Monday, May 26, 2025 // (IG): BB // GITHUB // SN R&D
New Class of Quantum Particles—Paraparticles—Challenges Long-Held Physics Frameworks
NOTE:
Zhiyuan Wang’s academic progression from Peking University to Germany’s Max Planck Institute mirrors a typical path for Chinese physicists pursuing international excellence. However, his background, rooted in a university known for its integration with state and military agendas, raises broader concerns. Like many top Chinese institutions, Peking University plays a critical role in China’s military-civil fusion doctrine, blurring the lines between academic research and intelligence gathering. This creates a persistent counterintelligence dilemma for host countries like Germany and the U.S.
Bottom Line Up Front (BLUF): Physicists have proposed a new category of quantum particles called "paraparticles" that could exist alongside known fermions and bosons. If validated, paraparticles would expand the fundamental taxonomy of matter and lead to exotic new materials, potentially reshaping quantum theory and condensed matter physics.
Analyst Comments: The emergence of paraparticles reopens foundational questions in quantum mechanics and particle physics. While still theoretical, their potential to manifest as quasiparticles in quantum materials could offer new pathways for materials science and quantum computing. However, paraparticles challenge long-standing constraints like indistinguishability and locality, suggesting a need to revisit and revise core assumptions of quantum field theory.
FROM THE MEDIA: In 2021, physicist Zhiyuan Wang, while at Rice University, stumbled upon mathematical evidence for a third class of particles. Alongside advisor Kaden Hazzard, the team developed a model published in Nature in January 2025 that postulates paraparticles—quantum particles that are neither fermions nor bosons. Their behavior involves hidden internal states that change when particles are swapped, unlike traditional quantum particles whose observable properties remain unchanged under such operations. Meanwhile, physicist Markus Müller published a concurrent paper arguing that true paraparticles would violate specific definitions of indistinguishability in quantum superpositions. Wang and Hazzard's model bypasses these objections by relaxing that assumption, suggesting that paraparticles could be distinguishable when comparing observations across different quantum branches. Researchers believe paraparticles may emerge as quasiparticles in materials like Rydberg atom arrays, setting the stage for future laboratory validation.
READ THE STORY: WIRED
D-Link Routers Exposed by Hardcoded Telnet Credentials in CVE-2025-46176
Bottom Line Up Front (BLUF): A newly disclosed vulnerability, CVE-2025-46176, affects D-Link DIR-605L and DIR-816L routers due to hardcoded Telnet credentials. This flaw allows unauthenticated remote command execution and poses a significant risk to legacy IoT infrastructure, especially as no official patch has been released.
Analyst Comments: Hardcoded credentials remain one of the most dangerous software design flaws in embedded systems. The exposure of plaintext Telnet passwords in D-Link firmware highlights inadequate secure coding practices and long-standing lifecycle support issues in consumer-grade routers. While the likelihood of widespread exploitation is currently low, devices exposed to public networks are particularly vulnerable. With no firmware fix available, organizations must act immediately by isolating vulnerable devices and disabling Telnet services. This case underscores the need for vendor transparency and user empowerment in IoT security.
FROM THE MEDIA: Security researchers discovered CVE-2025-46176 during firmware analysis of D-Link’s DIR-605L (v2.13B01) and DIR-816L (v2.06B01) routers, revealing hardcoded Telnet credentials that allow attackers to execute arbitrary commands remotely. The vulnerability stems from improper command neutralization (CWE-77) and exists in the device’s Telnet initialization script, which references a plaintext password stored in the firmware's configuration files. Researchers demonstrated access using standard tools like telnet
and binwalk
. D-Link has yet to issue a firmware patch, but recommends users disable Telnet and limit WAN access to management ports. Security professionals advise blocking TCP port 23 and segmenting networks as temporary mitigations.
