Monday, Apr 28, 2025 // (IG): BB // GITHUB // SN R&D
Why Trump's Push to Manufacture iPhones in the U.S. Faces Near-Impossible Challenges
Bottom Line Up Front (BLUF): Efforts by the Trump administration to pressure Apple into manufacturing iPhones in the United States are unlikely to succeed due to the deeply entrenched global supply chains Apple has built over decades. Experts estimate that fully American-made iPhones could cost up to $3,500, with significant barriers including labor shortages, specialized equipment, and reliance on foreign-sourced components.
Analyst Comments: Trump’s push to "reshore" Apple manufacturing taps into political messaging about American jobs but ignores modern supply chains' logistical and economic realities. Shifting iPhone production to the U.S. would take decades and billions in investment, and might never fully replicate China’s integrated manufacturing ecosystem. While Apple is gradually diversifying into India and Vietnam, a wholesale relocation to the U.S. remains unrealistic under current technological and economic conditions. Any aggressive push could result in higher consumer prices and further geopolitical tensions with China.
FROM THE MEDIA: Less than 5% of iPhone components are U.S.-made, including critical components like chips and glass casing. Experts highlighted that even basic elements such as frames and screws rely heavily on Chinese manufacturing due to specialized skills and mass-scale CNC machine availability. While Apple has begun moving some operations to India, its dependence on Chinese and Taiwanese suppliers, particularly for advanced chips, makes a complete U.S. shift nearly impossible in the near term. Supply chain proximity, skilled labor, and infrastructure in China keep costs low and production agile, advantages that the U.S. cannot currently match.
READ THE STORY: FT
China-Linked Online Campaign Urges Far-Right Attacks on Hong Kong Exiles in the UK
Bottom Line Up Front (BLUF): An investigation by The Guardian revealed an online influence operation targeting Hong Kong pro-democracy activists in the UK, inciting far-right violence against them. Cybersecurity analysts say the tactics mirror past Chinese state-linked disinformation campaigns, underscoring the expanding scope of China's transnational repression efforts.
Analyst Comments: China’s covert use of foreign extremist groups to intimidate political dissidents abroad marks a dangerous evolution in online influence operations. By blending nationalism, misinformation, and cross-border incitement, these campaigns threaten to destabilize democratic societies from within. This model — leveraging existing social tensions to attack political exiles — could be replicated elsewhere, heightening risks for activists and broader public security. Western intelligence agencies must develop more sophisticated countermeasures as authoritarian influence operations grow more hybrid and nuanced.
FROM THE MEDIA: Over 150 social media posts across X and Telegram disseminated activists’ addresses and called for action, often using broken English and Chinese time-zone patterns — indicators of foreign manipulation. Experts from Graphika and Microsoft Threat Analysis Center found similarities to "Spamouflage Dragon," a Chinese Ministry of Public Security-linked influence operation. While no physical attacks have been reported, the campaign succeeded in heightening fear among exiles and represents a new tactic in China’s expansive global repression network.
READ THE STORY: The Guardian
Hackers Exploit Critical Craft CMS Vulnerabilities in Widespread Server Attacks
Bottom Line Up Front (BLUF): Since February 2025, attackers have actively exploited two critical vulnerabilities in Craft CMS—CVE-2024-58136 and CVE-2025-32432—in zero-day campaigns. Over 13,000 vulnerable instances have been detected globally, with nearly 300 confirmed compromises, prompting urgent patching and security hardening actions.
Analyst Comments: The attack chain, involving both improper access control and remote code execution (RCE), shows that even patched systems are at risk if fixes are delayed or incomplete. Organizations running Craft CMS must act immediately, repairing and reviewing logs and rotating critical credentials to mitigate potential backdoors. Expect threat actors to automate exploitation further, potentially expanding attacks to less-secure environments and leveraging compromised servers for secondary malware distribution.
FROM THE MEDIA: Orange Cyberdefense SensePost observed attackers exploiting CVE-2024-58136 and CVE-2025-32432 beginning February 14, 2025. CVE-2024-58136 stems from an alternate path protection flaw in the Yii PHP framework used by Craft CMS, while CVE-2025-32432 allows unauthenticated POST requests to trigger server-side image transformations, leading to RCE. Threat actors used Python scripts to identify valid asset IDs and deploy a PHP-based backdoor initially named filemanager.php, later renamed autoload_classmap.php. As of April 18, 2025, approximately 13,000 vulnerable Craft CMS instances were found, with nearly 300 confirmed compromises. Craft CMS urges administrators to inspect web server logs for suspicious POST requests and to immediately rotate security keys and reset credentials if any anomalies are detected.
