers they find inside. Foxconn, the electronics manufacturing giant known for its role in building iPhones, revealed this week that it recently "suffered a cyberattack."

Married doctor's affair with glamorous younger woman explodes into Fatal Attraction-style court war... X-rated photo claims, leaked recordings and a sinister threat: 'I'll never stop' NBA rocked as Grizzlies star Brandon Clarke dies suddenly at 29... a month after being arrested on drug charges The unassuming apps all cheaters use to hide their affairs: Where to look on your partner's phone to see exactly what they are up to... and the subtle red flags to never ignore I've treated so many cocaine users. This is the one sign that makes it so obvious you have a problem, how it can kill you in a night... and the embarrassing sexual side effect you may not have heard of: DR PHILIPPA KAYE Explosive Supreme Court LEAK reveals stinging whispers about'belligerent' justice read the wild rants troubling both sides of the aisle Surge in cancer patients taking 20 cent'wonder drug' after Mel Gibson claims that friends beat incurable disease thanks to drug The'marry me' sex move that'll make even the most commitment-phobic of men beg to see you again... and it worked for THREE of my friends Trump's chilling'treason' note revealed as he hunts down Iran war leakers... and Israel bombshell sparks fury Hollywood's $350k matchmaker exposes the secret love lives of the rich and famous: Diva demands, fake names, NDAs... and how to know if your relationship is doomed Secret trove of injury photos that blow apart married tech mogul's family-man image revealed in explosive lawsuit: Bruises, beatings and forced sex acts he allegedly inflicted on girlfriend Furious argument explodes on CNN after panelist flagged Kevin O'Leary's old age during foul-mouthed fight about politics He knew Elizabeth Taylor's secrets. Johnny Depp came to him for answers. But Hollywood's greatest confidante buried a betrayal that was too dangerous to expose Experts issue urgent warning over doing a'peace' sign in photos - amid fears hackers can steal your FINGERPRINTS and copy them Your latest selfie could be giving hackers everything they need to crack your accounts, experts have warned. Cybersecurity researchers have issued an urgent warning against doing a'peace' sign in photos, amid fears that criminals could steal your fingerprints.

Plus: Meta officially kills encrypted Instagram DMs, the Trump administration targets "violent left wing extremists," leaked documents reveal Russia's school for elite hackers, and more. Cramming for finals is bad enough without the platform you use to do your schoolwork suddenly shutting down. Unfortunately for countless students across the US, that's exactly what they faced on Thursday after Canvas went into "maintenance mode" following a ransomware attack on education tech firm Instructure. Hackers using the name ShinyHunters claimed responsibility for the breach, and experts say the chaos they caused shows how far these actors will go to extort their victims. Did you know that Google Chrome includes an automatic download of the Gemini Nano AI model?

Hackers and other cybercriminals are complaining about "AI shit" flooding platforms where they discuss cyberattacks and other illegal activity. "I'm disappointed that you are working to incorporate AI garbage into the site," one annoyed person, posting anonymously, said in an online message. "No-one is asking for this--we want you to improve the site, stop charging for new features." Only, this is not a regular internet user moaning about AI being forced into their favorite app . Instead, they are complaining about a cybercrime forum's plans to introduce more generative AI.

One group of hackers used AI for everything from vibe coding their malware to creating fake company websites--and stole as much as $12 million in three months. The advent of AI hacking tools has raised fears of a near future in which anyone can use automated tools to dig up exploitable vulnerabilities in any piece of software, like a kind of digital intrusion superpower. Here in the present, however, AI seems to be playing a more mundane, if still concerning, role in hackers' toolkit: It's helping mediocre hackers level up and carry out broad, effective malware campaigns. That includes one group of relatively unskilled North Korean cybercriminals who've been discovered using AI to carry out virtually every part of an operation that hacked thousands of victims to steal their cryptocurrency. On Wednesday, cybersecurity firm Expel revealed what it describes as a North Korean state-sponsored cybercrime operation that installed credential-stealing malware on more than 2,000 computers, specifically targeting the machines of developers working on small cryptocurrency launches, NFT creation, and Web3 projects.

Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people's Signal accounts, and more. The United States and Israel's war with Iran has now been ongoing for two weeks, and the bombs continue to fall. But many of Iran's missiles are failing to hit their targets. WIRED's team in the Middle East detailed how countries in the Gulf region are intercepting these weapons . Of course, the international conflict is not just happening in the physical realm.

AI coding platform's flaws allow BBC reporter to be hacked The BBC has been shown a significant - and unfixed - cyber-security risk in a popular AI coding platform. Orchids is a so-called vibe-coding tool, meaning people without technical skills can use it to build apps and games by typing a text prompt into a chatbot. Such platforms have exploded in popularity in recent months, and are often heralded as an early example of how various professional services could be done quickly and cheaply by AI. But experts say the ease with which Orchids can be hacked demonstrates the risks of allowing AI bots deep access to our computers in exchange for the convenience of allowing them to carry out tasks autonomously. The BBC has repeatedly asked the company for comment but it has not replied.