Cyber Security Headlines – August 19, 2025

Podcast: Cyber Security Headlines
Host: Rich Stroffolino
Episode Focus: Workday breach, post-quantum alliance, Chinese group targets Taiwan, major cybercrime developments, and emerging threats in infosec.

Episode Overview

This episode delivers a rapid-fire update on critical developments in cybersecurity, from a major Workday data breach to the formation of a post-quantum cryptography alliance. Host Rich Stroffolino highlights new threat actor activity against Taiwan, a high-profile hacker sentencing, vulnerabilities in AI platforms, and corporate cybersecurity leadership changes. The tone is direct, with a hint of wry humor, making it both informative and accessible for security professionals.

Key Stories and Insights

1. Workday Data Breach

[00:10]

• Workday, a human resources tech giant, confirmed a breach involving a third-party customer relationship database.
  • Exposed Information: Names, emails, and phone numbers likely compromised.
  • Company Position: No indication customer tenant data accessed, but cannot rule it out.
  • Noteworthy Detail: Workday’s blog post on the incident was intentionally hidden from search results using a noindex tag.
• Context: Consistent with a pattern of recent attacks on Salesforce-hosted databases.

Quote:

“Workday added a noindex tag to its blog post disclosing the breach so it didn’t surface in Search.”
—Rich Stroffolino [00:39]

2. Post-Quantum Cryptography Alliance

[00:46]

• IBM Consulting, Key Factor, Quantinuum, and Thales formed the Quantum Safe 360 Alliance.
  • Goal: Provide enterprises with guidance and support for post-quantum cryptography (PQC) transitions.
  • Released a white paper focusing on “crypto agility”—the ability to swiftly adapt to new cryptographic standards.
  • Essentially formalizes prior contractual relationships between these organizations.

Quote:

“Best practices for crypto agility, which it defined as the ability to swiftly adopt and implement quantum safe cryptographic standards that can evolve and adapt to emerging challenges.”
—Rich Stroffolino [01:08]

3. New Chinese Threat Actor Targeting Taiwan

[01:17]

• Cisco Talos researchers identified a new group: UAT 7237.
  • Primary Activities: Hacked a major Taiwanese web host, targeting VPN and cloud infrastructure belonging to its customers.
  • Operations: Part of a larger effort for long-term access and data exfiltration.
  • History: Active since at least 2022; likely an offshoot of espionage-focused group UAT5918.
  • Tools: Employs open-source utilities, including a custom shellcode loader.

Quote:

“This is part of a larger focus on long term access and data theft.”
—Rich Stroffolino [01:32]

4. Serial Hacker Sentenced

[01:43]

• A 26-year-old UK man was sentenced to 20 months in prison for an extensive hacking spree.
  • Crimes: Compromised 3,000+ sites (including Yemeni government and Israeli news), used scanners, and stole millions of records from Facebook, Netflix, and PayPal users.
  • Methods: Defaced sites with political and religious messages.
  • Arrest: 2022, following US law enforcement tip; plea entered in March 2025.

Quote:

“Sadly, this story has nothing to do with General Mills or the RS232 standard.”
—Rich Stroffolino [01:44]
(Humorous aside referencing the hacker’s nickname "serial hacker")

5. Casino Gaming Firm Bragg Humbled by Cyberattack

[03:20]

• Bragg Gaming Group disclosed unauthorized access to its internal environment.
  • Early findings: No personal data affected; no anticipated operational disruption.
  • Response: Outside cybersecurity experts engaged.
  • Industry Trend: Third major gaming firm breach in a year (after Ainsworth and International Game Technology in November).

Quote:

“Probably not ransomware.”
—Rich Stroffolino [03:35]

6. Grok Exposes AI Persona Prompts

[03:42]

• Xai’s Grok chatbot’s persona prompts were found publicly accessible via the web app’s Hydration JS.
  • Data included: Character backstories, quirks, tone, catchphrases, and instructions.
  • Exposure: Some prompts uploaded to GitHub; confirmed still online during reporting.
  • Risk: Insight into how AI persona shaping can be reverse-engineered.

