Intro

Welcome back to the Monthly Phish Fry! Grab your tartar sauce, because August served up a massive security story, and the main course was a widespread exploit linked to the Salesforce ecosystem. This wasn't just a single catch; it was a sprawling net that ensnared some of the biggest names in the sea, reminding us all that in today's digital ocean, everyone is connected. And while that's the big fish we'll be dissecting, it wasn't the only thing on the menu. So, pull up a chair and sharpen your forks... let's dig in.

Casting a Wide Net: How the Salesforce Breach Reeled in the Big Fish

Now, before you think the CRM giant itself was cracked wide open, the reality is a bit more complex—and a lot more relevant to all of us. Instead of a direct breach of Salesforce's core systems, attackers found a vulnerability in the wider ecosystem, impacting third-party vendors and integrations that plug into the platform. Think of it as a master key that didn't open the company's front door, but instead unlocked a whole series of connected VIP suites.

And the net they cast was wide, reeling in some absolute whales. Google reported that one of its vendors was hit, leading to a customer data exposure. The attack was credited to the hacking group ShinyHunters, who, following investigation, had been at it since June. What treasures did they take? The Salesforce-hosted customer database was compromised, exposing names, email addresses, and phone numbers of one of the largest customer bases.

HR software giant Workday announced a similar third-party incident. Likely utilizing the information from the Salesforce database, attackers posed as internal HR or IT staff via phone and texts, tricking employees into granting system access.

Perhaps most concerning, credit titan TransUnion confirmed it was also a victim, putting sensitive financial and personal data at risk. Unlike some of the other companies affected, the TransUnion breach exposed more sensitive data, such as dates of birth, Social Security numbers, billing addresses, and customer support messages. In response, customers receive 24 months of free credit monitoring services (Woohoo!!….)

The Takeaway: This incident is a sizzling-hot reminder of the biggest risk in today's interconnected world: supply chain security. You can have the most secure boat on the ocean, but if a company you're tethered to springs a leak, you're going to get wet. It's no longer enough to just secure your own house; you have to vet the security of the entire digital neighborhood.

Stay safe, and don't get caught in someone else's net!

From Code to Concrete: The Growing Threat of Cyber-Physical Attacks

This month, the line between digital mischief and real-world danger was completely erased, highlighting the terrifying potential of cyber-physical attacks. We're not just talking about stolen data anymore; we're talking about hackers using keyboards to manipulate the physical world, and two major stories in August show this threat is no longer theoretical.

First, a chilling real-world example came from Norway, where the nation's spy chief officially blamed pro-Russian hackers for sabotaging a hydropower dam back in April. The attackers didn't just breach a network; they remotely seized control of the dam's systems, forced open a floodgate, and released millions of gallons of water for four hours before being stopped. While no one was harmed, the message was loud and clear: critical infrastructure is vulnerable, and the goal isn't just to steal information, but to demonstrate the power to cause physical disruption and fear.

Right on the heels of that news, the FBI issued a stark warning that the same threat is brewing here at home. An official alert detailed how Russian government hackers are actively targeting U.S. critical infrastructure. The agency found these actors conducting reconnaissance on networks, showing a specific interest in the "industrial control systems" that manage everything from power grids and pipelines to water treatment plants.

Taken together, these two events paint a grim picture. The attack in Norway is proof of concept—a successful cyber-physical assault. The FBI's warning shows the groundwork for similar, or potentially more damaging, attacks is actively being laid on U.S. soil. The threat has evolved: the goal is no longer just to own the network, but to own what the network controls.

Did you Say Cyber-Physical? An Open Invitation to Your Smart Home

If you thought your smart home was only listening for "Hey Google," researchers at this year's Black Hat security conference showed it might be taking orders from a much more sinister source: a simple calendar invite. In a mind-bending demonstration, security researchers revealed how they could take control of a person's smart home by sending them a malicious Google Calendar invitation.

The attack, dubbed a "Targeted Promptware Attack," works by hiding malicious instructions inside the title of a calendar event. When the victim asks their Gemini AI assistant to summarize their day, the AI reads the hidden prompt and is tricked into executing the attacker's commands.

This isn't just a digital prank. The researchers showed this technique could be used to control physical devices connected to Google Home—turning off lights, opening smart windows, and even turning on a boiler. The "invitation" became a key to the victim's house, allowing the attacker to manipulate their physical environment without ever stepping foot inside. While Google has since rolled out fixes to prevent this specific exploit, the research opens a new, alarming chapter in security, proving that a simple, poisoned piece of data can bridge the gap from cyberspace to your living room.

