Intro

This September was a heavy month. Compounded by the anniversary of the events that took place on September 11th, 2001, this month was a resounding reminder to never forget. As tensions rise globally, we cannot afford to let our adversaries penetrate and divide us from within, as they are blatantly keen on achieving. Remember, we are the UNITED states, and united is how we will overcome these trying times.

With that being said, let’s dig into what nation-state actors are up to this month, how AI is getting scarier and scarier, and we’ll take a look at some surprising vulnerabilities that might hit a little closer to home than you’d like. Let’s dig in…

Attacks by Sea, Air, and homeland

Nigerian Princes Have Upped Their Game

With 80% of the world's trade carried by sea, cyber-attacks on shipping are a growing concern. Nigerian organized criminal organizations have pivoted to this seemingly soft target, utilizing man-in-the-middle attacks to intercept communications of ships and ports. According to a research group at the Netherlands' NHL Stenden University of Applied Sciences, cyber attacks on the shipping industry rose from 10 in 2021 to over 64 in 2024. Partly to explain the rise in cyber incidents is the increased connectivity, highlighted by the incident last year, where a US Navy Chief was relieved of her duties after installing a Starlink satellite on a warship so she and others could access the internet.

The average cost to deal with a maritime cyber-attack doubled between 2022 and 2023 to $550,000, and the average ransom payment is now a staggering $3.2 million. This escalating threat highlights the vulnerability of our global supply chain.

Not So Friendly Skies Over Europe

The skies are also proving to be a new frontier for cyber warfare. In a concerning incident, the GPS navigation system of a plane carrying European Commission President Ursula von der Leyen was jammed as it approached its destination. The pilots were forced to revert to traditional paper maps to safely land the aircraft, a stark reminder of the vulnerabilities in our modern aviation systems. Bulgarian authorities suspect the jamming was a deliberate act of interference by Russia, a claim that underscores the growing threat of "hybrid warfare" tactics.

In response to this and other similar events, the European Union has announced plans to bolster its satellite defenses to better detect and counteract such disruptions, aiming to safeguard the integrity of air travel across the continent. But will these “bolstered defenses” be enough? As highlighted recently by security researchers Andrzej Olchawa and Milenko Starcik, the cybersecurity of space systems has long been overlooked and is “low-hanging fruit.”

DHS Security Fumble

Back on solid ground, a serious data breach has shaken the U.S. Department of Homeland Security. For several weeks, a hacker had undetected access to the sensitive personal information of employees at both the Federal Emergency Management Agency (FEMA) and Customs and Border Protection. This prolonged intrusion was ultimately attributed to "severe lapses in security," ranging from a lack of multi-factor authentication implementation to failure to address known and critical vulnerabilities, leading to the dismissal of two dozen FEMA IT personnel, including senior executives. The breach serves as a critical wake-up call about the internal vulnerabilities that can exist within even the most sensitive government agencies, emphasizing the paramount importance of robust internal security protocols and vigilant oversight to protect national security interests.

One Step Closer to the matrix

Get ready for this one, because it’s going to be a stretch… stretchy, wearable computers that is.

The line between our world and a digital simulation is growing thinner every day, with new technologies pushing us closer to a future straight out of science fiction. The first piece of the puzzle is the creation of the simulation itself. Artificial intelligence is now developing "world models," sophisticated systems that learn the rules of our physical reality to predict outcomes. This is the foundational step for an AI that can not only understand our world but potentially create a simulated one indistinguishable from it.

But a simulation is useless without a way to plug in. Scientists have now developed the ultimate interface: an entire computer crammed into a single fiber of clothing. This washable, wearable tech that can stretch up to 60% represents a future where the boundary between human and machine dissolves. Embedded within these fibers are photodetectors, temperature sensors, an accelerometer, and a photoplethysmogram sensor (which measures changes in light absorption by the skin). If AI is building the digital world, these intelligent fibers are the neural links, seamlessly integrating technology with our bodies and making the digital experience an extension of our own senses.

If they can’t stick you in a comfy, high-tech sweater, this new technology called Pulse-Fi might do the trick. Pulse-Fi can now monitor a person's heart rate using only Wi-Fi signals, without any physical contact. This leap in remote biological sensing is reminiscent of the machines monitoring humans in their pods. Each of these breakthroughs is remarkable on its own, but together, they paint a startling picture: an AI that builds a virtual world, technology to seamlessly connect us to it, and a network that can monitor our very life force within that system. The Matrix isn't just a movie anymore; it's becoming a technological roadmap.

