Hospitality industry targeted by persistent Node.js malware via photo-themed phishing (opens in new tab)

Microsoft Threat Intelligence has uncovered a multi-stage cyberattack campaign targeting the hospitality industry in Europe and Asia since April 2026. The threat actors use "authentication laundering" by abusing legitimate services like Calendly and Google redirects to bypass email security filters. Phishing lures often involve guest complaints or room inquiries to trick staff into downloading malicious ZIP archives containing fake image shortcuts. <a href="