.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Digital payments giant PayPal
The Take: Hackers had access to names, addresses, Social Security numbers, individual tax identification numbers and dates of birth.
The Vector: The threat actors behind the PayPal breach used a tactic called credential stuffing, where attackers use stolen username/password combinations from one data breach to attempt to log into other websites and services.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Investment News: The constantly evolving landscape of third-party risks that are seen by Finra staff have been highlighted in its 2025 Regulatory Oversight Report.
PYMNTS: Cybersecurity is a major concern for CFOs of middle-market firms, especially those facing high uncertainty due to fluctuating demand, supply chain disruptions, or macroeconomic volatility. These challenges create financial strain and long-term strategic setbacks.
World Economic Forum: While the complexity of today's cyber environment is daunting, our focus at the World Economic Forum's Centre for Cybersecurity must be on translating this complexity into concrete actions that organizations can implement to enhance their resilience.
GlobeNewswire: Rise in cyber threats and surge in remote work trends are the factors expected to propel the growth of the global cybersecurity market. However, factors such as high implementation costs and a shortage of skilled professionals are anticipated to hamper the growth of the global market.
CSO Online: As chairman of the board for Cinturion Group, Richard Marshall is intimately involved in ensuring the security of the fiber optic network his company is constructing from India through the Middle East and on to Europe.
CNBC: DeepSeek said it would temporarily limit user registrations “due to large-scale malicious attacks” on its services, though existing users will be able to log in as usual.
MarketScreener: India's central bank said its chief has urged banks to tighten their oversight on cybersecurity issues and to have systems in place that can prevent digital fraud.
The Target: Otelier, previously known as MyDigitalOffice, is a cloud-based hotel management solution used by over 10,000 hotels worldwide to manage reservations, transactions, nightly reports, and invoicing.
The Take: The small samples seen by BleepingComputer include a broad range of data, including hotel guest reservations, transactions, employee emails, and other internal data. Some of the personal information exposed includes hotel guests' names, addresses, phone numbers, and email addresses.
The Vector: The threat actors behind the Otelier breach told BleepingComputer that they initially hacked the company's Atlassian server using an employee's login. These credentials were stolen through information-stealing malware, which has become the bane of corporate networks over the past few years.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Business Wire: As organizations expand their digital ecosystems, the complexity of managing firewall policies across hybrid and multi-cloud environments continues to rise.
