DoorDash and Pajemploi Breaches Highlight Growing Cyber Threats

On November 21, 2025, the cybersecurity landscape was rocked by significant data breaches and critical vulnerabilities. DoorDash confirmed a breach exposing customer and employee data, including names, email addresses, and physical addresses, due to a social engineering attack targeting an employee. While no payment information was compromised, millions of users across various countries could be affected.

In a separate incident, France's Pajemploi reported a breach impacting around 1.2 million individuals, including care providers. Exposed data included names, birthplaces, and social security numbers, leading to advisories against identity theft.

Additionally, zero-day vulnerabilities were prominent today, with Fortinet issuing a patch for CVE-2025-58034, a high-risk exploit in its FortiWeb product that facilitates unauthorized code execution. Another vulnerability, CVE-2025-11001, was disclosed in 7-Zip, allowing remote code execution via symbolic links in ZIP files.

Adding to the security challenges, Microsoft successfully mitigated a massive DDoS attack, peaking at 15.72 Tbps, attributed to the AISURU botnet, marking one of the largest recorded assaults against its Azure services.

Also In Security Today

Fortinet Patch: A critical patch is now available for CVE-2025-58034, affecting FortiWeb products. Organizations are urged to update immediately to mitigate risks associated with this zero-day exploit. More details here.
7-Zip Vulnerability: The remote code execution vulnerability (CVE-2025-11001) in 7-Zip requires immediate attention. Users should avoid using symbolic links in ZIP files until a patch is released. Learn more.
Identity Theft Concerns: Following the Pajemploi breach, vigilance against identity theft is crucial for affected individuals. Security experts recommend monitoring personal information closely. Read the advisory.
DDoS Attack Mitigation: Microsoft’s Azure services faced a massive DDoS attack that was effectively mitigated. This incident emphasizes the need for robust DDoS protection strategies for all online services. Details here.

Analyst's Take

Today's events underscore the escalating threat landscape, particularly from social engineering attacks and zero-day vulnerabilities. Organizations must prioritize employee training to recognize social engineering tactics and implement robust patch management strategies. The high-profile breaches at DoorDash and Pajemploi illustrate vulnerabilities in data handling and the importance of securing sensitive information. As attackers continue to exploit zero-day vulnerabilities, the industry must adopt proactive measures, including threat intelligence sharing and enhanced network defenses, to prevent future incidents.