Don’t let your computer look?

As if cyber attacks were not prolific enough, a new wave of threats is emerging where malicious images and clever pixel manipulation can "hack" AI agents, making them execute unwanted commands. As Scientific American recently highlighted, these subtle visual attacks pose a serious risk to everything from self-driving cars to advanced security systems.

The danger lies in the very nature of how AI "sees" and learns, making it vulnerable to deception that the human eye might miss. These adversarial attacks can be as simple as a sticker on a stop sign, yet they can have catastrophic consequences. What’s worse is that these types of attacks can self-proliferate, meaning that if an AI agent receives the prompt injection, it could be instructed to distribute the poisoned image via social media, email, etc. If the person on the other end has an AI agent also running, it starts the cycle over again.

How do you protect your digital companions from seeing (and acting on) the wrong things? While AI agents are still being adopted, this is a key security pivot point that should be addressed.

And it's not just about what a computer sees on a screen. As a recent IEEE Spectrum article revealed, even sophisticated robots like Unitree's humanoids can be completely taken over through a simple exploit, turning a helpful assistant into a remotely controlled puppet. Utilizing the Bluetooth (BLE) Wi-Fi configuration interface, attackers can inject code, resulting in a root-level takeover. Even worse, the vulnerability can become wormable, simply by infected robots scanning for other robots in BLE range. Now we’re talking about a robot bot-net (robot-net?).

Imagine a robot in your home or workplace suddenly acting on a hacker's commands, all because of a vulnerability in its "nervous system."

It doesn’t stop there for the robots. Researchers at the University of Waterloo have uncovered a startling privacy flaw in modern robots. They found that even with fully encrypted commands, a hacker can determine what a robot is doing with 97% accuracy simply by analyzing the patterns of data traffic. This "side-channel" attack means that without ever breaking the encryption, malicious actors could deduce sensitive information—from manufacturing secrets in a factory to confidential patient care details in a hospital.

These threats are no longer theoretical; they are here, and they highlight the urgent need to secure the entire robotic and AI ecosystem, from their visual sensors to their core programming.

You’re tracking your Bluetooth tag, but who’s tracking you?

The Tile tracker on your keys is supposed to bring you peace of mind, but a shocking security flaw may be putting you at risk. As reported by Wired, researchers have discovered that Tile's tracking tags, from parent company Life360, broadcast unencrypted data, allowing anyone with basic tech skills to monitor your movements indefinitely. Unlike competitors who have addressed this vulnerability, Tile's design could be exploited by tech-savvy stalkers, who can even bypass the device's anti-stalking features. Researchers claim the information is stored in cleartext, making it easily accessible. Moreover, anyone with a radio frequency scanner can intercept the information during transmission. Even if some security changes are made, such as not transmitting the MAC address, it’s possible an attacker could still identify the device with a single message due to the predictability of the rotating IDs Tile utilizes.

The flaw is so significant that it could essentially turn Tile's entire network into a global surveillance system, raising serious questions about user privacy and safety. Suddenly, the tracker in your pocket has become the target on your back.

Intro

Welcome back to the Monthly Phish Fry! Grab your tartar sauce, because August served up a massive security story, and the main course was a widespread exploit linked to the Salesforce ecosystem. This wasn't just a single catch; it was a sprawling net that ensnared some of the biggest names in the sea, reminding us all that in today's digital ocean, everyone is connected. And while that's the big fish we'll be dissecting, it wasn't the only thing on the menu. So, pull up a chair and sharpen your forks... let's dig in.

Casting a Wide Net: How the Salesforce Breach Reeled in the Big Fish

Now, before you think the CRM giant itself was cracked wide open, the reality is a bit more complex—and a lot more relevant to all of us. Instead of a direct breach of Salesforce's core systems, attackers found a vulnerability in the wider ecosystem, impacting third-party vendors and integrations that plug into the platform. Think of it as a master key that didn't open the company's front door, but instead unlocked a whole series of connected VIP suites.

