Checkout.com Breach Highlights Legacy Risks Amid Ongoing Vulnerabilities

Checkout.com Breach Highlights Legacy Risks Amid Ongoing Vulnerabilities

On November 17, 2025, Checkout.com confirmed a data breach involving the hacking group ShinyHunters, which accessed data from an outdated, third-party cloud storage system. Although no sensitive payment information was compromised, this incident emphasizes the risks posed by legacy systems that linger in corporate environments. As organizations increasingly rely on cloud solutions, the necessity of regular audits and updates to legacy infrastructure cannot be overstated. This breach is a stark reminder that even companies with robust cybersecurity measures can be vulnerable if they do not address outdated assets effectively.

Also In Security Today

• FortiWeb Vulnerability (CVE-2025-64446): Fortinet reported an actively exploited vulnerability in its FortiWeb Web Application Firewall. Attackers can execute administrative commands via crafted HTTP/S requests, with a CVSS score of 9.1, indicating high severity. Urgent patches are recommended. More Info

• Cisco ISE Exploit (CVE-2025-20337): AWS security researchers identified hackers exploiting a zero-day vulnerability in Cisco's Identity Service Engine, posing risks to enterprise network access. Organizations are urged to monitor their network traffic closely until a patch is available. More Info

• Cl0p Ransomware Targets Oracle E-Business Suite: The Cl0p ransomware group confirmed new breaches affecting organizations like The Washington Post and Allianz UK, exploiting vulnerabilities in Oracle's E-Business Suite. Emergency patches have been issued by Oracle. More Info

• DoorDash Data Breach: DoorDash experienced a data breach due to a social engineering attack that compromised employee credentials, leading to unauthorized access to user data internationally. Organizations must enhance employee training to combat such tactics. More Info

Analyst's Take

Today's events reinforce the critical need for organizations to prioritize vulnerability management and timely patching of software. The Checkout.com breach serves as a cautionary tale about the hidden dangers of legacy systems, urging IT leaders to conduct thorough assessments of their infrastructure. Furthermore, the active exploitation of significant vulnerabilities like those in FortiWeb and Cisco ISE illustrates the ever-present threat landscape that defenders must navigate. Continuous training against social engineering tactics and maintaining a proactive security posture are essential strategies for organizations aiming to mitigate these risks effectively.