Quote:

“...the underlying prompts for these Personas exposed in the Hydration JS on the Grok web app. This gives underlying character backgrounds, likes, dislikes, quirks...”
—Rich Stroffolino [03:47]

7. Banking Trojan Infrastructure Leak

[04:13]

• Huntio researchers discovered an open directory leaking V3 Ermac Android banking trojan source code and infrastructure details.
  • Included: Malware code, C2 server configs, obfuscator, hardcoded tokens, and default credentials.
  • Capabilities: Attacks over 700 apps, enhanced form injection, SMS theft, Gmail extraction.
  • Impact: Researchers used credentials to temporarily disrupt the malware-as-a-service operation and to gather indicators of compromise.

Quote:

“This allowed for a temporary disruption of Ermac malware as a service capabilities and provides better indicators of compromise going forward.”
—Rich Stroffolino [04:47]

8. Millimeter Wave Radar Used for Eavesdropping

[05:05]

• Research from 2025 ACM WISEC Conference showcased “wireless tap” eavesdropping on phone calls.
  • Method: Using millimeter wave radar (77-81 GHz) to reconstruct audio from phone earpiece vibrations at up to 3 meters.
  • Accuracy: About 59% at optimal 50cm range.
  • Implications: AI and sensor misuse risks highlighted.

Quote:

“The researchers used the project to highlight the evolving risks of artificial intelligence and sensor systems being misused as technology advances.”
—Rich Stroffolino [05:45]

9. Oracle’s Longtime Security Chief Ousted

[06:00]

• Bloomberg reports Oracle is parting ways with its first and longstanding CSO, Mary Ann Davidson, in a management shake-up.
  • Tenure: At Oracle since 1988; CSO since at least 2003.
  • Successor: Robert Dewhart, ex-Walmart CISO, now oversees day-to-day security.
  • Relevance: Exceptionally rare for the podcast to cover staffing changes, but Davidson’s significance merits mention.

Quote:

“...the biggest problem [CISOs] face often aren’t technical. Instead, they stem from a failure to translate conversations about risk to the rest of the business.”
—Rich Stroffolino [06:32]

Notable Quotes & Memorable Moments

• “This story has nothing to do with General Mills or the RS232 standard.” —Rich Stroffolino [01:44]
  (A classic cybersecurity podcast aside, poking fun at the “serial hacker” term.)

• “Workday added a noindex tag to its blog post disclosing the breach so it didn’t surface in Search.” [00:39]

• “...the ability to swiftly adopt and implement quantum safe cryptographic standards that can evolve and adapt to emerging challenges.” [01:08]

• “Probably not ransomware.” [03:35]

Episode Highlights by Timestamp

• Workday breach — [00:10 to 00:46]
• PQC Alliance — [00:46 to 01:17]
• Chinese group targets Taiwan — [01:17 to 01:43]
• Serial hacker sentenced — [01:43 to 03:20]
• Bragg Gaming breach — [03:20 to 03:42]
• Grok AI Persona leaks — [03:42 to 04:13]
• Ermac trojan leak — [04:13 to 05:05]
• Millimeter wave eavesdropping — [05:05 to 06:00]
• Oracle CSO ousted — [06:00 to 07:00]

Takeaways

• The episode underscores the diversity and concurrency of security threats: from third-party breaches and advanced persistent threats, to the exposure of AI system internals and management shakeups at the enterprise level.
• Ongoing vigilance against supply chain vulnerabilities and the evolving sophistication of both attackers and defenders is a central theme.
• Movement toward post-quantum readiness is beginning to formalize, with leading vendors aligning to help enterprises adapt.
• New research (e.g., on radar-based eavesdropping) continues to expand the attack surface in ways that challenge traditional security models.

For further details or to dive deeper into any story, visit CISOseries.com.