![Cybersecurity News | Daily Recap [14 Nov 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [14 Nov 2025]")
Daily Recap, Akira ransomware funds and CISA warnings highlight an imminent threat to Nutanix VMs, while the ransomware ecosystem shows fragmentation with LockBit and Kraken enhancing encryption strategies. The batch of breaches, exploits, phishing, and policy shifts underscores a widening threat landscape across data breaches, DDoS, auth-bypass flaws, and AI-assisted espionage. #Akira #CISA #Nutanix #LockBit #Kraken #Checkout.com #WashingtonPost #Oracle #DoorDash #DDoS #FortiWeb #Imunify360 #ImunifyAV #CiscoISE #CitrixBleed #ASUS #ChatGPT #Claude #Lighthouse #ANY.RUN #Zimbra #Rhadamanthys #VenomRAT #Elysium
Ransomware & Extortion
- Akira operators have siphoned off roughly $244Mβ$250M in ransoms and are flagged by CISA as an βimminent threatβ targeting Nutanix VMs β Akira Funds, Akira CISA, Akira FBI
- The ransomware scene is fragmenting as LockBit resurfaces, Kraken adds system-benchmarking to optimize encryption, and attacks jumped 30% in October β Ransomware Shift, Kraken Benchmarks, Ransomware Rise
Major Breaches & Disruption
- Payment processor Checkout.com disclosed a data breach after an extortion attempt and says it refused the ransom despite exposure of old merchant files β Checkout Breach, Checkout Refusal
- The Washington Post reports nearly 10,000 employees and contractors were impacted by an Oracle-related hack affecting internal data β WP Oracle, WP Impact
- DoorDash disclosed a new October breach via social engineering that exposed customer, Dasher and merchant data, marking another incident for the platform β DoorDash Breach
- A DDoS attack disrupted multiple Danish government and defense websites, causing service outages for public portals β Denmark DDoS
Vulnerabilities & Exploits
- Critical path-traversal and auth-bypass flaws in Fortinet FortiWeb are being actively exploited to create admin users; users should update and audit management interfaces β FortiWeb Flaw, FortiWeb PoC
- Flaws in Imunify360 and ImunifyAV could enable remote code execution and full-system compromise on millions of Linux-hosted sites, prompting urgent patches β Imunify360 Flaw, ImunifyAV RCE
- ASUS warns of a critical auth-bypass flaw in its DSL-series routers that could allow unauthenticated access to device management β ASUS DSL Flaw
- A vulnerability in ChatGPT implementations exposed underlying cloud infrastructure, highlighting risks from model integrations β ChatGPT Flaw
<liAn advanced APT leveraging simultaneous zero-days in Cisco ISE (RCE) and Citrix Bleed was exposed, and CISA updated guidance for patching Cisco devices amid China-linked targeting β Amazon APT, CISA Cisco Guidance
AI Abuse & Phishing Kits
- China-linked actors automated espionage using Anthropicβs Claude (reportedly powering 90% of the campaign), demonstrating AI-assisted intrusion at scale β Claude Abuse, AI-Powered Espionage
- Google says the Chinese βLighthouseβ phishing kit was disrupted following legal action, limiting a major phishing infrastructure β Lighthouse Disrupted
Phishing, Malware & Takedowns
- Russian-speaking actors created over 4,300 fake travel booking sites to steal hotel guestsβ payment data in a large-scale, multilingual phishing campaign β Fake Travel Sites
- Researchers using ANY.RUN dissected a multi-domain Indonesian phishing operation exposing cloned Zimbra login pages and GH0STnet hosting, mapping TLS/SNI and second-stage infrastructure β Indonesian Phish
- Phishing targeting customers of a major Italian web-hosting provider was observed, highlighting supply-chain credential risks β Italian Hosting Phish
- A fake Chrome extension named βSaferyβ steals Ethereum wallet seed phrases via a Sui-based trick, and an IndonesianFoods worm flooded npm with ~100,000 malicious packages; law enforcement also took down >1,000 servers linked to Rhadamanthys, VenomRAT and Elysium β Safery Extension, IndonesianFoods Worm, Mass Takedown
Policy, Guidance & Industry
- A list of the top 100 U.S. cybersecurity leaders shaping industry strategy was published β Top 100 Leaders
- Two key cyber laws (including CISA-related state/local grants) were reinstated as the president signed a bill to end the shutdown, restoring program funding β Cyber Laws Return
- Kazakhstan enacted an online ban on alleged βLGBT propaganda,β expanding digital content restrictions in the region β Kazakhstan Ban
- Practical defenses: updated guidance on Kerberoasting in 2025 outlines steps to protect service accounts and reduce ticket-based credential theft risk β Kerberoasting Guide
- Android reports a major drop in memory-safety bugs as Rust adoption accelerates, improving platform memory safety and developer productivity β Android Rust