United we stand, divided we fall…and by fall, we mean succumb to the advanced cyber-schemes lobbed at the travel industry.

The hospitality sector may not be the industry hardest-hit by cybercriminals (that would be the manufacturing industry, as per IBM’s 2026 X-Force Threat Intelligence Index report), but Booking.com CSO Marnie Wilking told IT Brew that it has drawn more malicious attention in recent years, making it essential for everyone in the industry to work together and stay up-to-date with the threats.

“It’s definitely become more targeted over the last several years, especially post-Covid, when travel really picked back up again, and has really gone crazy since then,” Wilking said. “So, there’s clearly quite a bit of money to be made there.”

What are threat actors up to these days? Unsurprisingly, Wilking said AI is making phishing emails more polished, and helping malicious actors create convincing fake property listings on Booking.com and other marketplace websites.

More about the inside of the company’s strategy against fraud.—BM

Like many people in their mid-twenties, the Common Vulnerabilities and Exposures (CVE) program, a cornerstone of the cybersecurity industry, is having a quarter-life crisis.

At RSAC 2026, CVE board members voiced their concerns about the longevity of the 26-year-old vulnerability catalog program, which is sponsored by CISA and managed by the MITRE Corporation, as it faces financial and administrative hurdles.

Uphill battle. Katie Noble, director of product security incident response team (PSIRT) and bug bounty at Intel, told the audience that funding remains a large issue for the CVE program, along with the “human glue” holding it together. Last April, the cybersecurity industry erupted when federal funding for the CVE program almost expired; after that, CISA extended its contract for another 11 months.

“The board, we’ve tried for years to highlight issues, and sometimes they get through and sometimes they don’t,” Noble said. “I don’t think that we can afford to continue at the pace with the tools that we currently have in order to make real progress. I think we’re just going to be left in the dust.”

The program faces bureaucratic and financial hurdles.—BM

Even during a tenuous two-week ceasefire, hacktivist actors are using the US-Israel war with Iran to hit online targets with distributed denial-of-service (DDoS) attacks, according to new reports.

Ashley Bather, senior intelligence analyst at Intel 471, said that while the company has seen Israeli entities be targeted by “massive amounts” of attacks, organizations in the Gulf region who do business with the US have also found themselves in the crosshairs.

Intel 471’s blog breaks down how observed incidents have been claimed not only from pro-Iran groups, but also from pro-Russian ones.

DDoS attacks, Bather said, are “a very easy way for threat actors to show quick participation in any kind of form…They don’t have to sit and develop malware, or try to join a group that lets them work with ransomware or join an affiliate program—it’s very simple.”

More on the conflict’s impact.—CN

CollabWORK connects you to the hidden job market through IT Brew and other trusted channels. Browse roles curated specifically for this community by clicking through to the job board.