READ THE STORY: THN
German Start-up Stark Says Fully Autonomous Strike Drones Are "Not Far Off"
Bottom Line Up Front (BLUF): German drone manufacturer Stark announced that fully autonomous strike drones — capable of selecting and hitting targets without human approval — are now technologically viable. Stark’s new OWE-V drone, equipped with advanced real-time decision-making AI, reflects the rapid militarization of autonomous systems amid the Ukraine war and intensifying global competition.
Analyst Comments: Without robust legal frameworks or reliable human-in-the-loop controls, such systems could introduce unpredictable escalation dynamics on the battlefield. Adversarial use by states like Russia or China, where ethical restrictions may be looser, could force Western militaries to rethink their restraint policies. Autonomous drone proliferation will likely spark intense debates over AI ethics, arms control treaties, and defensive counter-autonomy technologies in the next decade.
FROM THE MEDIA: Stark's managing director Philip Lockwood warned that while Europe debates bans on autonomous weapons, rivals like Russia and China are unlikely to hesitate in deploying them. Stark’s OWE-V drone, launched last week, uses AI to autonomously navigate, avoid threats, and strike targets up to 100km away. Although Stark maintains a human-in-the-loop model, the company acknowledges full autonomy is within reach. The war in Ukraine has fueled demand for low-cost, high-precision drones, and start-ups like Stark, Quantum Systems, and Helsing are competing with traditional defense giants. Stark believes distrust toward Russia will ensure long-term European demand, regardless of when the Ukraine conflict ends.
READ THE STORY: FT
Three Critical IXON VPN Client Vulnerabilities Enable Privilege Escalation on Windows and Linux
Bottom Line Up Front (BLUF): Security researchers from Shelltrail identified three serious vulnerabilities in the IXON VPN client, allowing attackers to escalate privileges on Windows and Linux systems. Exploitation could lead to complete system compromise, and while official CVEs are pending, responsible disclosure efforts have delayed full technical details until fixes are available.
Analyst Comments: With industrial control systems as potential targets, exploitation could severely impact operational technology (OT) environments. Companies using IXON VPN clients must treat these findings with urgency, applying mitigations such as strict file permissions and monitoring local services until official patches are released. This case reinforces the critical need for vendors to integrate secure coding practices into supply chain software touching essential infrastructure.
FROM THE MEDIA: Shelltrail researchers disclosed three vulnerabilities — CVE-2025-ZZZ-01, CVE-2025-ZZZ-02, and CVE-2025-ZZZ-03 — in IXON VPN clients for Windows and Linux. One vulnerability (CVE-2025-ZZZ-01) remains undisclosed due to its severity and pending fix. CVE-2025-ZZZ-02 affects Linux, where attackers can temporarily intercept and modify OpenVPN configuration files stored in /tmp/, leading to arbitrary code execution as root. On Windows, CVE-2025-ZZZ-03 allows race conditions in the C:\Windows\Temp directory, enabling low-privileged users to escalate to SYSTEM privileges by injecting malicious OpenVPN configs. IXON acknowledged the vulnerabilities and is working toward mitigation, while users are urged to monitor local processes and restrict access where possible.
READ THE STORY: GBhackers
Toyota Adopts Huawei’s HarmonyOS for China-Only Electric Sedan Amid Rising Tech Nationalism
Bottom Line Up Front (BLUF): Toyota has integrated Huawei’s HarmonyOS into its new bZ7 electric sedan, explicitly designed for the Chinese market. This move signals deeper localization strategies by foreign automakers and growing confidence in Huawei’s Android alternative amid escalating U.S.-China tech tensions.
Analyst Comments: As Huawei expands HarmonyOS across mobile, automotive, and IoT ecosystems, foreign brands operating in China may increasingly need to align with local standards to maintain market access. In the long term, this trend could deepen global technology bifurcation, complicate supply chains, and force automakers to support different operating environments for other regions.
