Cybersecurity Breach Wave: Critical Fortinet, SEC & DoorDash
November 18-21, 2025: A Defining Week for Enterprise Security
The final days of November 2025 delivered a sobering reminder that cybersecurity threats continue to evolve at breakneck speed. From critical infrastructure vulnerabilities to high-profile legal victories and sophisticated social engineering attacks, this week's developments underscore the persistent challenges organizations worldwide face.
SEC Drops Landmark SolarWinds Lawsuit in Surprising Reversal
In a joint motion filed November 20, 2025, the SEC, along with SolarWinds and its CISO Timothy G. Brown, asked the court to voluntarily dismiss the case. The Securities and Exchange Commission's decision to abandon its controversial lawsuit against SolarWinds marks a significant shift in cybersecurity enforcement policy.
The case, which began in October 2023, alleged that SolarWinds and CISO Timothy Brown misled investors about cybersecurity practices before the devastating 2020 supply chain attack. The landmark lawsuit — in which the victim of a cyberattack faced prosecution from the government — garnered pushback from dozens of cybersecurity leaders last year.
This dismissal brings relief to the cybersecurity community, which feared the case could discourage transparent security reporting and worsen the industry's talent retention crisis. The outcome suggests regulators may be reassessing their approach to holding breach victims legally accountable.
Critical Fortinet FortiWeb Vulnerabilities Under Active Exploitation
In November, two severe vulnerabilities in Fortinet's FortiWeb web application firewall were actively exploited in the wild. CVE-2025-64446 allows an attacker with no existing level of access to gain administrator-level access to the FortiWeb Manager panel and the websocket command-line interface.
CVE-2025-64446 is a relative path traversal vulnerability, CWE-23: Relative Path Traversal, that may allow an unauthenticated malicious actor to execute administrative commands on a system via specially crafted HTTP or HTTPS requests. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by November 25, 2025.
The situation has drawn criticism for Fortinet's "silent patching" approach, in which vulnerabilities were fixed in product updates without prior disclosure. Based on the information circulated by Defused, this new vulnerability is claimed to have been exploited in the wild in October 2025.
Organizations running affected FortiWeb versions should immediately update or disable internet-facing management interfaces while investigating potential compromise indicators.
Akira Ransomware Escalates Attacks on Construction Sector
The Akira ransomware operation continues its aggressive campaign against critical infrastructure, with construction and engineering firms increasingly in the crosshairs. Akira has claimed over $244 million in ransom payments as of late 2025, primarily from small- to medium-sized businesses but increasingly from larger organizations.
On November 13, 2025, the FBI, CISA, and international partners released an updated joint advisory on Akira, revealing evolved tactics, including faster encryption variants (Akira_v2) and new command-and-control tools such as Ngrok and SystemBC malware. The group's preference for construction targets stems from the sector's complex digital ecosystem, which involves multiple contractors, suppliers, and legacy systems with often insufficient cybersecurity controls.
Recent victims include engineering firms such as Bleyl Engineering, demonstrating that ransomware operators continue to target businesses that manage sensitive project data and maintain critical operational technology.
DoorDash Data Breach Exposes Social Engineering Risks
Food delivery giant DoorDash confirmed a data breach affecting customers, delivery workers, and merchants across four countries following a successful social engineering attack. DoorDash said a social engineering scam led to a data breach that exposed the personal information of consumers, gig workers, and merchants.
The data accessed in the scam included full names, phone numbers, email addresses, and physical addresses. However, the company says no Social Security numbers, ID numbers, driver's license information, or financial account information were taken. While the breach occurred on October 25, 2025, DoorDash only began notifying affected users on November 13.
According to Palo Alto Networks, social engineering has rapidly become the top cybersecurity threat for companies, accounting for 36 percent of all intrusions from May 2024 to May 2025 and surpassing both malware incidents and software vulnerability exploits.
Microsoft Security Updates and Industry Partnerships
Microsoft's November Patch Tuesday addressed more than 60 vulnerabilities, including an actively exploited zero-day tracked as CVE-2025-62215. The flaw, CVE-2025-62215, is a "race-condition and double-free flaw [that] enables a locally accessible, low-privileged attacker to corrupt kernel memory and escalate to system privileges,".
Meanwhile, Sophos announced significant milestones in Microsoft ecosystem integration. Sophos MDR for Microsoft environments has achieved Microsoft Verified Small and Medium Business (SMB) Solution Status through the Microsoft Intelligent Security Association (MISA), enhancing managed detection and response capabilities for organizations using Microsoft security tools.
Strategic Implications and Defensive Recommendations
This week's events highlight several critical trends reshaping the cybersecurity landscape. The SEC's SolarWinds reversal suggests a potential shift toward more collaborative regulatory approaches. At the same time, the Fortinet incidents underscore the ongoing risks of silent patching practices that leave organizations vulnerable.
Organizations should prioritize:
- Immediate patching of critical vulnerabilities, particularly for internet-facing infrastructure
- Enhanced social engineering awareness training following the DoorDash incident
- Implementation of robust backup and recovery procedures to counter evolving ransomware threats
- Regular security assessments of supply chain partners and contractors
The concentration of major security incidents in a single week demonstrates that cybersecurity remains a dynamic battlefield where preparation and rapid response capabilities determine organizational survival. As 2025 draws to a close, these developments serve as both a warning and a call to action for security leaders worldwide.
Sources:
