Thursday, May 15, 2025 // (IG): BB // GITHUB // SN R&D
Rogue Communication Devices in Chinese Solar Inverters Raise Grid Security Concerns
Bottom Line Up Front (BLUF): Unregistered communication components have been discovered in Chinese-manufactured solar inverters and batteries, prompting U.S. and European officials to reassess supply chain cybersecurity. These “rogue” devices could allow remote access or manipulation of energy infrastructure, raising alarms over sabotage or espionage risks tied to critical infrastructure components.
Analyst Comments: Inverters are vital to grid operations and are increasingly digitized, making them potential targets for nation-state adversaries. The lack of transparency and documentation around these embedded devices suggests a systemic risk, particularly given the global market dominance of Chinese suppliers like Huawei and Sungrow. Expect increased regulatory scrutiny, potential restrictions on imports, and stronger demands for software bills of materials (SBOMs) and security audits in energy tech.
FROM THE MEDIA: These devices could allow external actors to bypass firewalls and manipulate grid-connected equipment. Though the specific manufacturers and volume of affected devices were not disclosed, industry analysts point to Huawei and Sungrow holding over 50% of the global inverter market share. The European Solar Manufacturing Council (ESMC) has called the issue a “systemic risk” and is urging the European Commission to audit all grid-connected energy hardware from high-risk vendors. A joint report from SolarPower Europe and DNV warned that cyberattacks on just 3GW of inverter capacity could destabilize energy systems. With high geopolitical tensions, the issue may accelerate moves to localize or diversify critical component manufacturing in the U.S. and Europe.
READ THE STORY: TechRadar
Russia’s Victory Day Internet Blackout Sparks Global Condemnation from Digital Rights Groups
Bottom Line Up Front (BLUF): Russia imposed a nationwide mobile internet shutdown during Victory Day celebrations from May 5 to May 9, citing national security concerns. The blackout, which affected over 30 regions, disrupted essential services and was denounced by Access Now and 29 other digital rights organizations for violating human rights and lacking transparency.
Analyst Comments: While framed as protective measures against hybrid warfare, these shutdowns risk long-term reputational damage and undermine civilian trust in digital infrastructure. In cybersecurity, such actions pose operational and economic risks, especially for small businesses dependent on mobile internet. Internationally, they fuel concerns about the normalization of internet shutdowns by authoritarian regimes.
FROM THE MEDIA: Authorities claimed the move was to prevent potential Ukrainian drone attacks, though no such incidents were reported. Access Now and Roskomsvoboda reported that the shutdown severely impacted daily life, halting digital banking, online shopping, and government services. Small businesses and mobile-based marketplaces like Wildberries and Yandex Market were hit particularly hard. Despite pushback from rights groups, Russian officials, including Kremlin spokesperson Dmitry Peskov and MP Anton Nemkin, defended the action as necessary for public safety amid hybrid warfare threats.
READ THE STORY: The Record
Chrome Zero-Day Exploit CVE-2025-4664 Enables Cross-Origin Data Leakage
Bottom Line Up Front (BLUF): Google has patched a high-severity vulnerability in Chrome (CVE-2025-4664), allowing attackers to leak cross-origin data using a crafted HTML page. The issue, actively exploited in the wild, stems from improper enforcement of referrer policies by the browser's Loader component.
Analyst Comments: Third-party domains’ ability to capture query parameters significantly raises the risk of credential exposure and session hijacking. Since many applications pass sensitive tokens in URLs, this leakage could facilitate full account takeovers in targeted attacks. Organizations must ensure all Chromium-based browsers are updated promptly.
FROM THE MEDIA: Security researcher Vsevolod Kokorin first disclosed the bug on May 5, revealing that attackers can manipulate the Link header to set referrer-policy: unsafe-url, thereby leaking full query strings—including sensitive tokens—via third-party resources such as images. Google confirmed active exploitation of the flaw and urged users to update to version 136.0.7103.113 or higher. Other Chromium-based browsers like Edge, Brave, Opera, and Vivaldi are also potentially affected and should apply fixes when available.
READ THE STORY: THN
US Faces Space Policy Drift Amid Leadership Vacuum in Trump Administration
Bottom Line Up Front (BLUF): Despite ambitious goals to land Americans on Mars and return to the Moon, the Trump administration lacks centralized leadership in space policy, leading to confusion within the aerospace industry and Congress. Key coordinating bodies, including the National Space Council, remain unstaffed, and budget priorities conflict with NASA’s stated goals.
