A

From the CISO series, it's Cybersecurity Headlines.

B

These are the cybersecurity headlines for Wednesday, October 29, 2025. I'm Sarah Lane. New Android Malware Types like a Human Researchers at Dutch cybersecurity firm ThreatFabric identified an Android banking malware called Herodotus, which evades detection by mimicking human typing during remote control of infected devices. It's said to be developed by an attacker known as Cairo and can steal credentials and intercept one time passcodes from banking and crypto apps. In Italy, Herodotus disguised itself as an app called Banka Secura, or Safe bank, and in Brazil it posed as Modulo Seguranca Stone, likely pretending to be a security module for a local payment provider. The human like nature, makes automated detection that much more difficult. Nation State Cyber ecosystems Weakened by sanctions A new report from the Royal United Services Institute, or rusi, finds cyber related sanctions alone rarely stop attacks, but can toxify threat networks by making operations more expensive and complicating collaboration. RUSI says that sanctions are most effective when paired with diplomatic, law enforcement and and intelligence actions. Recommendations include clarifying goals, targeting enablers, integrating sanctions cross domain and improving transparency on impact. Side channel attack extracts secrets from intel and AMD Researchers from Georgia Tech, Purdue and Synchronics have developed T Fail, a side channel attack that extracts secrets from DDR5 based trusted execution environments or TEAs, on Intel and AMD processors including SGX, TDX and SEV SNP with CipherText hiding using less than $1,000 of off the shelf equipment, the attack can capture cryptographic keys and compromise confidential virtual machines. The researchers recommend software countermeasures. AMD and intel both say that they consider physical attacks like this out of scope for mitigation. F5 claims limited impact from attack Multi cloud security and application delivery company F5 says a recent nation state breach had limited customer impact. Attackers accessed source code, configuration data and 44 undisclosed vulnerabilities, but most affected customers report the stolen Data is insensitive. F5 says it's continuing code scans with third party experts, expanding its bug bounty program and adding endpoint detection via crowdstrike. The company does say it expects short term revenue disruption in the first half of fiscal 2026. Huge thanks to our sponsor Conveyor. Have you been personally victimized by a questionnaire this week? The cue never ends, but Conveyor can change that story with AI that answers questionnair of any format and a trust center that handles document sharing. Security reviews get done without all the stress feel the calm in the chaos with Conveyor. Learn more at www.conveyor.com. oracle EBS attack Victims May be More than Expected More companies may have been hit by the Oracle E Business Suite zero day vulnerability, including Schneider Electric, Cox Enterprises and Pan American Silver. The CLOP Ransomware group has exploited the flaw to steal and leak data, and some victims, like Harvard University, have already confirmed breaches. The vulnerability lets unauthenticated attackers remotely execute code over HTTP, which prompted the FBI to warn that unpatched EBS systems are at immediate risk of full compromise. Oracle has released patches and urges customers to update immediately. FCC adopts new rule targeting Robocalls the FCC has adopted a new rule to combat robocalls, especially from overseas, by expanding what counts as caller identity information and requiring providers to verify and display accurate caller names. The rule mandates alerts for calls from foreign sources and blocks U.S. area codes on foreign origin calls. Pretty providers also need to offer things like brand logos or call purpose to help consumers make more informed decisions. Attackers sell Turnkey RAT A new remote access trojan called Atroposia is being sold as a plug and play malware kit, giving lower skilled attackers access to enterprise systems. It features hidden remote desktop sessions, credential and cryptocurrency theft, DNS hijacking, vulnerability scanning and persistent backdoors. Sold anywhere between 200 and $900 depending on the subscription at Triposia lets attackers exfiltrate data filelessly and manipulate systems undetected. Defenders are advised to focus on anti phishing measures, system patching, multi factor auth, and monitor user activity and network signals to to detect post compromise activity. Palo Alto Networks AI agents fight Cyber attacks Palo Alto Networks launched Cortex Agentix, a new suite of AI agents that automate cybersecurity actions like investigating threats and responding to email breaches, CEO Nikesh Arora told cnbc. The tools are designed to meet rising demand for automation amid more and more complex attacks, with most agents still needing human review. This comes after Palo Alto's $25 billion acquisition of Israeli identity security firm Cyberark. Truck Connections expand cybersecurity need at the American Trucking Association's 2025 conference, fleet technology leaders warned that trucking's growing reliance on digital platforms has amped cybersecurity risks. Rural Transport and Isaac Instruments executives said that fleets need to simplify tech stacks, continuously audit vendors and treat cybersecurity as shared accountability across partners. Fragmented systems and weak third party security are still major vulnerabilities while consolidating integrations and maintaining active vendor oversight were cited as the most effective defenses. If you'll be in New York City next week, you need to join us for a CISO Series Podcast recording will be recording at Faircon 25 on Wednesday, November 5th at the beautiful Glass House on 12th Ave. The conference is stacked with everything you'd ever want to know about cyber risk management. And if you want to join us for the show and the podcast recording, we've got a promo code to save you 75% off registration. Just head to the events page@cisoseries.com to register. If you have thoughts on the news from today or about our show in general, be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Sarah Lane reporting for the CISO Series and I'll talk to you tomorrow.

A

Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.