The Monthly Phish Fry: July 2025

Intro

Welcome back to The Monthly Phish Fry! As summer temperatures soared in July, so did the heat on IT administrators and everyday users alike. This month was a stark reminder that even the most trusted software can become a gateway for attackers, with critical vulnerabilities discovered in major platforms from Microsoft to Apple. We saw ransomware gangs evolve their tactics after major takedowns, and AI once again blurred the lines between human and machine. Grab a seat, because we're about to break down the biggest security stories you need to know about.

This Month’s “Catch of the Day”: The SharePoint Zero-Day

This month's "Catch of the Month" is a nasty one that sent shockwaves from corporate offices to the highest levels of national security. A critical flaw in Microsoft SharePoint, a tool countless businesses use for file sharing, allowed attackers to take complete control of servers without needing a password. The campaign, dubbed "ToolShell," was staggering in its scale. Chinese state-sponsored hacking groups successfully breached over 400 organizations globally, including a wide variety of state and local governments, telecommunications firms, and private companies.

The most alarming target was the U.S. Department of Energy’s National Nuclear Security Administration (NNSA), the agency responsible for maintaining the nation's nuclear weapons stockpile. The successful breach of an agency this critical via a common office software vulnerability is a terrifying reminder of how interconnected and fragile our digital infrastructure can be.

The fallout from this vulnerability didn't stop there. According to a report from Cybersecurity News, hackers used the same wave of attacks to compromise the Acquisition Research Center (ARC), an unclassified but critical website used by the CIA and other intelligence agencies to manage sensitive government contracts. The attackers stole proprietary intellectual property and personal information from companies supporting innovative CIA spying programs. Information related to the "Digital Hammer" initiative—one of the CIA's most sensitive tech development programs focusing on miniaturized sensors and surveillance tools—was confirmed to be among the data accessed. This highlights a dangerous trend: even if classified networks remain secure, attackers can target the less-secure supply chain to steal the blueprints of a nation's most advanced secrets.

According to Cybersecurity News, L.J. Eads, a former Air Force intelligence officer, assessed that the ARC breach was not opportunistic but a sophisticated state-sponsored operation. “When proprietary innovations intended for CIA-backed programs are exfiltrated," Eads stated, "it's not just a vendor issue but a serious national security breach.

St. Paul Under Siege: National Guard Called in After "Coordinated" Cyberattack

In one of the most dramatic responses to a municipal cyberattack this year, Minnesota Governor Tim Walz activated the National Guard's specialized cyber protection unit to help the city of St. Paul recover from a "deliberate, coordinated, digital attack." The attack, which began on Friday, July 25th, was deemed so complex that it "exceeded the city's response capacity."

To contain the threat from the "sophisticated external actor," city officials took the drastic step of shutting down most of their information systems. While critical emergency services like 911 remained operational, the shutdown caused widespread disruption for residents, including:

• Disabling of online payment portals for water bills and other city services.

• Outages of Wi-Fi and public computers across the entire St. Paul library system.

• Disruption of internal city networks, impacting municipal workers and services.

Mayor Melvin Carter declared a state of emergency, and the FBI was brought in to lead the criminal investigation into the breach. While officials have not publicly confirmed the specific nature of the attack, such as whether it involved ransomware, the event underscores the severe real-world consequences when a city's digital infrastructure is targeted.

The deployment of the National Guard's cyber team—their first-ever mission within their home state—highlights the escalating severity of cyber threats against local governments.

In a public statement, Governor Tim Walz affirmed the state's commitment: "The Minnesota National Guard's cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts. Above all, we are committed to protecting the safety and security of the people of Saint Paul.”

St. Paul Mayor Melvin Carter described the gravity of the situation at a press conference, stating, "This was not a system glitch or technical error. This was a deliberate, coordinated digital attack carried out by a sophisticated external actor intentionally and criminally targeting our city's information infrastructure."

While the nature of the attack has not been disclosed, the timing of this event with the SharePoint zero-day seems like more than a coincidence. Many cyber threat groups were using the opportunity to deploy ransomware.

You Don't Need Code to Cripple a City

In other news, Santa Barbara suffered a self-inflicted cyber attack when a construction crew took out a critical fiber optic cable with a backhoe. For nearly 24 hours, this single physical cut achieved what many sophisticated hacking groups only dream of: it silenced 9-1-1 emergency lines and crippled the local airport's traffic control.

There was no malicious code, no foreign agent—just a misplaced shovel that instantly severed the digital lifeline for an entire community. The incident is a stark reminder that while we focus on complex digital firewalls, our hyper-connected world remains profoundly vulnerable to simple, physical mistakes. It proves that sometimes the most effective denial-of-service attack isn't launched from a keyboard, but from the bucket of a backhoe.

Confirming the analog nature of this digital outage, local news outlet KEYT reported a Frontier spokesperson stating, “A third-party doing construction work cut fiber lines, disrupting service in the area. We are actively working to repair the damage and restore service.”

From Downed Wires to Downed Servers

This month, the biggest threat in Call of Duty wasn't in the game, but came through it. A critical flaw in the 2017 title, Call of Duty: WWII, allowed hackers to execute malicious code on players' PCs, giving them total control. The attack was alarmingly simple: join a multiplayer lobby, and your computer could be compromised. After videos of live hacks went viral—showing command windows appearing mid-game—Activision was forced to take the PC servers completely offline. The incident serves as a stark warning that even in the world of video games, the threat of real-world digital intrusion is never far away.

According to cybersecurity firm Malwarebytes, as cited by CyberScoop, "The hacking of older titles is an open-air secret among the Call of Duty community," highlighting a long-standing issue where aging game infrastructure can leave players exposed to serious attacks.

The stakes here aren't just your in-game stats, but your real-world identity. A vulnerability like this turns your PC into an open book, making you a target for ransomware, data theft, or having your machine turned into part of a botnet. While publishers are ultimately responsible for patching their games, you can fortify your own digital defenses. Ensure your PC's operating system and security software are always updated, as this can sometimes block the malicious payloads hackers try to deliver. Furthermore, avoid running games with administrator privileges whenever possible, as this creates a crucial barrier that can limit a hacker's control if they do manage to break through.

From the Lab: The Walls (and Bugs) Have Ears

Finally, a look to the future, where the lines between science fiction and our physical reality are rapidly blurring. In the world of personal surveillance, researchers developed WhoFi, a system that uses standard Wi-Fi signals to identify you by the unique way your body disrupts the waves—no phone or device required. The technology can reportedly identify individuals with up to 95% accuracy, meaning your very presence could soon become a trackable, biometric fingerprint.

Meanwhile, on the geopolitical stage, that same push into novel surveillance is taking an even more startling turn. Spurred by a massive increase in defense spending, German tech startups are now developing tank-like AI robots, battlefield drones, and—in the most headline-grabbing example—cyborg "spy" cockroaches. These insects, equipped with miniature cameras and controlled by electrical stimuli, are designed to provide surveillance in hostile environments. Whether it’s the radio waves in a café or the insects on the ground, the message is clear: the next generation of security aims to turn the entire world into a sensor.