Analyst Comments: The absence of clear direction in U.S. space policy presents risks to scientific progress and national competitiveness, particularly as China and Russia advance lunar ambitions. Budget cuts to NASA science programs, reportedly influenced by the Office of Management and Budget (OMB), could hamper long-term exploration objectives. The delay in confirming NASA leadership and staffing the Space Council underscores a deeper issue: space policy appears driven by ideological agendas rather than coordinated national strategy. Without a unified vision, the U.S. risks falling behind in the next phase of space competition.
FROM THE MEDIA: Industry leaders and congressional staff express confusion about who is driving policy. The National Space Council remains unstaffed, and NASA’s nominee, Jared Isaacman, has yet to be confirmed. The administration’s proposed NASA budget cuts $2.2 billion from space science while boosting funding for Mars missions, a pivot that contradicts Isaacman’s support for scientific programs. Sources suggest OMB Director Russell Vought, aligned with a conservative think tank, may be behind the funding shifts. With key advisory bodies like the National Security Council undergoing staff cuts, there is little coordination between agencies or departments. Experts warn that U.S. space policy could devolve into isolated decisions rather than a cohesive strategy without transparent governance.
READ THE STORY: Politico
Rethinking CVSS: Adversarial Exposure Validation Offers Real-World Risk Assessment
Bottom Line Up Front (BLUF): The Common Vulnerability Scoring System (CVSS), once revolutionary for standardized vulnerability assessment, is now seen as insufficient for modern cybersecurity. A growing consensus, including from experts at Picus Security, is calling for a shift toward Adversarial Exposure Validation (AEV)—a dynamic, evidence-based approach that evaluates whether vulnerabilities are truly exploitable within an organization’s environment.
Analyst Comments: CVSS remains valuable for triage but lacks situational awareness. In today’s complex threat landscape, prioritizing vulnerabilities based solely on abstract scores leads to inefficiency, wasted effort, and potentially overlooked critical paths. AEV addresses these shortcomings by simulating real-world attacks to validate exploitability, contextual impact, and asset sensitivity. This marks a strategic shift from predictive risk modeling to operational proof, aligning security resources with actual threat likelihood and business risk.
FROM THE MEDIA: Picus Security's Sıla Özeren argues that CVSS ratings no longer reflect practical risk. CVSS treats vulnerabilities as isolated theoretical issues, failing to consider compensating controls, absolute attack paths, and business context. This results in wasted remediation cycles and vulnerability overload. AEV instead simulates adversarial behavior in live environments to determine if a vulnerability contributes to a viable attack chain. Organizations gain sharper prioritization, improved communication, and smarter security control testing by focusing on real, exploitable threats. Özeren emphasizes that AEV augments rather than replaces CVSS, transforming it into a more actionable decision-making tool.
READ THE STORY: The Register
U.S. Nears Deal to Export 500,000 Nvidia AI Chips Annually to UAE
Bottom Line Up Front (BLUF): The U.S. is close to finalizing a deal allowing the United Arab Emirates to import 500,000 of Nvidia’s advanced AI chips per year through at least 2027. The chips, including models like Blackwell and potentially Rubin, would power data center expansion in the Gulf, with 20% allocated to Emirati firm G42. The deal, still under negotiation, has drawn internal U.S. opposition over national security concerns.
Analyst Comments: If completed, this agreement could establish the Gulf region, particularly the UAE and Saudi Arabia, as a third global AI hub, alongside the U.S. and China. However, the scale of access to U.S. chip technology by foreign actors raises questions about oversight, export control integrity, and geopolitical risks. The deal’s stipulation that G42 must build equivalent data centers in the U.S. appears to be a strategic hedge, though enforcement and data residency remain unclear. With U.S. restrictions on China still in place, Washington seems to be walking a tightrope: enabling allies while attempting to contain adversaries.
FROM THE MEDIA: About 100,000 will go to G42, a UAE-based tech company linked to national security adviser Sheikh Tahnoon bin Zayed Al Nahyan. The rest would be available to U.S. companies like Microsoft and Oracle in UAE-based data centers. The agreement, which may extend through 2030, mandates that G42 must match each UAE data center with one built in the U.S. While the Trump administration promotes the deal as a diplomatic and economic win, some officials within the U.S. government are expressing concern about technology diversion risks. The agreement follows the administration’s rollback of Biden-era chip export controls, including the controversial “AI Diffusion Rule.”
READ THE STORY: Reuters
VPN Secure Parent Faces Backlash After Canceling ‘Lifetime’ Subscriptions
Bottom Line Up Front (BLUF): Thousands of “lifetime” VPN Secure subscriptions have been abruptly canceled by the new owner, InfiniteQuant Ltd, sparking widespread user outrage. The company claims it was unaware of the legacy deals during the 2023 acquisition and now cites unsustainable costs and missing documentation as reasons for terminating the plans.
