Here is the most recent Cybersecurity news for the past week:
🏨 Booking.com Confirms Unauthorized Access to Guest Reservation Data
Online travel giant Booking.com has begun notifying customers that hackers accessed information associated with their travel reservations. While the company stated that customer accounts were not fully breached and financial data remains secure, the exposed information includes names, email addresses, phone numbers, and details shared with accommodations. The company claims the issue is fully contained but has not disclosed the total number of affected users.
https://www.securityweek.com/booking-com-says-hackers-accessed-user-information
🎮 Rockstar Games Targeted by “Pay or Leak” Extortion Demand
The threat group ShinyHunters has issued a ransom deadline to Rockstar Games, claiming to have compromised the video game publisher’s Snowflake instances via third-party analytics vendor Anodot. The attackers posted the ultimatum on their dark web leak site, threatening to publish stolen data if their demands are not met by April 14. Anodot recently experienced offline data collectors, lending credence to the supply chain breach claims.
đź“„ Adobe Issues Emergency Patch for Exploited Acrobat Reader Zero-Day
Adobe has rushed out a critical security patch to address an actively exploited zero-day vulnerability (CVE-2026-34621) in Acrobat Reader. The severe flaw involves prototype pollution, which allows threat actors to achieve arbitrary code execution by socially engineering victims into opening specially crafted, malicious PDF documents. Administrators are strongly urged to prioritize these updates immediately due to active exploitation in the wild.
đź’Ľ AI Recruiting Platform Mercor Hit with Class-Action Lawsuits After Breach
Mercor, a recruiting company specializing in artificial intelligence industry professionals, is facing multiple class-action lawsuits in California federal court following a data breach. The plaintiffs allege that the company failed to implement basic cybersecurity practices and did not adequately train staff to prevent the breach, claiming damages related to negligence, breach of privacy, and violation of state unfair competition laws.
đź’» SAP Patch Day Addresses Critical SQL Injection and DoS Flaws
SAP has rolled out its monthly Security Patch Day updates, addressing 19 new security notes including a near-maximum severity flaw (CVE-2026-27681). This critical SQL injection vulnerability in SAP Business Planning and Consolidation carries a CVSS score of 9.9 and could allow threat actors to execute arbitrary database queries, potentially leading to a complete compromise of the affected application.
