The Monthly Phish Fry: October 2025
Intro
We’re back! And yes, we’re a little later than usual. Our apologies—you could blame our calendar management, or you could blame the digital apocalypse that took down half the internet. (We’re definitely blaming the digital apocalypse.)
Who’s to say, really?
In any case, the fryers are hot and we're ready to serve up this month's catch. It's a weird one, folks. We've got stories that blur the line between the digital and the physical, and others that are just plain bizarre. On the menu for this Monthly Phish Fry:
Cyber-physical tech: What happens when a hacker can literally unlock your front door?
AI Juries: We'll look at the disturbing trend of AI infiltrating the courtroom.
Pixnapping: The bizarre new ransom tactic you need to know about.
How Amazon Broke the Internet: And, of course, the main course. We’ll untangle the technical mess that led to the great outage... and why it will probably happen again.
Grab a fork and let's dig in!
One Security Bot Served Up Raw
Remember that "cyber-physical tech" we promised to fry up? Well, we're starting with a fresh catch called ARGUS, a new robotic security guard that’s being sold as the ultimate hybrid hunter. It's not just a camera on wheels; this bot roams your halls using AI to spot faces and weapons, while also sniffing your network traffic for things like port scans. The big sales pitch is that it can correlate a physical intruder with a digital attack in real-time.
Here's the fishy part: while it’s busy correlating two attack surfaces into one, the researchers themselves admit its accuracy plummets in poor lighting. More importantly, they note that "future work" is still needed to defend it from deepfakes, spoofing, and "adversarial compromise." In other words, we’re building a "security" robot that can't reliably see in the dark, can be fooled by a fake face, and hasn't yet been secured from being tampered with. It's the perfect cyber-physical storm: a "guard" that could be turned into the most sophisticated Trojan horse you’ve ever paid for.
Sounds like a fun game of tag, except the robot is "it" and you're fighting the hacker for the controller. Hey, maybe there’s an idea for your computer science program.
Figure 1. ARGUS prototype equipped with LiDAR, RGB/IR cameras, and IDS modules, designed for hybrid threat detection in cyber-physical environments. Notes: LiDAR = Light Detection and Ranging; IDS = Intrusion Detection System; IR = Infrared. Click the image to see the original paper.
A Jury of… Artificial Peers?
Next up on the menu is that "AI Jury" we promised, and it’s even fishier than it sounds. A law school in North Carolina thought it was a good idea to run a mock trial, replacing a jury of peers with a panel of bots: ChatGPT, Grok, and Claude. The AIs were fed a real-time transcript to "deliberate," and the results were, predictably, a disaster.
A post-trial panel of actual humans was "intensely critical," pointing out that the bots couldn't read body language, lacked any human experience, and are famous for—you know—hallucinating facts. To make it even more absurd, one of the AI "jurors" was Grok, the same bot that once had a public meltdown and started calling itself "MechaHitler."
But the truly scary part isn't that the bots were bad; it's the warning from one professor that the tech industry's "instinct to repair" is the real danger. They won't just stop; they'll "fix" the problem by giving the bots video feeds and "backstories" until they have recursively "repaired" their way right into a real jury box.
As if the legal system wasn’t enough of a circus.
This Month's Crispiest Con: "Pixnapping"
"Pixnapping", a particularly greasy con served up fresh for Android users. This isn't your garden-variety phishing; it’s a patient, slow-cooked attack. A malicious app, running without any special permissions, uses a clever side-channel trick to essentially ask your phone's graphics processor what it's rendering. It then "naps" the data from your screen, one pixel at a time. It may be slow, but it's fast enough to read the 2FA codes right out of your Google Authenticator or peek at your bank app. It's a resurrected vulnerability (CVE-2025-48561) that's already found a workaround for Google's first patch, proving that even old, "fried" attacks can be served up again while they're still hot.
To make matters worse, this is effective against the latest operating system, Android 16.
Full paper: here
This month’s Catch of the Day: How Amazon Broke the Internet
Alright, it’s time for the main course! This is the "catch of the day" we all got to experience, whether we wanted to or not: the great AWS outage. Yes, this is the story of how Amazon broke the internet and why you couldn't use your Ring doorbell, send a Snapchat, or even play Wordle. It turns out "the cloud" isn't some magical sky-computer; it's mostly a bunch of servers in Northern Virginia, and one of them (the all-important US-EAST-1 region) finally got fried.
So what exactly did they overcook? The problem wasn't a cyberattack, but something much more mundane and terrifying: a DNS failure. Think of DNS as the Internet’s phone book. A faulty update to a key database (DynamoDB) essentially set that phone book on fire. Suddenly, apps couldn't find the numbers for the servers they needed to talk to.
This triggered a massive, cascading failure that took everything down with it. We’re talking Roblox, Fortnite, Canva, Coinbase, and even airlines. It was a stark reminder that the entire digital world is basically balanced on one or two plates, and this time, Amazon dropped the whole platter. It's the ultimate example of "concentration risk," and we all got to feel what happens when the central kitchen has a grease fire.
If you want a short and frosty breakdown of this internet-wide brain freeze, check out this video.
The After-Dinner Mint (That Tastes Like Malware)
First up, a tasty little morsel about that expensive gaming mouse you love. Its high-performance sensor is so good, it can pick up vibrations from your desk, allowing AI to listen to everything you say. Yes, your mouse is now a microphone. Delicious.
Next, a new hacker gang hit a "new low" by stealing 8,000 children's photos from a nursery for ransom. They quickly apologized and backpedaled after the public backlash, proving even criminals, it seems, are worried about their brand. How touching.
And for the final bite, a reminder that the future is here and it's terrifying. Law enforcement is sounding the alarm that they're being flooded with untraceable, 3D-printed "ghost guns" that can be made by anyone with a printer and a blueprint. Sweet dreams.