Cyber Security Headlines — November 11, 2025

Podcast: CISO Series
Host: Rich Stroffolino
Episode Focus: Fast-breaking stories in information security, including CISA reauthorization, electric bus cybersecurity, AI and privacy laws in Europe, ransomware insurance trends, major Oracle EBS attacks, new phishing threats, prosecution of ransomware facilitators, and EU radio station hacks.

Main Theme and Purpose

This episode delivers a concise overview of the most pressing cybersecurity developments as of November 11, 2025. Major focus areas include regulatory moves in the U.S. and Europe, evolving cybercriminal tactics, a spike in insurance claims, and prominent security incidents impacting organizations, public services, and critical infrastructure.

Key Discussion Points & Insights

1. CISA (Cybersecurity Information Sharing Act) Reauthorization

• Context: The 2015 CISA expired during the U.S. government shutdown, affecting information sharing frameworks.
• Senate Deal: A provisional bill would reauthorize CISA only until January 30, 2026, highlighting the law's uncertain future.
• Historical Moves: The House attempted to extend CISA by another decade, mirrored by a similar Senate bill, but progress was blocked by committee chair Rand Paul.
• Insight: The temporary extension underscores both the importance and the political vulnerability of foundational cybersecurity legislation.
• Quote:
  • Rich Stroffolino [00:37]:
    “This is only a temporary stay of execution, as the reauthorization would only go through January 30, 2026.”

2. Electric Bus “Kill Switch” and Connected Vehicle Risks

• Incident: Investigations in Norway and Denmark into electric buses from Dutch manufacturer VDL and Chinese manufacturer Yutong.
• Key Finding: Yutong’s system architecture gave the company digital access to each bus via over-the-air (OTA) updates.
• Response: Norway imposed stricter purchasing controls, and both countries are setting cybersecurity requirements for future contracts.
• Clarification: The concern is about all connected vehicles, not just those from China.
• Data Security: Yutong stores EU-region data in AWS European data centers with encryption and access restrictions.
• Quote:
  • Rich Stroffolino [01:42]:
    “This isn't a Chinese bus concern, but rather something to account for with any connected vehicle.”

3. Europe’s GDPR Overhaul for Artificial Intelligence

• Background: Draft EU legislation intends to simplify digital laws, with major updates to GDPR for AI applications.
• Details:
  • AI companies may gain exemptions to process protected data for model training.
  • Redefines personal data to exempt anonymized data.
  • Grants site/app owners broader rights to track users.
• Timeline: Full proposal will be unveiled November 19, 2025.
• Insight: The changes would significantly reshape privacy standards and expand legal leeway for AI development.
• Quote:
  • Rich Stroffolino [02:21]:
    “The draft creates exemptions to allow AI companies to process protected categories of data for training and operating models.”

4. Surge in UK Cyber Insurance Claims

• Findings:
  • Cyber insurance payouts rose from £60 million in 2023 to £197 million in 2024.
  • Ransomware comprised 51% of payouts, compared to 32% in 2023.
  • Policy adoption in the UK grew by 17% in 2024.
• Insight:
  • The escalation in both volume and severity of attacks is forcing an insurance reckoning in the UK market.

5. Oracle EBS Attack & Clop Ransomware Campaign

• Incident: The Clop group breached at least 29 organizations using a likely zero-day in Oracle E-Business Suite’s publisher integration component, exploited for two months.
• Victims:
  • Confirmed: Harvard, Washington Post, Envoy Air, Wits University
  • Other notable: Logitech, Cox Enterprises, Schneider Electric
• Data Leak: Clop published data from 18 organizations.
• Forensics: Evidence points to data originating in Oracle environments.
• Quote:
  • Rich Stroffolino [04:06]:
    “Some of the named entities [...] already confirmed a breach, but most of the named victims have confirmed an attack, including Logitech, Cox Enterprises, and Schneider Electric.”