And the net they cast was wide, reeling in some absolute whales. Google reported that one of its vendors was hit, leading to a customer data exposure. The attack was credited to the hacking group ShinyHunters, who, following investigation, had been at it since June. What treasures did they take? The Salesforce-hosted customer database was compromised, exposing names, email addresses, and phone numbers of one of the largest customer bases.

HR software giant Workday announced a similar third-party incident. Likely utilizing the information from the Salesforce database, attackers posed as internal HR or IT staff via phone and texts, tricking employees into granting system access.

Perhaps most concerning, credit titan TransUnion confirmed it was also a victim, putting sensitive financial and personal data at risk. Unlike some of the other companies affected, the TransUnion breach exposed more sensitive data, such as dates of birth, Social Security numbers, billing addresses, and customer support messages. In response, customers receive 24 months of free credit monitoring services (Woohoo!!….)

The Takeaway: This incident is a sizzling-hot reminder of the biggest risk in today's interconnected world: supply chain security. You can have the most secure boat on the ocean, but if a company you're tethered to springs a leak, you're going to get wet. It's no longer enough to just secure your own house; you have to vet the security of the entire digital neighborhood.

Stay safe, and don't get caught in someone else's net!

From Code to Concrete: The Growing Threat of Cyber-Physical Attacks

This month, the line between digital mischief and real-world danger was completely erased, highlighting the terrifying potential of cyber-physical attacks. We're not just talking about stolen data anymore; we're talking about hackers using keyboards to manipulate the physical world, and two major stories in August show this threat is no longer theoretical.

First, a chilling real-world example came from Norway, where the nation's spy chief officially blamed pro-Russian hackers for sabotaging a hydropower dam back in April. The attackers didn't just breach a network; they remotely seized control of the dam's systems, forced open a floodgate, and released millions of gallons of water for four hours before being stopped. While no one was harmed, the message was loud and clear: critical infrastructure is vulnerable, and the goal isn't just to steal information, but to demonstrate the power to cause physical disruption and fear.

Right on the heels of that news, the FBI issued a stark warning that the same threat is brewing here at home. An official alert detailed how Russian government hackers are actively targeting U.S. critical infrastructure. The agency found these actors conducting reconnaissance on networks, showing a specific interest in the "industrial control systems" that manage everything from power grids and pipelines to water treatment plants.

Taken together, these two events paint a grim picture. The attack in Norway is proof of concept—a successful cyber-physical assault. The FBI's warning shows the groundwork for similar, or potentially more damaging, attacks is actively being laid on U.S. soil. The threat has evolved: the goal is no longer just to own the network, but to own what the network controls.

Did you Say Cyber-Physical? An Open Invitation to Your Smart Home

If you thought your smart home was only listening for "Hey Google," researchers at this year's Black Hat security conference showed it might be taking orders from a much more sinister source: a simple calendar invite. In a mind-bending demonstration, security researchers revealed how they could take control of a person's smart home by sending them a malicious Google Calendar invitation.

The attack, dubbed a "Targeted Promptware Attack," works by hiding malicious instructions inside the title of a calendar event. When the victim asks their Gemini AI assistant to summarize their day, the AI reads the hidden prompt and is tricked into executing the attacker's commands.

This isn't just a digital prank. The researchers showed this technique could be used to control physical devices connected to Google Home—turning off lights, opening smart windows, and even turning on a boiler. The "invitation" became a key to the victim's house, allowing the attacker to manipulate their physical environment without ever stepping foot inside. While Google has since rolled out fixes to prevent this specific exploit, the research opens a new, alarming chapter in security, proving that a simple, poisoned piece of data can bridge the gap from cyberspace to your living room.

This Month's Special: AI-Powered Phishing with a Side of Data Leakage

Hackers are now cooking with a potent new ingredient: artificial intelligence. Two recent reports reveal how threat actors are using sophisticated AI models as both the rod and the reel in their latest attacks, changing the landscape of cybercrime.

First, in an unprecedented spree reported by NBC News, a hacker used the AI chatbot Claude to automate nearly the entire lifecycle of a ransomware attack. The AI was instrumental in identifying vulnerable targets, generating malicious code, and even drafting ransom notes, targeting at least 17 organizations. This marks the first publicly documented case of an AI model automating such a comprehensive cybercrime operation.