Analyst Comments: The case also underscores the need for thorough due diligence in cybersecurity-related acquisitions. The absence of transparency around company ownership, especially involving offshore entities, raises further concerns about accountability and user trust. As privacy tools become essential digital infrastructure, vendor reliability and ethical management will be scrutinized more than ever.
FROM THE MEDIA: InfiniteQuant Ltd, a Bahamas-based company that acquired VPN Secure in 2023, has canceled thousands of lifetime VPN subscriptions, stating it was unaware of the commitments until months after purchase. CEO Romain Brabant told The Register that the previous owner, Australia-based BoostNetwork Pty Ltd, had failed to disclose the deals widely advertised online for as little as $27.99. Users were notified in April, with follow-up communications in May that did little to quell frustration. InfiniteQuant has since offered discounted plans to affected users, blaming outdated mailing lists and high bounce rates for communication failures. Brabant defended the move by citing technical debt and financial sustainability, but acknowledged the company did not examine legacy agreements during the acquisition. No refunds are being offered.
READ THE STORY: The Register
Samsung Patches Actively Exploited CVE-2025-4632 in MagicINFO 9 Used to Deploy Mirai Botnet
Bottom Line Up Front (BLUF): Samsung has released a critical patch for CVE-2025-4632, a path traversal vulnerability in its MagicINFO 9 Server platform, which was actively exploited in the wild to deploy Mirai botnet variants. With a CVSS score of 9.8, the flaw bypassed a previous fix for CVE-2024-7399 and allowed attackers to write arbitrary files with system-level privileges.
Analyst Comments: Using this flaw to deploy Mirai demonstrates how legacy malware families continue to evolve and exploit enterprise IoT management software. Organizations running MagicINFO v8 or v9.21.1050.0 remain at risk and should urgently upgrade to version 21.1052.0. Security teams should also note the multistage patching complexity, which may hinder immediate remediation in environments with upgrade dependencies.
FROM THE MEDIA: Samsung confirmed that its updated version 21.1052 of MagicINFO 9 Server addresses CVE-2025-4632, a path traversal vulnerability allowing arbitrary file writes with system privileges. The flaw serves as a bypass to CVE-2024-7399 and was discovered in the wild shortly after a proof-of-concept (PoC) was published on April 30, 2025, by SSD Disclosure. Huntress researchers identified real-world exploitation in at least three incidents, where attackers deployed payloads such as srvany.exe and conducted reconnaissance. The Mirai botnet was among the malware observed leveraging this exploit.
READ THE STORY: THN
U.S. Rescinds ‘AI Diffusion Rule,’ Boosting Global Chip Sales Amid Export Control Revamp
Bottom Line Up Front (BLUF): The U.S. Department of Commerce has officially rescinded the Biden-era “AI Diffusion Rule,” which had restricted AI chip exports to countries like India and Switzerland. The Trump administration argued the rule harmed innovation, imposed excessive regulatory burdens, and strained diplomatic ties. The rollback will benefit U.S. chipmakers like Nvidia, AMD, and Intel.
Analyst Comments: This move reflects growing pressure from the tech industry to balance national security concerns with global market opportunities. While the change favors American firms and allies in regions like the Middle East and Southeast Asia, it also introduces uncertainty about future enforcement, especially as the administration considers new bilateral export agreements. Watch for increased scrutiny on Chinese technology platforms like Huawei, as enforcement shifts to compliance with broader global guidelines.
FROM THE MEDIA: The U.S. Department of Commerce announced the elimination of the “AI Diffusion Rule,” a regulation introduced in the final days of the Biden administration that capped the sale of advanced AI chips to most non-allied nations. The rule faced intense opposition from U.S. tech firms, including Microsoft, Oracle, and Nvidia, arguing that it hindered innovation and cut off potential markets. The Trump administration stated the policy’s repeal would allow America to collaborate more freely with trusted partners while reinforcing restrictions against adversaries like China. Officials reiterated that using Huawei’s Ascend chips violates U.S. export controls. Analysts suggest the U.S. may now adopt a country-by-country negotiation model to redefine chip export terms, starting with strategic allies such as Saudi Arabia, the UAE, Singapore, and Israel.
READ THE STORY: WSJ
U.S. Faces Growing Pressure to Reinvest in Supercomputing as Global Rivals Surge Ahead
Bottom Line Up Front (BLUF): Despite maintaining current federal funding levels for supercomputing, experts warn the U.S. risks falling behind in global high-performance computing (HPC) leadership due to a lack of a coordinated national strategy. Budget cuts targeting science agencies like the NSF and the uncertain future of the CHIPS and Science Act raise concerns about sustaining progress in AI and quantum computing infrastructure.