READ THE STORY: GBhackers
TeleMessage Hack Exposes U.S. Government Communications Metadata in Wide-Ranging Breach
Bottom Line Up Front (BLUF): A hacker infiltrated the secure messaging platform TeleMessage, used by former Trump national security adviser Mike Waltz and dozens of other U.S. officials, intercepting data from over 60 government personnel. While the leaked messages were largely innocuous, the exposed metadata presents significant counterintelligence risks, especially given the platform’s widespread use across federal agencies.
Analyst Comments: Although no highly classified content was publicly confirmed in the leak, the mere exposure of who communicates with whom, when, and in what context is a goldmine for foreign intelligence agencies. With agencies like FEMA, CBP, and the Secret Service affected, this incident underscores the urgent need for zero-trust enforcement, routine auditing of communications infrastructure, and rigorous vendor risk assessments across the U.S. government.
FROM THE MEDIA: The breach exposed messages and metadata from over 60 officials, including disaster responders, customs agents, diplomats, and a White House staffer. The data, leaked via nonprofit Distributed Denial of Secrets, included discussion threads about official travel, FEMA communications, and law enforcement coordination. TeleMessage was suspended on May 5. Federal agencies, including the CDC, the State Department, and the DHS, have had contracts with the service in recent years. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has since advised all users to discontinue the platform unless mitigation measures are provided.
READ THE STORY: Reuters
China Deepens Strategic Grip as Indonesia Seeks Role in Global Cobalt and Nickel Supply Chains
NOTE:
Indonesia sits at a strategic crossroads in the broader landscape of rare earth and critical minerals. Its growing reserves of cobalt and nickel, both essential to electric vehicles and renewable energy technologies, position it as a pivotal player in future supply chains. Unlike the DRC, Indonesia has the institutional capacity to develop a more transparent and sustainable extraction regime—if it can navigate the complex interplay of regulatory enforcement and investment barriers. Yet, China’s expansive role in Indonesia’s mining and processing sectors complicates this potential. Through equity stakes, infrastructure funding, and technology transfer, Chinese firms exert substantial control, raising concerns among Western stakeholders about supply security and political leverage. For Indonesia to maximize long-term benefits, it must carefully diversify its partnerships, strengthen governance, and ensure its rare earth ambitions do not become a proxy battleground for great-power competition.
Bottom Line Up Front (BLUF): Despite increasing its cobalt output and offering stronger Environmental, Social, and Governance (ESG) safeguards, Indonesia continues to lag behind the Democratic Republic of Congo (DRC) in attracting global tech firms for cobalt sourcing. Meanwhile, China is accelerating investment and infrastructure integration in Indonesia’s mining sector, raising concerns about long-term supply chain control and geopolitical leverage.
Analyst Comments: Indonesia’s primary disadvantage lies in volume and value chain positioning. As cobalt is a byproduct of nickel mining, its purity and availability are inherently constrained. Moreover, Chinese dominance in Indonesia’s mining sector raises geopolitical concerns among Western buyers. However, Indonesia’s institutional emphasis on ESG compliance, formal labor, and environmental safeguards presents an underleveraged strategic advantage. If Jakarta can boost downstream efficiency and investor confidence, it could position itself as a responsible cobalt supplier amid growing scrutiny of DRC operations.
FROM THE MEDIA: Multinationals like Glencore dominate the supply chain, offering direct cobalt procurement to firms such as Apple, Tesla, and Google. In contrast, Indonesia, though the second-largest producer, faces obstacles including lower ore purity, complex refining processes, and foreign investor skepticism. Indonesia’s downstream mandate requires domestic processing, creating friction for companies accustomed to direct, high-purity inputs. Despite this, Indonesia maintains higher ESG standards, banning artisanal mining and mandating environmental impact assessments. Both nations are now exploring joint supply regulation and cooperation to stabilize global cobalt prices, signaling Indonesia’s emerging strategic relevance.
