DoorDash Confirms Data Breach After Hackers Access Users’ Personal Data
Food delivery platform DoorDash has publicly acknowledged a cybersecurity incident that compromised the personal information of an undisclosed number of users. The breach stemmed from a social engineering attack targeting a company employee and represents a growing threat vector that enterprises continue to struggle with despite years of security awareness training. According to DoorDash’s official statement, the incident began with a social engineering scam targeting a single employee.
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks
Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East. The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka GalaxyGato, Nimbus Manticore, or Subtle Snail), which was first documented by the threat intelligence firm early last year.
Novel RONINGLOADER loader leveraged in Dragon Breath APT attacks
RONINGLOADER’s multi stage chain, AV tampering and DLL injection into regsvr32 for Gh0st RAT delivery provides fresh artifacts and behavior for defenders to codify into EDR detections and sandbox analysis workflows.
Eurofiber Data Breach – Hackers Exploited Vulnerability to Exfiltrate Users’ Data
Eurofiber France has disclosed a significant cybersecurity incident detected on November 13, 2025, involving a software vulnerability in its ticket management platform and customer portals. The breach resulted in unauthorized data exfiltration affecting multiple service brands and regional divisions. However, the company reports that critical financial information and customer services remained secure throughout the incident. The compromised systems include the ticket management platform used by Eurofiber France and its affiliated regional brands Eurafibre, FullSave, Netiwan, and Avelia as well as the ATE customer portal serving Eurofiber Cloud Infra France.
Malicious Npm Packages Abuse Adspect Cloaking in Crypto Scam
Malicious npm packages are using unique anti-evasion and targeting tactics to identify and redirect victims to cryptocurrency-themed scam websites, researchers have found. Socket Threat Research discovered seven malicious packages on the npm repository sitedistributed by a threat actor with the online user profile “dino_reborn,” according to a blog post published Monday. The actor created a malware campaign that presents fake websites constructed by one of the packages that can determine if the visitor is a victim or a security researcher, and then proceed accordingly to mask its activities.
DUTCH POLICE TAKES DOWN BULLETPROOF HOSTING HUB LINKED TO 80+ CYBERCRIME CASES
Dutch police Politie, seized 250 servers running an unnamed bulletproof hosting service used solely by cybercriminals. Active since 2022, it appeared in over 80 cybercrime investigations. “In an investigation into a rogue hosting company, the East Netherlands cybercrime team seized thousands of servers.” reads the press release published by Politie. “According to the police, the hosting company is used solely for criminal activities. Research shows that the company has appeared in more than 80 investigations into cybercrimes at home and abroad since 2022 and has recently continued to be used for criminal activities.” Dutch police took thousands of virtual servers offline. The move blocks criminal use and enables further investigation.
