AI synthesis Microsoft warns of a "Photo ZIP" phishing campaign targeting hospitality organizations in Europe and Asia since April 2026, using photo-themed ZIP files to deliver a Node.js implant for persistent access.
What changed
Every report remains linked to its original publisher.
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in Europe and Asia. The campaign uses photo-themed ZIP archives and fake image shortcut files to deliver a persistent Node.js implant and evade detection. The ...
An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk machines, Microsoft says. The company has not attributed the activit...