READ THE STORY: Modern Diplomacy // AP
CVE-2025-40775 Exploited to Bypass Zero-Trust Through DNS Disruption and NHI Secret Manipulation
Bottom Line Up Front (BLUF): A critical vulnerability in BIND DNS servers (CVE-2025-40775) allows attackers to execute denial-of-service (DoS) attacks, disrupting DNS infrastructure and triggering failures in Non-Human Identity (NHI) secret rotation mechanisms. This flaw, rated CVSS 7.5, creates opportunities to bypass zero-trust policies using exposed static credentials, even in environments with robust security architectures.
Analyst Comments: This exploitation chain is a textbook example of how foundational protocol weaknesses can unravel advanced security frameworks like zero-trust. By crashing DNS services and interrupting real-time authentication processes, attackers can shift systems into fallback modes that expose static credentials, creating backdoors. Organizations should view DNS as an availability concern and a high-value security target and prioritize hardening infrastructure to withstand protocol-level anomalies.
FROM THE MEDIA: Researchers have demonstrated a realistic end-to-end attack that exploits CVE-2025-40775, a high-severity flaw in BIND versions 9.20.0 to 9.20.8. The vulnerability is triggered by a malformed TSIG DNS packet, which causes an assertion failure and crashes the server, disrupting DNS resolution. In lab tests, this DNS outage cascaded into failures in secret rotation processes for NHIs managed by tools like HashiCorp Vault. Systems defaulted to static credentials or break-glass procedures, which were then exploited to bypass zero-trust authentication protocols. The attack, simulated using Docker Compose and Python clients, reveals how attackers could gain unauthorized access to APIs and services. The researchers urge immediate patching to version 9.20.9 to mitigate the threat.
READ THE STORY: GBhackers
Russia’s Fiber-Optic Drones Outmaneuver Ukraine’s Defenses, Altering Front-Line Warfare
Bottom Line Up Front (BLUF): Russia has deployed fiber–optic–controlled drones en masse in the Kursk region, gaining a decisive technological edge by evading electronic jamming and improving targeting precision. Unlike radio-controlled FPVs, these drones use unjammable glass-thread cables to maintain contact with operators, effectively overwhelming Ukrainian logistics and battlefield mobility.
Analyst Comments: This marks a pivotal shift in tactical drone warfare, where the addition of fiber-optic cables, though seemingly retrograde, has nullified one of Ukraine’s most successful defensive strategies: electronic jamming. With Russia now outproducing Ukraine in next-gen drones and leveraging them to cut off supply routes, Ukrainian forces are facing increasing attrition and operational paralysis. This shift underscores a technological evolution and a growing asymmetry in unmanned systems that could redefine future military doctrines. It further highlights the urgency for NATO and allied partners to accelerate drone innovation and counter-drone systems.
FROM THE MEDIA: Russian forces have begun deploying drones controlled by fiber-optic cables instead of wireless signals, rendering them immune to Ukraine’s jamming technologies. These drones, used extensively in Russia’s Kursk region, have disrupted Ukrainian logistics, destroyed vehicles, and stranded troops on the front lines. Unlike traditional FPVs, the fiber-optic drones offer a more extended range, better image quality, and improved precision, albeit at a higher cost. While Ukraine is scrambling to catch up, with 15 manufacturers now producing similar systems, it remains behind in both production and battlefield deployment. The article also details how Ukrainian forces have started tripping over leftover Russian drone cables and resorting to manual evacuations due to disrupted supply routes.
READ THE STORY: The Washington Post
China Accelerates Military Readiness for Surprise Taiwan Assault, Say Officials
Bottom Line Up Front (BLUF): China’s military has significantly improved its ability to launch a surprise assault on Taiwan by expanding its air, naval, and amphibious strike readiness. With newly deployed rocket systems, increased aircraft incursions, and near-coast amphibious brigades, the People’s Liberation Army (PLA) can now switch from peacetime to war operations with minimal notice.
Analyst Comments: Beijing's shift toward 24/7 combat readiness marks a strategic evolution in cross-strait dynamics. The reduced warning time complicates U.S. and allied defense planning, as exercises increasingly resemble actual invasion scenarios. While China still faces challenges in adaptive military leadership and real-time joint operations, the PLA’s incremental improvements suggest that a credible invasion force could be fielded well before 2027. Deterrence, surveillance, and diplomatic signaling will remain key countermeasures in the region.
