- Exzec Cyber Newsletter
- Posts
- From Dams to Data: Hackers Break the Flow
From Dams to Data: Hackers Break the Flow
Russian hackers flood a Norwegian dam, Salesforce flaw floods TransUnion’s database.
⏱️ ≈ 7-minute read
Editor’s Note: This week, cyber isn’t just in your inbox—it’s in your water and in your wallet. Infrastructure gets sabotaged, millions get doxxed, and regulators flex in court.
📜 Table of Contents
📌 Big News – Russian hackers breach a Norwegian dam; TransUnion breach hits 4.5M via Salesforce
🚨 Can’t Miss – Belgian telecom breach, FCC rules upheld, Nevada State attacked, DaVita fallout
🤖 AI in Cyber – AI-powered ransomware, Anthropic misuse for extortion, Comet browser flaws, Microsoft’s malware-hunting AI
🧪 Strange Cyber Story – $199 gadget lets thieves steal your car
🚨 Big Stories
🌊 Norwegian Dam Hack Allegedly Flooded 1.9M Gallons
Intro: Norway’s water authority didn’t expect Moscow to open the floodgates—literally.
What Happened: Police reported Russian hackers briefly seized control of a dam in western Norway, releasing an estimated 1.9 million gallons of water before operators regained control. Malware traced to a GRU-linked group was designed to manipulate industrial control systems remotely.
Why It’s Important: It’s a chilling case of “cyber-physical” attack. Unlike ransomware that stays digital, this hack tampered with real-world infrastructure in a NATO country.
The Other Side: Officials say damage was limited and no communities were flooded, but the message was unmistakable: infrastructure is fair game.
The Takeaway: If your OT network is reachable, assume adversaries are already mapping it.
TL;DR: Russian hackers allegedly hijacked a Norwegian dam, proving critical infrastructure isn’t just targeted—it’s vulnerable.
Further Reading:
“Security is a process, not a product.” — Bruce SchneierGo from AI overwhelmed to AI savvy professional
AI will eliminate 300 million jobs in the next 5 years.
Yours doesn't have to be one of them.
Here's how to future-proof your career:
Join the Superhuman AI newsletter - read by 1M+ professionals
Learn AI skills in 3 mins a day
Become the AI expert on your team
🗂️ TransUnion Breach Exposes 4.5M People via Salesforce Integration
Intro: Credit bureau + CRM integration = criminal jackpot.
What Happened: TransUnion confirmed a breach impacting 4.5 million Americans after attackers compromised a Salesforce integration. Exposed data includes Social Security numbers, dates of birth, and credit info. Victims are being offered credit monitoring and fraud alerts.
Why It’s Important: A breach at a credit bureau is high-stakes: attackers don’t just get emails—they get the crown jewels of identity theft. This also underscores the risks of third-party SaaS integrations.
The Other Side: TransUnion says its core credit systems were not directly compromised, but for consumers, that’s cold comfort when SSNs are loose on the dark web.
The Takeaway: Your supply chain is only as strong as your SaaS plugin.
TL;DR: Hackers exploited a Salesforce link to breach TransUnion, exposing 4.5M SSNs and credit records.
Further Reading:
🔥 Can’t Miss
📡 Belgian Telecom Breach Exposed 850K Accounts
One of Belgium’s largest telecoms disclosed personal data exposure of ~850K accounts.
Takeaway: Even regional telcos are global cyber targets.⚖️ FCC Telecom Breach Rules Upheld by Appeals Court
Court affirmed mandatory, accelerated breach reporting rules for U.S. telecoms.
Takeaway: Legal timelines just became another SLA for CISOs.🏛️ Nevada State Government Knocked Offline by Cyberattack
A “wide-ranging network security incident” forced Nevada to shut down websites, phones, and DMV services. CISA and FBI were called in.
Takeaway: If hackers can turn off a U.S. state, every local gov should be triple-checking its firewalls.🏥 DaVita Breach Impact Expands to 2.7M Patients
Fallout continues—HHS filings show scope nearly tripled, lawsuits underway.
Takeaway: Healthcare remains ransomware’s softest, most lucrative target.
Want to get the most out of ChatGPT?
ChatGPT is a superpower if you know how to use it correctly.
Discover how HubSpot's guide to AI can elevate both your productivity and creativity to get more things done.
Learn to automate tasks, enhance decision-making, and foster innovation with the power of AI.
🤖 AI in Cyber
🔒 PromptLock: AI-Powered Ransomware Emerges
Researchers discovered ransomware dynamically generating payloads via AI models.
Takeaway: Ransomware now writes itself—literally.📂 Anthropic AI Misused for Data Extortion
Criminals used Anthropic’s agentic AI to run extortion campaigns.
Takeaway: AI doesn’t just scale business—it scales crime.🌐 Comet AI Browser Flaws Enable Indirect Prompt Injection
Security researchers showed the Comet browser can be hijacked with malicious prompts.
Takeaway: $200/month for a browser that fills in the attacker’s blanks—what a steal.🛡️ Microsoft’s Project Ire Hunts Malware with AI
Prototype AI agent identified 90% of malicious files in testing.
Takeaway: Helpful sidekick—but not ready to replace your SOC.
🧟♂️ Strange Cyber
🚗 $199 Hacking Gadget Lets Thieves Steal Cars
Intro: Forget crowbars—now you just need Amazon Prime.
What Happened: Researchers exposed a handheld $199 device (the FlipperZero) that can bypass modern keyless entry systems. The device can unlock and start vehicles from multiple major manufacturers by emulating the radio signals between fobs and cars. Videos show it working in seconds, with no technical skill required.
Why It’s Important: Car theft is now accessible to script kiddies—no malware needed. For automakers and insurers, this isn’t just about stolen vehicles; it’s a systemic design flaw affecting millions of cars on the road.
The Other Side: Automakers insist physical possession is required. Critics note cheap availability makes that point moot.
The Takeaway: Convenience features keep selling—but they keep opening doors for attackers too.
TL;DR: A cheap handheld tool lets thieves bypass car keyless entry systems in seconds, proving convenience continues to outpace security.
Further Reading:
Thanks for reading this week’s edition. Like what you see? Forward it!
Hate everything you see or have other feedback? Reply back to this email!