Weekly cybersecurity bulletin: the 5 most relevant news (10-14 November 2025)

Like every Friday, we collect the most relevant news from the digital world. Data breaches, mobile attacks, phishing campaigns and cyberattacks aimed at public infrastructure configure an environment where cybersecurity is key to trust and resilience.

‍

Data breach at Banco Santander: thousands of customers affected by a new cyberattack

A China-based hacker group specialized in phishing platforms has compromised more than 10,000 Banco Santander customer records, including names, phone numbers and account numbers. Although it has not yet been officially confirmed within the entity, the modus operandi is reminiscent of the recent attack on another Spanish entity. The operation is aimed at a coordinated campaign of massive theft of personal data to sell them or use them in financial fraud.

‍

The rise of cyberattacks on Black Friday and Cyber Monday: What you should know before buying online

During the season of intensive offers, the volume of transactions and web traffic skyrocket, making this period a perfect target for attackers. Phishing, fake stores and e-commerce malware are on the rise. If you are going to make purchases online, paying attention to the details, ensuring the authenticity of the website and strengthening your access becomes essential.

‍

Fantasy Hub: the dangerous malware that spreads on Telegram and puts thousands of Android phones at risk

This Android trojan is marketed as a service (MaaS) through Telegram channels, allowing operators to control devices, intercept SMS, access bank accounts and spy on the user. The fact that it is available to actors with little technical knowledge poses a growing threat to private users and corporate environments that accept insecure mobile connections.

‍

Phishing at Google: the case that uncovers a $1 billion global scam

Google has filed a lawsuit against a Chinese group that operated a global phishing network, with more than one million victims in 120 countries and estimated losses of around 1 billion dollars. The attacking platform offered ready-to-use phishing “kits”, fraudulent domains and smishing services, evidencing the professionalization of digital crime.

‍

Cyberattack paralyzes the website of the Ministry of Labor and Social Economy, a key service for domestic workers

The Trabajo10 application and the official website of the Ministry of Labor and Social Economy, responsible for managing and recording the occupational risk assessments of domestic workers, were left out of service after a massive attack. Automated bots launched nearly 50 million requests, forcing the downfall of both platforms and forcing the blocking of more than 16,000 IPs to contain the incident. This attack highlights the fragility of critical public sector digital infrastructures and the urgent need to strengthen protection against automated attacks that can paralyze essential administrative services.

‍

Don't wait for the next attack: strengthen your digital security

At Apolo Cybersecurity, we help you assess vulnerabilities, train your team and reinforce your digital defense against increasingly sophisticated threats.