FROM THE MEDIA: PLA warplanes now enter Taiwan’s Air Defense Identification Zone (ADIZ) over 245 times monthly—up from fewer than 10 per month five years ago—and routinely cross the Taiwan Strait’s median line. A senior Taiwanese defense official said these air force units can now “switch from peacetime to war operations anytime.” The PLA has deployed new long-range rocket systems such as the PCH-191, capable of striking anywhere in Taiwan from mobile launchers on the Chinese coast. These systems are used in every Taiwan-oriented drill, reflecting a shift toward high-readiness firepower. Amphibious combined-arms brigades and air assault units are stationed close to departure ports and trained for rapid deployment, including helicopters on Type 075 assault ships for special forces insertions. Navally, China maintains a constant warship presence near the island, including Type 052D destroyers and coast guard vessels. This allows for a near-instant blockade posture in the Taiwan Strait. Experts say the PLA has also improved its ability to conduct synchronized joint operations across missile, naval, and air forces, transitioning from staggered drills to fully integrated exercises. These developments follow Xi Jinping’s 2019 directive to be ready to invade Taiwan by 2027, a goal U.S. Indo-Pacific Command believes the PLA may already be nearing.
READ THE STORY: FT
Pentagon Shake-Up Sparks Concerns Over Military Cyber Readiness and Leadership Integrity
Bottom Line Up Front (BLUF): The Department of Defense, under Secretary Pete Hegseth, is undergoing an unprecedented purge of high-ranking military officers, including leaders in cyber and space domains. While framed as a bureaucratic streamlining initiative, critics argue the firings are politically motivated and threaten the operational integrity of U.S. military cyber and digital defense strategy.
Analyst Comments: Removing experienced leadership, especially in domains like U.S. Cyber Command and space operations, raises red flags for national cyber preparedness. These areas underpin critical defense infrastructure, including satellite resilience, electronic warfare deterrence, and real-time threat mitigation. A politically driven approach to military restructuring risks undermining institutional knowledge and depoliticized command-and-control protocols—foundations vital to cyber readiness in an AI-enabled and state-sponsored cyber conflict era.
FROM THE MEDIA: Rep. Seth Moulton (D-MA), a Marine Corps veteran and House Armed Services Committee member, accused Secretary Hegseth of politicizing military leadership in ways reminiscent of authoritarian regimes. Among the firings were high-profile figures like C.Q. Brown and Admiral Lisa Franchetti—leaders with expertise in integrated command and advanced military systems. Moulton emphasized that the unexplained dismissal of these figures sows distrust within the ranks and may degrade military adaptability in evolving digital warfare environments. The abrupt consolidation of Army Futures Command and Training and Doctrine Command raises concerns, especially given its implications for innovation cycles in defense tech, cyber doctrine, and AI-based threat modeling.
READ THE STORY: POLITICO
Fake VPN and Browser Installers Deliver Winos 4.0 Malware in Regionally Targeted Campaign
Bottom Line Up Front (BLUF): A sophisticated malware campaign is leveraging trojanized installers for VPN and browser software to deliver the Winos 4.0 (aka ValleyRAT) malware. First detected by Rapid7 in February 2025, the operation uses memory-resident loaders, PowerShell evasion techniques, and legitimate-sounding software like LetsVPN and QQ Browser to target primarily Chinese-speaking users.
Analyst Comments: This campaign represents a textbook example of regionally scoped cyber espionage, likely attributed to the threat group Silver Fox (Void Arachne). The actors demonstrate a deep understanding of endpoint evasion and linguistic targeting by exploiting trusted application brands and using NSIS installer frameworks. The use of expired certificates from well-known vendors like Tencent highlights an effort to blend into legitimate traffic. As the malware evolves to target antivirus solutions like Qihoo 360, organizations must harden endpoint defenses and monitor for suspicious scheduled task activity and reflective DLL injections.
