Top 5 Cybersecurity News Stories November 14, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests’ Payment Data

A Russian-speaking hacking group has created more than 4,300 fraudulent travel websites impersonating global brands such as Booking.com, Agoda, and Airbnb to steal credit card information from unsuspecting victims. The campaign, active since early 2025, delivers phishing emails containing fake reservation confirmations and redirects users to cloned sites in 43 languages.

Victims are tricked into entering payment details, including CVV and expiration dates. Researchers observed peaks of over 500 new malicious domains registered in a single day, reflecting the scale and automation of the operation. The campaign highlights evolving phishing sophistication in digital tourism fraud.
Read more on The Hacker News

2. DoorDash hit by new data breach in October exposing user information

DoorDash has confirmed a cybersecurity breach in October 2025 involving unauthorized access to a third-party vendor’s systems. The incident exposed customer and delivery-driver information, including names, phone numbers, addresses, and partial payment-card details. DoorDash stated that passwords and full financial data were not compromised.

The company has launched a forensic investigation, engaged law enforcement, and strengthened security measures with its vendors. This marks the second significant security event for the company in two years, underscoring the ongoing risks associated with outsourced service providers and the growing importance of supply chain cybersecurity for consumer platforms.
Read more on BleepingComputer

3. Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws

Amazon’s security team has uncovered a series of cyberattacks targeting enterprise infrastructure through unpatched Cisco devices. Attackers exploited multiple vulnerabilities in Cisco software to gain unauthorized network access, install rootkits, and establish persistent control over compromised systems.

The campaign focused on exploiting weaknesses in remote management interfaces to infiltrate large-scale corporate networks. Amazon reported no direct impact on its customer data but emphasized the urgency of immediate patching. The incident highlights the critical importance of maintaining secure configurations and timely updates for network appliances used in enterprise and cloud environments.
Read more on The Hacker News

4. Greece arrests man in Europol’s global ‘Endgame’ operation against cybercrime

Greek police have arrested a 38-year-old Albanian national in Athens during Europol’s global Operation Endgame, a coordinated crackdown targeting major cybercriminal networks. The suspect is accused of developing and distributing the VenomRAT malware, which enabled remote surveillance, credential theft, and cryptocurrency fraud across thousands of victims worldwide.

The operation, conducted across ten countries, dismantled over 1,000 servers, seized twenty domains, and uncovered access to more than 100,000 cryptocurrency wallets. Authorities also recovered approximately $140,000 in digital assets during the raid. Europol described the takedown as one of the largest global actions against remote-access Trojan operators.
Read more on Reuters

5. Washington Post data breach impacts nearly 10K employees, contractors

The Washington Post has confirmed a data breach affecting almost 10,000 employees and contractors, linked to a wider exploitation campaign of Oracle’s E-Business Suite platform. The attackers gained unauthorized access through a zero-day vulnerability, compromising personnel data such as contact information and internal records.

The breach, which follows a series of attacks on organizations using the same Oracle system, underscores growing concerns over software supply chain security. The Washington Post has engaged cybersecurity experts and federal authorities to investigate and strengthen its network defenses, emphasizing transparency and swift remediation efforts.
Read more on BleepingComputer

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information, please contact us now!