From government transparency battles to major corporate breaches, the cybersecurity world faces a turbulent week.
Sheridan, WY, 17 November 2025 – The cybersecurity landscape has seen another intense week, marked by government pressure, corporate breaches, large-scale supply chain attacks, and the return of a notorious malware operation. Here’s a clear breakdown of the latest developments shaping global digital security.
Senate Pushes CISA to Release Withheld Telecom Security Report
The US Senate unanimously passed a resolution in July requiring the Cybersecurity and Infrastructure Security Agency (CISA) to release a long-delayed report on weaknesses in the telecommunications sector. Months later, the report remains unpublished.
Senators Ron Wyden and Mark Warner have renewed their demand in a strongly worded letter to the Department of Homeland Security, arguing that withholding the findings harms the wider cybersecurity community. They stressed that understanding telecom vulnerabilities is crucial, especially after incidents like the 2024 Salt Typhoon attack and another recent breach affecting a major network equipment provider.
CISA has not yet responded, leaving the report’s release uncertain.
Logitech Hit by Zero-Day Attack
Computer accessory maker Logitech disclosed in a regulatory filing that it suffered a zero-day attack that allowed an unknown threat actor to copy data from its internal IT systems. The breach stemmed from a vulnerability in third-party software, which was patched after the vendor released an update.
The company believes the stolen information may include limited employee and consumer data, as well as details about customers and suppliers. Logitech noted that highly sensitive information, such as national ID or credit card numbers, was not stored in the affected system.
Massive npm Attack Floods Registry with 78,000 Malicious Packages
A new supply chain threat is overwhelming the npm software registry. Researcher Paul McCarty from SourceCodeRed revealed that a worm, dubbed “IndonesianFoods,” has published over 78,000 malicious packages, nearly doubling the number of known harmful packages on npm.
The attack appears to be a long-running, coordinated campaign using 55 fake npm user accounts. The packages mimic legitimate Next.js applications but replicate themselves once installed, spreading junk packages that can later deliver more serious malware. Developers are advised to review recent npm dependencies and remain cautious.
Lumma Stealer Malware Makes a Comeback
Following an earlier disruption effort, the Lumma Stealer malware has resurfaced with new techniques. According to Trend Micro, the updated version now hides inside Microsoft Edge Update installers and uses process injection to blend into Google Chrome processes.
It also employs browser fingerprinting to gather detailed system information. By operating within trusted browser processes, the malware becomes harder for security tools to detect.
DoorDash Suffers Another Data Breach
Food delivery company DoorDash reported yet another security incident, the third in recent years. Attackers accessed user information, including names, phone numbers, and physical and email addresses.
The company traced the breach to a social engineering attack involving one of its employees. DoorDash previously suffered a phishing attack in 2022 and a third-party provider–related leak in 2019. While current evidence does not indicate fraud or identity theft, customers are warned to be cautious of suspicious messages referencing their personal information.