Best Western Breach Exposes Guests & a Worm Eats Open-Source Code 🚨

Two stories from today's threat landscape stand out — one hits travelers directly, the other quietly poisons the software that runs much of the modern web. Here's what you need to know.

🏨 Best Western's Parent Company Spent 6+ Months With an Intruder in the System

BWH Hotels — the parent of Best Western, WorldHotels, and Sure Hotels, spanning roughly 4,000 properties — disclosed that an unauthorized third party had access to a guest reservation web app from October 14, 2025 until it was finally detected on April 22, 2026. Exposed data includes names, email addresses, phone numbers, home addresses, reservation numbers, stay dates, and special requests. Payment data was stored elsewhere and is safe, but the bigger risk is phishing: attackers now hold highly detailed booking context, which makes follow-up scam emails, texts, and calls dangerously convincing.

If you've stayed at a Best Western property in the last year and a half, treat any inbound message referencing your booking as suspicious until you independently verify it.

Read more

🪱 A New Shai-Hulud Worm Just Hijacked 42 Popular Open-Source Packages

A fresh variant of the Shai-Hulud worm tore through 42 @tanstack/* npm packages — building blocks used by countless web apps — pushing 84 malicious versions on May 11. The worm cleverly abused GitHub Actions, stole authentication tokens straight out of the runner's memory, then harvested AWS, Google Cloud, Kubernetes, Vault, GitHub, and SSH credentials from every machine that installed the bad packages. It even rigged a "dead-man's switch" that triggers destructive actions if a victim tries to revoke the stolen token before cleaning up properly.

The takeaway: every business now depends on open-source code maintained by strangers, and a single compromised pipeline can cascade into thousands of organizations. If your team uses TanStack libraries, you need to audit installs, rotate credentials, and hunt for persistence — in that order.

Read more

Stay ahead of threats with GOCO Security at gocosecurity.com.