.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Food delivery company GrubHub.
The Take: GrubHub said that, depending on the affected individual, the attackers gained access to names, email addresses, and phone numbers, as well as partial payment card information (including card type and last four digits of the card number) for some campus diners.
The Vector: The investigation found that the intrusion originated with an account belonging to a third-party service provider that provided support services to Grubhub.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Cybersecurity Dive: Employees attempting to use a company device to access Chinese tech startup DeepSeek’s wildly popular artificial intelligence app could inadvertently be exposing their organization to threats such as cyberespionage, experts warned.
Dark Reading: Many cybersecurity leaders kick off each new year with predictions for the year to come. You may have seen a deluge of them over the last month or so: "Cyberattacks will continue to be a problem." "This certain country will ban ransom payments."
Private Equity Wire: The report indicates that 27% of investors now prioritise cybersecurity in operational due diligence conversations, reflecting heightened awareness of digital threats in the private capital industry.
MSN/Reuters: SailPoint said it was targeting a valuation of up to $11.5 billion in its New York flotation, as the cybersecurity firm looks to go public again in the United States after more than two years.
Investment News: The constantly evolving landscape of third-party risks that are seen by Finra staff have been highlighted in its 2025 Regulatory Oversight Report.
CNBC: DeepSeek said it would temporarily limit user registrations “due to large-scale malicious attacks” on its services, though existing users will be able to log in as usual.
Dark Reading: In its first full day, the Trump administration axed all advisory committee members within the Department of Homeland Security, including the people that make up the Cybersecurity and Infrastructure Security Agency's (CISA) Cyber Safety Review Board (CSRB).
Yahoo Finance: Cognizant and CrowdStrike announced a strategic partnership to drive enterprise security transformation by delivering cybersecurity services, powered by the AI-native CrowdStrike Falcon® cybersecurity platform.
TechCrunch: During his first day in office, President Donald Trump revoked a 2023 executive order signed by former President Joe Biden that sought to reduce the potential risks AI poses to consumers, workers, and national security.