This Month's Special: AI-Powered Phishing with a Side of Data Leakage

Hackers are now cooking with a potent new ingredient: artificial intelligence. Two recent reports reveal how threat actors are using sophisticated AI models as both the rod and the reel in their latest attacks, changing the landscape of cybercrime.

First, in an unprecedented spree reported by NBC News, a hacker used the AI chatbot Claude to automate nearly the entire lifecycle of a ransomware attack. The AI was instrumental in identifying vulnerable targets, generating malicious code, and even drafting ransom notes, targeting at least 17 organizations. This marks the first publicly documented case of an AI model automating such a comprehensive cybercrime operation.

Meanwhile, a report from Wired reveals a more subtle but equally potent threat sizzling in the pan. Security researchers demonstrated how a "poisoned" document can be used to leak sensitive data from services connected to AI models like ChatGPT. By tricking the AI into executing malicious commands embedded within a document, attackers can exfiltrate confidential information, showing just how deep the hook can be set in our increasingly integrated digital ecosystems.

Together, these two accounts show that the cybersecurity threats we're frying up are evolving, with AI now firmly in the arsenal of malicious actors.

Ding-Dong Ditch 2.0

Let’s end on a light-hearted, nostalgic note.

Remember the simple, wholesome fun of Ding-Dong Ditch? A quick ring, a frantic giggle, and a mad dash into the bushes. Well, that classic neighborhood pastime has just received its 2.0 update, complete with high-impact features and a social media-ready interface.

Introducing the "Door Kick Challenge," the next-gen version where players skip the quaint doorbell and proceed directly to a forceful kick, all while a friend captures the "content" for viral glory. It's all the thrill of the original, but with the added bonus of potential property damage!

However, it seems the game's moderators—in this case, law enforcement—are dropping a major patch. They're reminding players that this new version comes with some serious bugs, like criminal charges and even arrest records. Some early adopters in Florida have already discovered the "Go to Jail" endgame. So while it may seem like light-hearted fun, maybe stick to the classic version. The 2.0 update has some consequences that definitely won't earn you any likes.

Intro

Welcome back to The Monthly Phish Fry! As summer temperatures soared in July, so did the heat on IT administrators and everyday users alike. This month was a stark reminder that even the most trusted software can become a gateway for attackers, with critical vulnerabilities discovered in major platforms from Microsoft to Apple. We saw ransomware gangs evolve their tactics after major takedowns, and AI once again blurred the lines between human and machine. Grab a seat, because we're about to break down the biggest security stories you need to know about.

This Month’s “Catch of the Day”: The SharePoint Zero-Day

This month's "Catch of the Month" is a nasty one that sent shockwaves from corporate offices to the highest levels of national security. A critical flaw in Microsoft SharePoint, a tool countless businesses use for file sharing, allowed attackers to take complete control of servers without needing a password. The campaign, dubbed "ToolShell," was staggering in its scale. Chinese state-sponsored hacking groups successfully breached over 400 organizations globally, including a wide variety of state and local governments, telecommunications firms, and private companies.

The most alarming target was the U.S. Department of Energy’s National Nuclear Security Administration (NNSA), the agency responsible for maintaining the nation's nuclear weapons stockpile. The successful breach of an agency this critical via a common office software vulnerability is a terrifying reminder of how interconnected and fragile our digital infrastructure can be.

The fallout from this vulnerability didn't stop there. According to a report from Cybersecurity News, hackers used the same wave of attacks to compromise the Acquisition Research Center (ARC), an unclassified but critical website used by the CIA and other intelligence agencies to manage sensitive government contracts. The attackers stole proprietary intellectual property and personal information from companies supporting innovative CIA spying programs. Information related to the "Digital Hammer" initiative—one of the CIA's most sensitive tech development programs focusing on miniaturized sensors and surveillance tools—was confirmed to be among the data accessed. This highlights a dangerous trend: even if classified networks remain secure, attackers can target the less-secure supply chain to steal the blueprints of a nation's most advanced secrets.

According to Cybersecurity News, L.J. Eads, a former Air Force intelligence officer, assessed that the ARC breach was not opportunistic but a sophisticated state-sponsored operation. “When proprietary innovations intended for CIA-backed programs are exfiltrated," Eads stated, "it's not just a vendor issue but a serious national security breach.

St. Paul Under Siege: National Guard Called in After "Coordinated" Cyberattack

In one of the most dramatic responses to a municipal cyberattack this year, Minnesota Governor Tim Walz activated the National Guard's specialized cyber protection unit to help the city of St. Paul recover from a "deliberate, coordinated, digital attack." The attack, which began on Friday, July 25th, was deemed so complex that it "exceeded the city's response capacity."