Meanwhile, a report from Wired reveals a more subtle but equally potent threat sizzling in the pan. Security researchers demonstrated how a "poisoned" document can be used to leak sensitive data from services connected to AI models like ChatGPT. By tricking the AI into executing malicious commands embedded within a document, attackers can exfiltrate confidential information, showing just how deep the hook can be set in our increasingly integrated digital ecosystems.

Together, these two accounts show that the cybersecurity threats we're frying up are evolving, with AI now firmly in the arsenal of malicious actors.

Ding-Dong Ditch 2.0

Let’s end on a light-hearted, nostalgic note.

Remember the simple, wholesome fun of Ding-Dong Ditch? A quick ring, a frantic giggle, and a mad dash into the bushes. Well, that classic neighborhood pastime has just received its 2.0 update, complete with high-impact features and a social media-ready interface.

Introducing the "Door Kick Challenge," the next-gen version where players skip the quaint doorbell and proceed directly to a forceful kick, all while a friend captures the "content" for viral glory. It's all the thrill of the original, but with the added bonus of potential property damage!

However, it seems the game's moderators—in this case, law enforcement—are dropping a major patch. They're reminding players that this new version comes with some serious bugs, like criminal charges and even arrest records. Some early adopters in Florida have already discovered the "Go to Jail" endgame. So while it may seem like light-hearted fun, maybe stick to the classic version. The 2.0 update has some consequences that definitely won't earn you any likes.

Intro

Welcome back to The Monthly Phish Fry! As summer temperatures soared in July, so did the heat on IT administrators and everyday users alike. This month was a stark reminder that even the most trusted software can become a gateway for attackers, with critical vulnerabilities discovered in major platforms from Microsoft to Apple. We saw ransomware gangs evolve their tactics after major takedowns, and AI once again blurred the lines between human and machine. Grab a seat, because we're about to break down the biggest security stories you need to know about.

This Month’s “Catch of the Day”: The SharePoint Zero-Day

This month's "Catch of the Month" is a nasty one that sent shockwaves from corporate offices to the highest levels of national security. A critical flaw in Microsoft SharePoint, a tool countless businesses use for file sharing, allowed attackers to take complete control of servers without needing a password. The campaign, dubbed "ToolShell," was staggering in its scale. Chinese state-sponsored hacking groups successfully breached over 400 organizations globally, including a wide variety of state and local governments, telecommunications firms, and private companies.

The most alarming target was the U.S. Department of Energy’s National Nuclear Security Administration (NNSA), the agency responsible for maintaining the nation's nuclear weapons stockpile. The successful breach of an agency this critical via a common office software vulnerability is a terrifying reminder of how interconnected and fragile our digital infrastructure can be.

The fallout from this vulnerability didn't stop there. According to a report from Cybersecurity News, hackers used the same wave of attacks to compromise the Acquisition Research Center (ARC), an unclassified but critical website used by the CIA and other intelligence agencies to manage sensitive government contracts. The attackers stole proprietary intellectual property and personal information from companies supporting innovative CIA spying programs. Information related to the "Digital Hammer" initiative—one of the CIA's most sensitive tech development programs focusing on miniaturized sensors and surveillance tools—was confirmed to be among the data accessed. This highlights a dangerous trend: even if classified networks remain secure, attackers can target the less-secure supply chain to steal the blueprints of a nation's most advanced secrets.

According to Cybersecurity News, L.J. Eads, a former Air Force intelligence officer, assessed that the ARC breach was not opportunistic but a sophisticated state-sponsored operation. “When proprietary innovations intended for CIA-backed programs are exfiltrated," Eads stated, "it's not just a vendor issue but a serious national security breach.

St. Paul Under Siege: National Guard Called in After "Coordinated" Cyberattack

In one of the most dramatic responses to a municipal cyberattack this year, Minnesota Governor Tim Walz activated the National Guard's specialized cyber protection unit to help the city of St. Paul recover from a "deliberate, coordinated, digital attack." The attack, which began on Friday, July 25th, was deemed so complex that it "exceeded the city's response capacity."

To contain the threat from the "sophisticated external actor," city officials took the drastic step of shutting down most of their information systems. While critical emergency services like 911 remained operational, the shutdown caused widespread disruption for residents, including:

• Disabling of online payment portals for water bills and other city services.

