The Monthly Phish Fry: September 2025

Intro

This September was a heavy month. Compounded by the anniversary of the events that took place on September 11th, 2001, this month was a resounding reminder to never forget. As tensions rise globally, we cannot afford to let our adversaries penetrate and divide us from within, as they are blatantly keen on achieving. Remember, we are the UNITED states, and united is how we will overcome these trying times.

With that being said, let’s dig into what nation-state actors are up to this month, how AI is getting scarier and scarier, and we’ll take a look at some surprising vulnerabilities that might hit a little closer to home than you’d like. Let’s dig in…

Attacks by Sea, Air, and homeland

Nigerian Princes Have Upped Their Game

With 80% of the world's trade carried by sea, cyber-attacks on shipping are a growing concern. Nigerian organized criminal organizations have pivoted to this seemingly soft target, utilizing man-in-the-middle attacks to intercept communications of ships and ports. According to a research group at the Netherlands' NHL Stenden University of Applied Sciences, cyber attacks on the shipping industry rose from 10 in 2021 to over 64 in 2024. Partly to explain the rise in cyber incidents is the increased connectivity, highlighted by the incident last year, where a US Navy Chief was relieved of her duties after installing a Starlink satellite on a warship so she and others could access the internet.

The average cost to deal with a maritime cyber-attack doubled between 2022 and 2023 to $550,000, and the average ransom payment is now a staggering $3.2 million. This escalating threat highlights the vulnerability of our global supply chain.

Not So Friendly Skies Over Europe

The skies are also proving to be a new frontier for cyber warfare. In a concerning incident, the GPS navigation system of a plane carrying European Commission President Ursula von der Leyen was jammed as it approached its destination. The pilots were forced to revert to traditional paper maps to safely land the aircraft, a stark reminder of the vulnerabilities in our modern aviation systems. Bulgarian authorities suspect the jamming was a deliberate act of interference by Russia, a claim that underscores the growing threat of "hybrid warfare" tactics.

In response to this and other similar events, the European Union has announced plans to bolster its satellite defenses to better detect and counteract such disruptions, aiming to safeguard the integrity of air travel across the continent. But will these “bolstered defenses” be enough? As highlighted recently by security researchers Andrzej Olchawa and Milenko Starcik, the cybersecurity of space systems has long been overlooked and is “low-hanging fruit.”

DHS Security Fumble

Back on solid ground, a serious data breach has shaken the U.S. Department of Homeland Security. For several weeks, a hacker had undetected access to the sensitive personal information of employees at both the Federal Emergency Management Agency (FEMA) and Customs and Border Protection. This prolonged intrusion was ultimately attributed to "severe lapses in security," ranging from a lack of multi-factor authentication implementation to failure to address known and critical vulnerabilities, leading to the dismissal of two dozen FEMA IT personnel, including senior executives. The breach serves as a critical wake-up call about the internal vulnerabilities that can exist within even the most sensitive government agencies, emphasizing the paramount importance of robust internal security protocols and vigilant oversight to protect national security interests.

One Step Closer to the matrix

Get ready for this one, because it’s going to be a stretch… stretchy, wearable computers that is.

The line between our world and a digital simulation is growing thinner every day, with new technologies pushing us closer to a future straight out of science fiction. The first piece of the puzzle is the creation of the simulation itself. Artificial intelligence is now developing "world models," sophisticated systems that learn the rules of our physical reality to predict outcomes. This is the foundational step for an AI that can not only understand our world but potentially create a simulated one indistinguishable from it.

But a simulation is useless without a way to plug in. Scientists have now developed the ultimate interface: an entire computer crammed into a single fiber of clothing. This washable, wearable tech that can stretch up to 60% represents a future where the boundary between human and machine dissolves. Embedded within these fibers are photodetectors, temperature sensors, an accelerometer, and a photoplethysmogram sensor (which measures changes in light absorption by the skin). If AI is building the digital world, these intelligent fibers are the neural links, seamlessly integrating technology with our bodies and making the digital experience an extension of our own senses.

If they can’t stick you in a comfy, high-tech sweater, this new technology called Pulse-Fi might do the trick. Pulse-Fi can now monitor a person's heart rate using only Wi-Fi signals, without any physical contact. This leap in remote biological sensing is reminiscent of the machines monitoring humans in their pods. Each of these breakthroughs is remarkable on its own, but together, they paint a startling picture: an AI that builds a virtual world, technology to seamlessly connect us to it, and a network that can monitor our very life force within that system. The Matrix isn't just a movie anymore; it's becoming a technological roadmap.

Don’t let your computer look?

As if cyber attacks were not prolific enough, a new wave of threats is emerging where malicious images and clever pixel manipulation can "hack" AI agents, making them execute unwanted commands. As Scientific American recently highlighted, these subtle visual attacks pose a serious risk to everything from self-driving cars to advanced security systems.

The danger lies in the very nature of how AI "sees" and learns, making it vulnerable to deception that the human eye might miss. These adversarial attacks can be as simple as a sticker on a stop sign, yet they can have catastrophic consequences. What’s worse is that these types of attacks can self-proliferate, meaning that if an AI agent receives the prompt injection, it could be instructed to distribute the poisoned image via social media, email, etc. If the person on the other end has an AI agent also running, it starts the cycle over again.

How do you protect your digital companions from seeing (and acting on) the wrong things? While AI agents are still being adopted, this is a key security pivot point that should be addressed.

And it's not just about what a computer sees on a screen. As a recent IEEE Spectrum article revealed, even sophisticated robots like Unitree's humanoids can be completely taken over through a simple exploit, turning a helpful assistant into a remotely controlled puppet. Utilizing the Bluetooth (BLE) Wi-Fi configuration interface, attackers can inject code, resulting in a root-level takeover. Even worse, the vulnerability can become wormable, simply by infected robots scanning for other robots in BLE range. Now we’re talking about a robot bot-net (robot-net?).

Imagine a robot in your home or workplace suddenly acting on a hacker's commands, all because of a vulnerability in its "nervous system."

It doesn’t stop there for the robots. Researchers at the University of Waterloo have uncovered a startling privacy flaw in modern robots. They found that even with fully encrypted commands, a hacker can determine what a robot is doing with 97% accuracy simply by analyzing the patterns of data traffic. This "side-channel" attack means that without ever breaking the encryption, malicious actors could deduce sensitive information—from manufacturing secrets in a factory to confidential patient care details in a hospital.

These threats are no longer theoretical; they are here, and they highlight the urgent need to secure the entire robotic and AI ecosystem, from their visual sensors to their core programming.

You’re tracking your Bluetooth tag, but who’s tracking you?

The Tile tracker on your keys is supposed to bring you peace of mind, but a shocking security flaw may be putting you at risk. As reported by Wired, researchers have discovered that Tile's tracking tags, from parent company Life360, broadcast unencrypted data, allowing anyone with basic tech skills to monitor your movements indefinitely. Unlike competitors who have addressed this vulnerability, Tile's design could be exploited by tech-savvy stalkers, who can even bypass the device's anti-stalking features. Researchers claim the information is stored in cleartext, making it easily accessible. Moreover, anyone with a radio frequency scanner can intercept the information during transmission. Even if some security changes are made, such as not transmitting the MAC address, it’s possible an attacker could still identify the device with a single message due to the predictability of the rotating IDs Tile utilizes.

The flaw is so significant that it could essentially turn Tile's entire network into a global surveillance system, raising serious questions about user privacy and safety. Suddenly, the tracker in your pocket has become the target on your back.