To contain the threat from the "sophisticated external actor," city officials took the drastic step of shutting down most of their information systems. While critical emergency services like 911 remained operational, the shutdown caused widespread disruption for residents, including:

• Disabling of online payment portals for water bills and other city services.

• Outages of Wi-Fi and public computers across the entire St. Paul library system.

• Disruption of internal city networks, impacting municipal workers and services.

Mayor Melvin Carter declared a state of emergency, and the FBI was brought in to lead the criminal investigation into the breach. While officials have not publicly confirmed the specific nature of the attack, such as whether it involved ransomware, the event underscores the severe real-world consequences when a city's digital infrastructure is targeted.

The deployment of the National Guard's cyber team—their first-ever mission within their home state—highlights the escalating severity of cyber threats against local governments.

In a public statement, Governor Tim Walz affirmed the state's commitment: "The Minnesota National Guard's cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts. Above all, we are committed to protecting the safety and security of the people of Saint Paul.”

St. Paul Mayor Melvin Carter described the gravity of the situation at a press conference, stating, "This was not a system glitch or technical error. This was a deliberate, coordinated digital attack carried out by a sophisticated external actor intentionally and criminally targeting our city's information infrastructure."

While the nature of the attack has not been disclosed, the timing of this event with the SharePoint zero-day seems like more than a coincidence. Many cyber threat groups were using the opportunity to deploy ransomware.

You Don't Need Code to Cripple a City

In other news, Santa Barbara suffered a self-inflicted cyber attack when a construction crew took out a critical fiber optic cable with a backhoe. For nearly 24 hours, this single physical cut achieved what many sophisticated hacking groups only dream of: it silenced 9-1-1 emergency lines and crippled the local airport's traffic control.

There was no malicious code, no foreign agent—just a misplaced shovel that instantly severed the digital lifeline for an entire community. The incident is a stark reminder that while we focus on complex digital firewalls, our hyper-connected world remains profoundly vulnerable to simple, physical mistakes. It proves that sometimes the most effective denial-of-service attack isn't launched from a keyboard, but from the bucket of a backhoe.

Confirming the analog nature of this digital outage, local news outlet KEYT reported a Frontier spokesperson stating, “A third-party doing construction work cut fiber lines, disrupting service in the area. We are actively working to repair the damage and restore service.”

From Downed Wires to Downed Servers

This month, the biggest threat in Call of Duty wasn't in the game, but came through it. A critical flaw in the 2017 title, Call of Duty: WWII, allowed hackers to execute malicious code on players' PCs, giving them total control. The attack was alarmingly simple: join a multiplayer lobby, and your computer could be compromised. After videos of live hacks went viral—showing command windows appearing mid-game—Activision was forced to take the PC servers completely offline. The incident serves as a stark warning that even in the world of video games, the threat of real-world digital intrusion is never far away.

According to cybersecurity firm Malwarebytes, as cited by CyberScoop, "The hacking of older titles is an open-air secret among the Call of Duty community," highlighting a long-standing issue where aging game infrastructure can leave players exposed to serious attacks.

The stakes here aren't just your in-game stats, but your real-world identity. A vulnerability like this turns your PC into an open book, making you a target for ransomware, data theft, or having your machine turned into part of a botnet. While publishers are ultimately responsible for patching their games, you can fortify your own digital defenses. Ensure your PC's operating system and security software are always updated, as this can sometimes block the malicious payloads hackers try to deliver. Furthermore, avoid running games with administrator privileges whenever possible, as this creates a crucial barrier that can limit a hacker's control if they do manage to break through.

From the Lab: The Walls (and Bugs) Have Ears

Finally, a look to the future, where the lines between science fiction and our physical reality are rapidly blurring. In the world of personal surveillance, researchers developed WhoFi, a system that uses standard Wi-Fi signals to identify you by the unique way your body disrupts the waves—no phone or device required. The technology can reportedly identify individuals with up to 95% accuracy, meaning your very presence could soon become a trackable, biometric fingerprint.

Meanwhile, on the geopolitical stage, that same push into novel surveillance is taking an even more startling turn. Spurred by a massive increase in defense spending, German tech startups are now developing tank-like AI robots, battlefield drones, and—in the most headline-grabbing example—cyborg "spy" cockroaches. These insects, equipped with miniature cameras and controlled by electrical stimuli, are designed to provide surveillance in hostile environments. Whether it’s the radio waves in a café or the insects on the ground, the message is clear: the next generation of security aims to turn the entire world into a sensor.