6. Novel “Rapport-Building” Phishing Campaign Using AI

• Research: Veloxity studied a China-aligned APT (UTA0388) which used personalized, lengthy correspondence to build trust with victims.
• Techniques:
  • AI-powered (LLM) generation of phishing content and malware.
  • Campaign leveraged tailored social engineering, deviating from typical “fire-and-forget” methods.
• Red Flag: Messages often “lacked coherence,” suggesting limitations of unsupervised LLM usage.
• Quote:
  • Rich Stroffolino [05:04]:
    “This campaign marked a change in tactics for the group using extended conversations to build rapport with victims before delivering a payload.”

7. Prosecution of Ransomware Broker (Yanlo Wong attacks)

• Case: Russian national Alexei Volkov pleaded guilty to brokering access for ransomware crews from July 2021 through November 2022.
• Economics: Sold access for $1,000 per network; received 16-20% cut of ransomware payments.
• Restitution: Ordered to repay $9.1 million to six victims.
• Outcome: One victim successfully restored from backups and limited losses—a rare bright spot.
• Quote:
  • Rich Stroffolino [05:47]:
    “Volkov charged $1,000 for access to business networks with pilfered credentials and received shares of ransom payments from 16 to 20%.”

8. Ransomware Disrupts European Radio Stations

• Events:
  • Dutch broadcaster RTC Njord knocked offline; staff reverted to playing CDs and LPs on air during show.
  • On the same day, “Rezaida” ransomware group targeted Spanish station Kiss FM, demanding $300,000.
• Operational Impact: Emergency comms via WhatsApp, partial service restoration after days.
• Memorable Moment:
  • Rich’s tongue-in-cheek comment on DJs using “CDs and LPs to the delight of hipsters everywhere” [06:24].

Notable Quotes & Memorable Moments

• On CISA’s temporary fix:
  “This is only a temporary stay of execution…” — Rich Stroffolino [00:37]

• On connected vehicle security:
  “This isn't a Chinese bus concern, but rather something to account for with any connected vehicle.” — Rich Stroffolino [01:42]

• On GDPR draft changes:
  “The draft creates exemptions to allow AI companies to process protected categories of data for training and operating models.” — Rich Stroffolino [02:21]

• On changing phishing tactics:
  “This campaign marked a change in tactics for the group using extended conversations to build rapport with victims before delivering a payload.” — Rich Stroffolino [05:04]

• On the economics of ransomware brokerage:
  “Volkov charged $1,000 for access to business networks with pilfered credentials and received shares of ransom payments from 16 to 20%.” — Rich Stroffolino [05:47]

• On the RTC Njord hack:
  “...with a morning show resorting to playing music on CDs and LPs to the delight of hipsters everywhere.” — Rich Stroffolino [06:24]

Timestamps for Key Segments

• CISA Reauthorization: 00:30 – 01:18
• Electric Bus kill switches & OTAs: 01:19 – 02:05
• GDPR/A.I. Policy Changes: 02:06 – 02:53
• UK Cyber Insurance Report: 02:54 – 03:16
• Clop Ransomware/Oracle EBS: 04:00 – 05:00
• Phishing with Rapport & AI: 05:01 – 05:45
• Volkov Ransomware Broker Case: 05:46 – 06:10
• Radio Station Ransomware: 06:11 – 06:44

Episode Flow & Tone

Rich Stroffolino keeps the tone direct, slightly wry, and highly informative, moving quickly between headlines but offering enough context for listeners to understand the implications. There’s an undercurrent of wit, particularly in moments like the “delight of hipsters everywhere” aside, but the delivery remains professional and focused on actionable awareness for security practitioners.

Useful for Listeners Who Missed the Episode

This episode is essential for CISOs, security analysts, and policymakers needing a brisk but impactful orientation to fast-moving regulatory, technical, and threat trends. The cross-section of legislative, industrial, and criminal activity covered offers a snapshot of key challenges and responses shaping cybersecurity as 2025 draws to a close.