FROM THE MEDIA: According to Rapid7, the Winos 4.0 campaign employs a multi-stage loader named Catena, which uses embedded shellcode and decoy apps to evade traditional detection methods. Payloads are staged in memory to avoid disk forensics, with persistence achieved via scheduled tasks that execute weeks after initial compromise. Attackers are using fake NSIS installers mimicking QQ Browser and LetsVPN to deploy malware that communicates with command-and-control (C2) infrastructure primarily located in Hong Kong. New campaign variants add PowerShell scripts to disable Microsoft Defender and check for Chinese antivirus software before loading remote access components. The C2 connections use TCP port 18856 and HTTPS port 443.
READ THE STORY: THN
Operation RapTor Dismantles Global Dark Web Drug Network, Arrests 270
Bottom Line Up Front (BLUF): An international law enforcement operation led by the U.S. Department of Justice and Europol arrested 270 individuals linked to drug trafficking on dark web marketplaces. Operation RapTor seized over $200 million in assets, 144 kilograms of fentanyl or fentanyl-laced substances, and 180 firearms in a sweeping takedown of darknet-based criminal enterprises.
Analyst Comments: By targeting not only marketplace operators but also buyers and vendors, RapTor sets a new precedent in darknet policing. The continued success of these efforts highlights law enforcement's growing ability to deanonymize threat actors through blockchain analysis and digital forensics. However, these takedowns also prompt adversaries to decentralize further or move to peer-to-peer systems, making future operations more complex.
FROM THE MEDIA: Operation RapTor was built on prior takedowns of major dark web marketplaces, including Incognito, Nemesis, and Kingdom Market. Law enforcement agencies across the U.S., Europe, Brazil, and South Korea worked together using intelligence collected after previous marketplace closures. The FBI coordinated efforts to track vendor activities and cryptocurrency movements, resulting in over 130 arrests in the U.S. alone. Many of those apprehended used encryption and crypto laundering techniques to hide their identities while conducting thousands of illicit drug transactions. Attorney General Pam Bondi emphasized the operation’s life-saving impact and deterrent message. Europol officials added that the dark web is no longer a safe haven for organized cybercriminal activity.
READ THE STORY: The Record
Taliban’s Digital Jihad Targets Gulf States in Coordinated Cyber Campaign
Bottom Line Up Front (BLUF): The Taliban, via its General Directorate of Intelligence (GDI), has launched a coordinated social media offensive targeting the UAE and Saudi Arabia, using parody accounts and religious narratives to frame Gulf engagement with former U.S. President Donald Trump as a betrayal of Islamic solidarity. The campaign combines ideological messaging with implicit violent threats, reinforcing the Taliban’s hybrid warfare strategy beyond Afghanistan’s borders.
Analyst Comments: By invoking symbols like the “yellow keg” IED and leveraging religious rhetoric, the campaign seeks to destabilize intra-Muslim alliances and provoke extremist sentiment. The digital campaign’s sophistication, central coordination, and linguistic targeting indicate state-level orchestration, posing reputational and physical risks to the Gulf monarchies. If left unchecked, this model could inspire affiliated extremist networks, such as AQAP, and normalize state-sponsored cyber incitement as a geopolitical tool.
FROM THE MEDIA: Taliban-linked social media accounts have intensified hostile messaging against the UAE and KSA, following the UAE’s public welcome of Donald Trump. Posts—primarily in Pashto and Dari—frame the UAE’s engagement as apostasy and include veiled threats referencing the Taliban’s historical use of IEDs. These accounts, attributed to the Taliban’s GDI, recycle previously official handles and parody public figures to build credibility within jihadist audiences. The campaign illustrates a calculated effort to undermine Gulf legitimacy and ignite ideological divisions while avoiding confrontation. Experts warn that this cyber agitation could catalyze lone-wolf attacks or motivate sympathetic cells across the region.
