Cyber Briefing: 2025.10.29

X 2FA reset, Herodotus Trojan, npm malware, Paterson breach, M-TIBA leak, Oracle hacks, Chrome HTTPS default, Myanmar raid, US skips UN treaty.

Oct 29, 2025

👉 What’s trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. X Warns Users To Re-enroll Keys Soon

Social media platform X is urgently requiring users who rely on passkeys or hardware security keys for Two-Factor Authentication (2FA) to re-enroll their security method by November 10, 2025, or face an immediate account lock. This mandatory action is necessary to formally sever the link between these security keys and the old twitter.com domain and associate them with the new x.com domain as the company completes its full rebrand.

2. Android Trojan Herodotus Outsmarts Systems

A newly discovered Android banking Trojan named Herodotus is actively targeting users in Italy and Brazil to execute device takeover (DTO) attacks. Researchers note that Herodotus is specifically designed to bypass behavioral biometrics by mimicking human typing patterns with randomized delays in its remote actions.

3. Npm Packages Steal Developer Logins

Cybersecurity researchers have discovered a malicious campaign involving 10 typosquatted npm packages that deploy a sophisticated, multi-platform information-stealing malware targeting credentials on Windows, Linux, and macOS systems. The malware uses four layers of obfuscation, displays a fake CAPTCHA to hide its activity, and ultimately harvests sensitive data, including credentials from system keyrings, browsers, and authentication services, before exfiltrating the data.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Paterson & Dowding Data Breach Confirmed

Paterson & Dowding Family Lawyers in Western Australia has confirmed a cyber incident after the Anubis ransomware group claimed responsibility for accessing and leaking sensitive client and employee data. The firm immediately engaged external experts, reported the breach to relevant authorities, and is in the process of notifying all affected parties while conducting an internal investigation.

5. M-TIBA Faces Possible Data Breach

Kenya’s digital health sector is grappling with a major cybersecurity crisis after hackers claimed to steal over 2.15 terabytes of personal and medical data from M-TIBA, a mobile health platform backed by Safaricom. This alleged breach, touted as one of the largest in Kenyan history, potentially exposes the records of up to 4.8 million users, including highly sensitive information like medical diagnoses and national ID numbers.

6. Schneider And Emerson Hit By Oracle Hack

Cybercriminals, likely tied to the FIN11 profit-driven threat group, have named industrial giants Schneider Electric and Emerson as victims of a recent massive data theft campaign that exploited vulnerabilities in Oracle E-Business Suite (EBS) instances. Data allegedly stolen from both companies, with file sizes reaching into the terabytes, has been posted on the Cl0p leak website, and analysis suggests the information originated from an Oracle environment.

For more incidents click here!

Read Report

📢 Cyber News

7. Chrome Makes HTTPS Default For Sites

Google is significantly boosting user security by making HTTPS-only navigation the default setting in Chrome starting in October 2026 (Chrome 154). This change, which was successfully tested with a small user group, will automatically ensure connections are secure and display a warning for unencrypted (HTTP) sites, requiring explicit user permission to proceed.

8. Myanmar Scam Center Raided By Army

Following a military crackdown on a major online scam center (KK Park) near the Thai border, the flow of people fleeing Myanmar into Thailand has significantly slowed, even after more than 1,500 people had crossed in the preceding week. The raid and subsequent explosions, reportedly carried out by Myanmar’s military and a local Border Guard Force, targeted the cybercrime operation on the outskirts of the trading town Myawaddy, which is only loosely controlled by the military government.

9. US Refuses To Join UN Cyber Treaty

Over 70 nations signed the new U.N. Convention against Cybercrime in Hanoi, marking a historic global commitment to creating a coordinated, legally binding mechanism to fight digital crime. Though the U.S. was a notable holdout, this treaty establishes the first worldwide standards for sharing electronic evidence, criminalizing cyber-dependent offenses like online fraud and the non-consensual sharing of intimate images, and building international law enforcement capacity.

For more news click here

Check Events

📈Cyber Stocks

On Wednesday, 29th October, cybersecurity stocks closed broadly higher, extending their recent rally as investors continued to favor AI-driven and cloud security leaders. Optimism surrounding enterprise cybersecurity budgets, strong quarterly momentum, and elevated geopolitical cyber risks pushed most names into the green. The sector’s outperformance reflected sustained confidence that cybersecurity remains a key growth pillar amid global digital transformation and defense priorities.

CrowdStrike closed at $546.94, up 3.2%, driven by investor enthusiasm for its AI-powered Falcon platform and heightened awareness of global cyber threats.
Zscaler ended at $328.98, up 0.8%, supported by continued enterprise migration to zero-trust cloud security and positive analyst sentiment.
Palo Alto Networks finished at $221.38, up 0.5%, buoyed by confidence in its acquisition-led platform integration and strong corporate security spending.
Okta settled at $89.31, down 0.8%, dipping slightly as valuation pressures and intensifying competition offset optimism around identity security growth.
Fortinet closed at $85.87, up 0.7%, gaining modestly on steady demand for network protection amid heightened geopolitical tension and critical infrastructure risks.

💡 Cyber Tip

X Warns Users to Re-enroll Security Keys Soon

Social media platform X is requiring users who use passkeys or hardware security keys for Two-Factor Authentication (2FA) to re-enroll their keys by November 10, 2025, to avoid being locked out. The update is needed to officially link all enrolled security keys to the x.com domain instead of the old twitter.com domain as the company finalizes its rebrand.

🔐 What You Should Do

Re-enroll your security key or passkey before November 10, 2025 through your X account settings.
Navigate to Settings → Security and account access → Two-factor authentication → Security key, then delete and re-add your key following the on-screen steps.
If you prefer, switch to another 2FA method, such as an authenticator app.
Avoid disabling 2FA entirely, as it reduces account protection.

⚠️ Why This Matters

Failure to re-enroll by the deadline will result in account lockouts until 2FA is updated. This change ensures that all security keys are securely tied to the x.com domain, maintaining strong protection against phishing and unauthorized access. Re-enrolling now prevents disruptions and keeps your account secure.