FROM THE MEDIA: Toyota introduced its bZ7 sedan at the Shanghai Auto Show, highlighting a strategic pivot toward vehicles "defined by China." HarmonyOS, Huawei’s homegrown operating system built after U.S. sanctions cut off Android access, now powers the sedan’s infotainment system. While Toyota holds a modest share of the Chinese car market, its endorsement of HarmonyOS suggests growing trust in Chinese tech ecosystems. Meanwhile, SK Telecom in South Korea responded to a cyberattack by offering free SIM replacements to millions of users, and China’s government issued new guidelines for green transformation in digital infrastructure.
READ THE STORY: The Register
Chinese Chipmakers Turn to Open-Source RISC-V to Bypass U.S. Tech Restrictions
Bottom Line Up Front (BLUF): Facing increasing U.S. export controls and trade barriers, Chinese tech giants are accelerating their adoption of the open-source RISC-V instruction set architecture as an alternative to proprietary American technologies like x86 and ARM. Companies like Alibaba, Tencent, and Huawei are leading the charge, aiming to achieve greater technological self-sufficiency in high-performance computing and data centers.
Analyst Comments: China's pivot toward RISC-V marks a strategic realignment in the global semiconductor landscape, undermining U.S. dominance in processor IP. While RISC-V initially served low-power devices, rapid advancements are pushing it into server-grade and AI markets, potentially threatening traditional players like Intel, AMD, ARM, and Nvidia. Long-term, the proliferation of RISC-V could fragment the CPU ecosystem, create new standards battles, and increase geopolitical competition around open-source hardware development. Organizations with global supply chains should prepare for a more diversified and politically influenced chip market.
FROM THE MEDIA: RISC-V adoption in China has surged as major companies like Alibaba, Tencent, and Huawei invest heavily in the open-source architecture to reduce dependence on U.S.-controlled IP. Beijing is backing the effort as part of its broader push for technological sovereignty. Alibaba recently launched a server-grade RISC-V processor, and the Chinese Academy of Sciences is collaborating with tech giants to produce a data center-class RISC-V chip by year-end. These developments signal RISC-V’s evolution from a microcontroller focus toward challenging established architectures in enterprise computing and machine learning applications.
READ THE STORY: CCN
China Claims Resilience Against Loss of U.S. Farm and Energy Imports Amid Trade War
Bottom Line Up Front (BLUF): Chinese economic officials stated they could replace U.S. agricultural and energy imports with domestic production and alternative suppliers like Brazil and Argentina, as tensions from Trump’s renewed trade war escalate. Despite rising external shocks, Beijing remains committed to achieving its 5% GDP growth target for 2025.
Analyst Comments: China’s public messaging reflects a strategic pivot toward economic self-reliance and trade diversification in response to worsening U.S. relations. While Beijing appears confident in mitigating immediate impacts, the long-term economic friction could deepen supply chain realignments and accelerate decoupling trends. U.S. agricultural and energy exporters face tangible losses, while China's broader efforts to stabilize domestic employment and stimulate internal consumption reveal growing concerns over internal vulnerabilities. Investors and global firms should prepare for persistent volatility in U.S.-China trade dynamics.
FROM THE MEDIA: Zhao Chenxin of China’s National Development and Reform Commission declared that American agricultural and energy goods are "highly substitutable" and not critical to China’s supply security. In 2023, the U.S. accounted for 13.5% of China’s food imports, a sharp decline from 20.7% in 2016, while Brazil's share rose substantially. China emphasized its ability to maintain economic stability even as U.S. tariffs on Chinese goods soar above 100%. Policymakers pledged measures to stabilize employment, boost domestic demand, and maintain a stable renminbi. Despite signs of economic strain, Chinese officials project confidence in achieving their annual growth objectives.
READ THE STORY: FT
Samsung Galaxy Devices Exposed: Clipboard Plaintext Storage Poses Password Leak Risk
Bottom Line Up Front (BLUF): Samsung has acknowledged that its Galaxy devices store copied clipboard data — including passwords — in plaintext without expiration, exposing sensitive information to potential exploitation. The issue affects devices running Samsung’s One UI and highlights a critical mobile security risk for millions of users.
Analyst Comments: This clipboard vulnerability reflects a broader trend where convenience features compromise security, especially on widely used consumer devices. Attackers who gain access to a device — even temporarily — could harvest credentials, dramatically lowering the barrier for privilege escalation or account takeover. Samsung’s slow response and reliance on manual user intervention (clearing clipboard history) signal a need for stronger, automatic clipboard protection policies. Expect greater scrutiny of clipboard security across Android vendors and possibly a regulatory push for stricter mobile data handling standards.