• Outages of Wi-Fi and public computers across the entire St. Paul library system.

• Disruption of internal city networks, impacting municipal workers and services.

Mayor Melvin Carter declared a state of emergency, and the FBI was brought in to lead the criminal investigation into the breach. While officials have not publicly confirmed the specific nature of the attack, such as whether it involved ransomware, the event underscores the severe real-world consequences when a city's digital infrastructure is targeted.

The deployment of the National Guard's cyber team—their first-ever mission within their home state—highlights the escalating severity of cyber threats against local governments.

In a public statement, Governor Tim Walz affirmed the state's commitment: "The Minnesota National Guard's cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts. Above all, we are committed to protecting the safety and security of the people of Saint Paul.”

St. Paul Mayor Melvin Carter described the gravity of the situation at a press conference, stating, "This was not a system glitch or technical error. This was a deliberate, coordinated digital attack carried out by a sophisticated external actor intentionally and criminally targeting our city's information infrastructure."

While the nature of the attack has not been disclosed, the timing of this event with the SharePoint zero-day seems like more than a coincidence. Many cyber threat groups were using the opportunity to deploy ransomware.

You Don't Need Code to Cripple a City

In other news, Santa Barbara suffered a self-inflicted cyber attack when a construction crew took out a critical fiber optic cable with a backhoe. For nearly 24 hours, this single physical cut achieved what many sophisticated hacking groups only dream of: it silenced 9-1-1 emergency lines and crippled the local airport's traffic control.

There was no malicious code, no foreign agent—just a misplaced shovel that instantly severed the digital lifeline for an entire community. The incident is a stark reminder that while we focus on complex digital firewalls, our hyper-connected world remains profoundly vulnerable to simple, physical mistakes. It proves that sometimes the most effective denial-of-service attack isn't launched from a keyboard, but from the bucket of a backhoe.

Confirming the analog nature of this digital outage, local news outlet KEYT reported a Frontier spokesperson stating, “A third-party doing construction work cut fiber lines, disrupting service in the area. We are actively working to repair the damage and restore service.”

From Downed Wires to Downed Servers

This month, the biggest threat in Call of Duty wasn't in the game, but came through it. A critical flaw in the 2017 title, Call of Duty: WWII, allowed hackers to execute malicious code on players' PCs, giving them total control. The attack was alarmingly simple: join a multiplayer lobby, and your computer could be compromised. After videos of live hacks went viral—showing command windows appearing mid-game—Activision was forced to take the PC servers completely offline. The incident serves as a stark warning that even in the world of video games, the threat of real-world digital intrusion is never far away.

According to cybersecurity firm Malwarebytes, as cited by CyberScoop, "The hacking of older titles is an open-air secret among the Call of Duty community," highlighting a long-standing issue where aging game infrastructure can leave players exposed to serious attacks.

The stakes here aren't just your in-game stats, but your real-world identity. A vulnerability like this turns your PC into an open book, making you a target for ransomware, data theft, or having your machine turned into part of a botnet. While publishers are ultimately responsible for patching their games, you can fortify your own digital defenses. Ensure your PC's operating system and security software are always updated, as this can sometimes block the malicious payloads hackers try to deliver. Furthermore, avoid running games with administrator privileges whenever possible, as this creates a crucial barrier that can limit a hacker's control if they do manage to break through.

From the Lab: The Walls (and Bugs) Have Ears

Finally, a look to the future, where the lines between science fiction and our physical reality are rapidly blurring. In the world of personal surveillance, researchers developed WhoFi, a system that uses standard Wi-Fi signals to identify you by the unique way your body disrupts the waves—no phone or device required. The technology can reportedly identify individuals with up to 95% accuracy, meaning your very presence could soon become a trackable, biometric fingerprint.

Meanwhile, on the geopolitical stage, that same push into novel surveillance is taking an even more startling turn. Spurred by a massive increase in defense spending, German tech startups are now developing tank-like AI robots, battlefield drones, and—in the most headline-grabbing example—cyborg "spy" cockroaches. These insects, equipped with miniature cameras and controlled by electrical stimuli, are designed to provide surveillance in hostile environments. Whether it’s the radio waves in a café or the insects on the ground, the message is clear: the next generation of security aims to turn the entire world into a sensor.