Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

Clarification Notice: In last week's coverage of Niagara Framework vulnerabilities that Tridium notified customers about in May of 2025, we referenced NIST/NVD scores reaching 9.8 ('Critical'). However, both Nozomi Networks (the discovering researchers) and Tridium/Honeywell rate these same thirteen vulnerabilities at 4.1–7.7 ('Medium–High'). This discrepancy reflects different CVSS calculation methods: NIST uses "base" scores (CVSS methodology) without temporal and environmental context, which is what Hacker News used in their article, while Nozomi and Tridium applied comprehensive scoring including real-world mitigation factors. 

This Week’s Cyber Insights

• 🤖 Agentic AI Agents Weaponized for Large-Scale Cy …

• 🌊 AI-Coordinated DDoS Attacks Will Overwhelm Trad …

• 🏧 UNC2891 Hackers Breach ATM Networks Using 4G Ra …

• 👻 Shadow AI Increases Data Breach Costs by $670K, …

• 📰 Further Alerts & Insights

🤖 Agentic AI Agents Weaponized for Large-Scale Cyberattacks

CultureAI research demonstrates AI agents can automate sophisticated attack campaigns with simple text prompts, fundamentally lowering barriers for threat actors to conduct credential stuffing, reconnaissance, and mass phishing operations.

• OpenAI's Operator identified new employees at target companies within minutes using LinkedIn analysis

• AI agents successfully accessed accounts using target email addresses and breached password lists

• Automated reconnaissance extracts names, roles, start dates for highly targeted phishing campaigns

• Computer-Using Agents (CUAs) can browse internet and use applications with minimal human oversight

• Traditional security methods like annual training inadequate against automated human-focused attacks

• Requires shift to real-time behavioral monitoring and phishing-resistant technologies

🤔 The Bigger Picture:

Agentic AI transforms building security by enabling automated attacks against facility management teams who control HVAC, access systems, and safety protocols. Facility managers must implement behavioral monitoring and multi-factor authentication across building systems, as AI agents can rapidly identify and exploit human vulnerabilities in smart building operations faster than traditional security awareness can address.

Read the full article

🌊 AI-Coordinated DDoS Attacks Will Overwhelm Traditional Defenses

Netscout research warns AI assistants will transform DDoS-for-hire services from automated to truly intelligent attacks, enabling natural language prompts like "take down competitor's website during Black Friday" to orchestrate sophisticated multi-vector campaigns.

• DDoS services evolved from point-and-click to automated platforms with API integration and adaptive capabilities

• AI assistants eliminate need to understand attack vectors, enabling low-skilled hackers to launch effective campaigns

• Future attacks will analyze defensive responses real-time, identify rate-limiting thresholds, mimic legitimate traffic

• Platforms already offer automated scheduling, parameter adjustment, and sustained campaign management

• AI-enhanced attacks coordinate multi-vector campaigns that evolve faster than human defenders can respond

• Traditional playbooks assuming human-speed attacks must be replaced with autonomous response capabilities

🤔 The Bigger Picture:

AI-coordinated DDoS attacks pose existential threats to smart building operations as attackers can intelligently target building management networks, HVAC systems, and safety protocols. Facility managers need machine learning-based detection systems and autonomous response capabilities to defend against attacks that adapt at machine speed, potentially disrupting critical building functions and endangering occupant safety.

Read the full article

🏧 UNC2891 Hackers Breach ATM Networks Using 4G Raspberry Pi Device

Group-IB researchers uncovered sophisticated physical attack where financially motivated threat group installed 4G-equipped Raspberry Pi directly into ATM network, bypassing traditional digital defenses with hybrid physical-cyber approach.

• Raspberry Pi connected to same network switch as ATM, placing device inside bank's internal perimeter

• 4G modem enabled remote C2 operations completely bypassing firewalls and network defenses

• TINYSHELL backdoor used Dynamic DNS domains for continuous external access

• New anti-forensics technique using Linux bind mounts hides malicious processes (MITRE T1564.013)

• CAKETAP rootkit designed to manipulate HSM responses and enable fraudulent cash withdrawals

• Standard forensic tools failed detection; required memory analysis and continuous network monitoring

🤔 The Bigger Picture:

This attack demonstrates how critical infrastructure faces evolving threats combining physical access with advanced digital tactics. Facility managers must secure both network infrastructure and physical access points, as attackers increasingly target the convergence of IT/OT systems through unconventional entry methods that bypass traditional perimeter defenses.

Read the full article

👻 Shadow AI Increases Data Breach Costs by $670K, IBM Reports

IBM's Cost of Data Breach report reveals unmonitored AI tools significantly increase breach costs, with organizations experiencing shadow AI attacks paying average $670K more than firms with minimal shadow AI exposure.

• 20% of organizations experienced cyberattacks due to shadow AI security issues

• Only 13% reported AI tool breaches, but 97% of affected organizations lacked proper AI access controls

• 60% of AI platform compromises led to additional data store breaches, 31% caused operational disruptions

• Supply chain intrusions most common attack vector through compromised apps, APIs, and plug-ins

• 63% of breached companies had no AI governance policies, 34% regularly check networks for unsanctioned tools

• Attackers use AI for phishing (37%) and deepfake impersonation attacks (35%)

🤔 The Bigger Picture:

Shadow AI poses significant risks to smart building operations as facility management teams deploy AI tools without proper oversight. Building operators must implement AI governance policies and zero-trust principles for AI platforms controlling HVAC, security, and energy systems to prevent costly operational disruptions and data breaches.

Read the full article

Further Alerts & Insights