FROM THE MEDIA: A user named "OicitrapDraz" reported on Samsung’s community forums that passwords copied from password managers remained stored unencrypted in the clipboard history on Galaxy devices. Samsung confirmed that clipboard management is handled at the system level in One UI, recommending users manually clear their history when handling sensitive data. This revelation comes amid rising concerns over mobile security, especially as attackers increasingly target smartphones for credential theft. The Register emphasized that storing sensitive data in plaintext without expiration greatly magnifies the risks if a device is lost, stolen, or compromised.
READ THE STORY: The Register
Zero-Day in Viasat Modems (CVE-2024-6198) Enables Remote Code Execution Across Critical Infrastructure
Bottom Line Up Front (BLUF): A severe zero-day vulnerability, CVE-2024-6198, has been discovered in multiple Viasat satellite modem models. The flaw allows unauthenticated remote code execution via a stack buffer overflow and threatens essential communication systems, particularly where satellite modems underpin critical infrastructure.
Analyst Comments: Although Viasat has deployed OTA patches, any unpatched or offline devices remain highly vulnerable to targeted exploitation. Given the wide adoption of these modems in sensitive environments, attackers could weaponize CVE-2024-6198 for espionage or disruption. Future regulatory pressure may push vendors to enforce transparency and mandatory third-party firmware audits to prevent similar latent threats.
FROM THE MEDIA: The issue lies in unsafe handling of HTTP request parameters within the SNORE web interface’s CGI binaries, allowing attackers to craft malicious requests that trigger stack buffer overflows. Exploitation enables full control over vulnerable devices, even bypassing non-executable stack protections using return-oriented programming (ROP) techniques. Firmware versions prior to 3.8.0.4 and 4.3.0.2 are affected. Disclosure began in May 2024 and culminated in public reporting after ensuring widespread patch deployment. Viasat urges users to bring devices online for automatic patching and to confirm firmware updates manually.
READ THE STORY: GBhackers
Items of interest
Mark Carney and Pierre Poilievre Battle for Canada’s Political Future in Crucial 2025 Election
Bottom Line Up Front (BLUF): Canada's 2025 federal election has become a showdown between Liberal Prime Minister Mark Carney and Conservative leader Pierre Poilievre, with both leaders representing sharply contrasting visions. In a dramatic shift, some traditionally conservative voters have abandoned Poilievre, citing concerns about far-right rhetoric and U.S. political influence.
Analyst Comments: This election marks a pivotal moment for Canada, testing whether voters will prioritize economic pragmatism under Carney or anti-establishment populism under Poilievre. The outcome could reshape Canada’s domestic policies and international stance, particularly amid rising tensions with the United States. High early voter turnout suggests intense public engagement, but the ultimate decision will likely hinge on swing districts like Carleton and urban centers in Ontario. A Liberal victory could usher closer alignment with global centrism, while a Conservative win might accelerate political polarization.
FROM THE MEDIA: In west Ottawa's Carleton district, lifelong Conservative voters like June and Bob Neske have shifted their support to the Liberals, citing discomfort with Pierre Poilievre's rhetoric and perceived alignment with far-right U.S. politics. Carney’s campaign has gained ground, partly due to Donald Trump’s re-election in the U.S., which rallied Canadians concerned about sovereignty and stability. Advance polls saw a 25% increase in voter turnout compared to 2021, with Carleton reporting the highest participation nationally. Conservative insiders remain optimistic about voter mobilization but acknowledge the fierce competition. The Liberals, under Carney, are projected to win the most seats according to CBC's poll tracker, although a minority government remains a possibility.
READ THE STORY: FT
The Canadian Election That Almost Changed Everything (Video)
FROM THE MEDIA: The 2011 Canadian Election was really fascinating in that it went differently than many were expecting.
Is Trump Super Charging Canadian Culture? (Video)
FROM THE MEDIA: Since the U.S. president has been discussing annexing Canada, there has been a surge of pride in Canadian identity. Yet, over many years, Canadians have struggled to define their culture as separate from the U.S. since the two are intertwined, especially in terms of most genres of the arts. What sets Canada apart? And do Canadian art and artists need a renaissance? We ask David Leonard, executive director of the Writers Trust Fund of Canada; Andrew Cash, president and CEO of CIMA; Marsha Lederman, arts journalist; and Tonya Williams, founder of the Reelworld Film Festival.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.