Analyst Comments: The U.S. supercomputing advantage remains largely due to an efficient innovation ecosystem and strong public-private collaboration. However, geopolitical competitors like China and the EU aggressively fund next-generation systems and modular chip architectures. Without renewed federal commitment and workforce development in STEM, the U.S. may lose momentum in critical sectors such as AI model training, energy simulations, and national defense analytics. The ongoing policy volatility under the Trump administration adds unpredictability to long-term innovation planning.
FROM THE MEDIA: Veteran researcher Jack Dongarra warned that the U.S. risks trailing Europe’s EuroHPC and Japan’s Fugaku efforts without a unified national strategy. While the Trump administration has kept funding stable for major initiatives like AI and quantum computing, proposed cuts to the National Science Foundation could undermine programs vital to future HPC development. Projects like the El Capitan exascale computer, launched in February at Lawrence Livermore National Laboratory, demonstrate recent progress, but further advancements depend on continued investment. Experts also raised alarms over the potential dismantling of the CHIPS and Science Act, which funds next-generation chiplet and modular computing research.
READ THE STORY: Politico
Chinese APTs Exploit SAP NetWeaver Zero-Day (CVE-2025-31324) in Espionage Campaign on Critical Infrastructure
Bottom Line Up Front (BLUF): Chinese nation-state actors have exploited a zero-day vulnerability in SAP NetWeaver (CVE-2025-31324) to infiltrate critical infrastructure globally. The flaw allows unauthenticated remote code execution via file upload. At least 581 SAP instances were compromised using webshells, with victims spanning vital sectors in the US, UK, and Saudi Arabia.
Analyst Comments: The exploitation of SAP NetWeaver highlights the strategic shift by Chinese APTs to target enterprise applications commonly linked to industrial control systems (ICS). The attackers’ use of custom and stealthy payloads—like Behinder-style webshells, KrustyLoader, and the SNOWLIGHT downloader—demonstrates operational sophistication and long-term planning. Organizations with exposed SAP systems must treat this as a priority threat, given the lack of segmentation in many environments and the persistent espionage objectives of these threat actors.
FROM THE MEDIA: The flaw allows remote attackers to upload files and execute code on affected systems without authentication. Threat actors linked to China's Ministry of State Security, including UNC5221, UNC5174, and CL-STA-0048, have used this vector to compromise critical infrastructure networks. The attackers deployed two types of webshells—coreasp.js and forwardsap.jsp—and used AWS S3 buckets to deliver KrustyLoader malware. The campaign impacted over 500 known SAP systems, with further post-exploitation efforts targeting cloud workloads and VMware ESXi environments.
READ THE STORY: GBhackers
Items of interest
Cyberattack Disrupts Operations at U.S. Steel Giant Nucor
Bottom Line Up Front (BLUF): Nucor, the largest steel manufacturer in North America, confirmed a cybersecurity incident that forced it to take some operations offline. The company disclosed unauthorized access to its IT systems in an SEC 8-K filing, but has not yet detailed the scale or nature of the attack. Production at select facilities was halted as a precaution while recovery efforts are underway.
Analyst Comments: This attack adds to a growing pattern of cybersecurity threats targeting industrial and manufacturing firms. Given Nucor's size—300 locations and nearly $8 billion in quarterly revenue—the disruption underscores the systemic risks posed by even partial operational downtime in critical supply chains. While no threat actor has been publicly linked yet, such incidents are often financially motivated or conducted for espionage. Manufacturers remain prime targets due to legacy systems, complex supply chains, and limited downtime tolerances.
FROM THE MEDIA: Nucor disclosed in a federal 8-K filing that it had experienced unauthorized third-party access to its IT systems. The company took immediate containment actions, including shutting down potentially compromised systems and enacting its incident response plan. While Nucor has not provided specifics on the impacted locations or the type of cyber intrusion, it emphasized that operational suspensions were a precautionary measure. The steelmaker, which employs around 25,000 people across North America, is actively working to restore affected systems. The news follows a recent wave of cyber incidents impacting U.S. manufacturers like Masimo, Sensata, and Microchip Technology.
READ THE STORY: The Record
Vice President JD Vance visits South Carolina, tours Nucor Steel (Video)
FROM THE MEDIA: Vice President JD Vance and EPA Administrator Lee Zeldin toured Nucor Steel Berkeley in South Carolina on Thursday. During the visit, Vance said the reason for his tour was to celebrate not only the steelworkers but the Trump Administration's first 100 days in office.
NUCOR Steel $280 million expansion (Video)
FROM THE MEDIA: Nucor Corporation is investing $280 million to expand its steel production line in Tuscaloosa County, Alabama. While the project won’t create new jobs, it will secure 400 existing high-paying positions and introduce domestic production of diamond plate steel—previously imported. The expansion will be supported by local tax incentives and is expected to complete by 2027.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.