READ THE STORY: Modern Diplomacy
TA-ShadowCricket APT Group Conducts Decade-Long Espionage Campaign Across 72 Nations
Bottom Line Up Front (BLUF): Cybersecurity researchers have uncovered a long-running espionage operation by TA-ShadowCricket (formerly Shadow Force), an advanced persistent threat (APT) group linked to over 2,000 system compromises across 72 countries. The group's targets include government agencies and enterprises in the Asia-Pacific region, with evidence pointing to potential Chinese affiliation. The campaign uses a stealthy three-phase infection chain, prioritizing credential theft and system persistence over ransomware or public data leaks.
Analyst Comments: TA-ShadowCricket demonstrates hallmarks of a nation-state actor, yet its use of cryptocurrency miners and legacy IRC botnets introduces ambiguity about its exact sponsorship. The group’s preference for Remote Desktop Protocol (RDP) exploitation and SQL Server-based backdoors like "Maggie" over zero-days suggests a resource-conscious but highly adaptable operation. Its sustained targeting of strategic sectors—semiconductors, logistics, and defense—indicates alignment with China’s regional objectives, but the absence of overt geopolitical messaging leaves the possibility of hybrid motives open. As Asia-Pacific tensions rise, this campaign illustrates how espionage groups may operate in dual criminal-state roles to obscure attribution and intent.
FROM THE MEDIA: A joint investigation by South Korea's AhnLab and the National Cyber Security Center (NCSC) has exposed a cyber campaign by TA-ShadowCricket dating back to 2012. The group has infiltrated over 2,000 systems worldwide, focusing on credential theft and long-term access. It employs an IRC server based in South Korea for command-and-control (C2) communication, with 68% of its logins traced to Chinese IPs. Their malware infrastructure includes legacy tools like IRC bots and new backdoors like Maggie, which runs SQL commands through Microsoft SQL Server. Despite the physical infrastructure in South Korea, forensic evidence links the group to Chinese ASNs and Mandarin-language code snippets. Analysts are divided on whether this is a proxy operation by a state actor or a criminal group using recycled tools from Chinese contractors.
READ THE STORY: GBhackers
Items of interest
Unexplained Electronic Components Found in Denmark’s Energy Equipment Raise Cybersecurity Concerns
Bottom Line Up Front (BLUF): Green Power Denmark has flagged the discovery of unidentified components in imported circuit boards destined for the country’s energy infrastructure. The suspicious hardware was uncovered during routine inspections, prompting an investigation amid growing global concerns about supply chain integrity in critical sectors.
Analyst Comments: While attribution has not been made public, unexplained components suggest gross oversight or potentially malicious intent. The lack of clarity surrounding the country of origin will fuel speculation, especially as similar reports implicate Chinese-made solar gear in U.S. grid security risks. Denmark and its allies may need to escalate supplier audits, mandate component traceability, and consider domesticizing parts of their infrastructure manufacturing base.
FROM THE MEDIA: Green Power Denmark disclosed that unexplained components had been found in printed circuit boards intended for use in the national energy grid. The organization’s technical director, Jorgen Christensen, noted the components were discovered during standard quality assurance procedures. Although their function remains unknown, he emphasized they should not have been present. Denmark’s preparedness and resilience ministry declined to comment, and Reuters could not get responses from other relevant agencies. The development follows a Reuters report last week that U.S. officials had found covert communication modules in Chinese solar inverters, raising alarms about the vulnerability of global energy infrastructure.
READ THE STORY: Reuters
POWERING EUROPE: Denmark's Energy Island (Video)
FROM THE MEDIA: The cold winds of the North Sea could soon be providing warmth and light for millions with the first-ever purpose-built energy island. The new artificial energy island is a Danish project and is part of that country’s drive to be carbon neutral by the middle of this century.
How China Plans to Win the Future of Energy (Video)
FROM THE MEDIA: China, the world’s biggest polluter, has committed to reaching net-zero emissions by 2060, an ambitious goal matched by enormous investments that are reshaping the nation’s energy system.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.