Saturday, Jul 26, 2025 // (IG): BB // GITHUB // SN R&D
PROJECT UPDATE:
This scrapes, parses, and dedupes stories every six hours. It’s not evaluated, but it’s a great way to get a glimpse of the news/threat-scape. (click the image)
NEWS:
Semiconductor Shakeup: 2025 Becomes a Turning Point in U.S. AI Chip Policy and Industry Power
Bottom Line Up Front (BLUF): The U.S. semiconductor industry entered a volatile phase marked by leadership shakeups, shifting export policies, and intensifying geopolitical tension with China. Intel restructured under new CEO Lip-Bu Tan, Nvidia faced billions in losses due to export restrictions, and the Trump administration replaced Biden’s AI chip policy with a more opaque, security-driven framework.
Analyst Comments: U.S. policy has swung from broad regulation proposals under Biden to executive-order-driven maneuvering under Trump, introducing unpredictability into global chip supply chains. Intel’s layoffs and restructuring highlight the deep internal pressure to remain competitive in a rapidly consolidating field. Meanwhile, Nvidia and AMD are being squeezed between political imperatives and the realities of a still-lucrative Chinese market. Expect export controls, strategic partnerships, and AI chip design to remain flashpoints through the 2026 election cycle.
FROM THE MEDIA: Intel appointed Lip-Bu Tan as CEO in March and swiftly began shedding non-core assets and workforce, including laying off 21,000 employees and canceling overseas manufacturing projects. Meanwhile, AMD acquired multiple AI startups, including Brium and Enosemi, to compete with Nvidia in the AI acceleration space. On the policy front, the Biden administration’s proposed AI Diffusion Rule was shelved in May. Trump’s administration introduced a new AI Action Plan with vague but sweeping implications for AI chip exports. Nvidia faced $8 billion in losses tied to H20 chip restrictions, and despite initially pulling back from China, began re-engaging with customized chip designs. The U.S. also expressed concern over an AI chip deal between Nvidia and the UAE, fearing re-exports to China. At the same time, Malaysia instituted new controls on U.S. chip shipments to curb smuggling.
READ THE STORY: TC
PRC Launches Bounty Campaign Against Taiwanese Cyber Command Personnel
Bottom Line Up Front (BLUF): China’s public security agencies have issued bounties for 20 current and former Taiwanese military cyber personnel, accusing them of launching cyberattacks against PRC institutions. This operation escalates Beijing's hybrid warfare strategy, blending cyber, legal, and psychological tactics to target individuals within Taiwan’s Information, Communication, and Electronic Force Command (ICEFCOM).
Analyst Comments: This development is a clear signal that Beijing is intensifying its psychological operations against Taiwan by naming, doxxing, and financially incentivizing action against military personnel. While the accusations appear based on questionable or outdated information, the psychological and political intent is unmistakable. China's move is likely designed to erode morale, stir public doubt, and delegitimize Taiwan’s cyber capabilities. As these tactics become more institutionalized, other liberal democracies in Beijing’s strategic orbit should anticipate similar intimidation and legal warfare efforts.
FROM THE MEDIA: Within minutes, the campaign was rapidly amplified across PRC state media platforms—including Xinhua, CCTV, and the Global Times. A concurrent 43-page technical report by the National Computer Virus Emergency Response Center (CVERC) and 360 Digital Security Group purported to substantiate the claims. Taiwan’s Ministry of Defense refuted the allegations, noting that most listed personnel were retired and that the accusations relied on outdated public data. Despite this, PRC influence operations escalated, signaling a coordinated effort across public security, media, and cyber agencies to discredit Taiwanese cyber forces and deter pro-independence sentiment.
READ THE STORY: The Jamestown Foundation
Orbital Data Centers: Promise of AI in Space Collides With Harsh Physical and Security Realities
Bottom Line Up Front (BLUF): A new wave of startups, including Orbits Edge and Starcloud, is pushing to launch orbital data centers (ODCs) to reduce energy and cooling costs for AI workloads. While the concept offers theoretical advantages—such as free solar energy and space-based cooling—the physical, technical, and cybersecurity risks of operating compute infrastructure in space remain significant.
Analyst Comments: Radiation, launch stress, space debris, and high maintenance costs challenge reliability and scalability. Cybersecurity concerns also loom—ODCs operating in contested orbital environments could be targets of cyber and kinetic attacks. As geopolitical tensions rise and LEO becomes increasingly crowded, ODCs will need hardened architecture and international policy frameworks to be viable beyond specialized missions.
FROM THE MEDIA: Venture-backed startups like Starcloud (funded with $21M from Y Combinator) and Orbits Edge plan to launch ODC prototypes in 2025, banking on solar-powered, low-gravity infrastructure for high-efficiency AI compute. Starcloud proposes 4 km² solar arrays powering AI clusters in orbit. Still, critics point to practical issues: hardware must survive extreme vibrations during launch, radiation risks, space weather (like the 1859 Carrington Event), and multi-million-dollar “house calls” for maintenance. According to NASA, even small solar flares have already taken down LEO satellites. Space debris is another critical risk, with the potential for cascading Kessler Syndrome events. While viable defense and edge-compute use cases may exist, ODCs remain speculative and fraught with logistical and technological uncertainties.
READ THE STORY: The Register
Ransomware Attack on Novabev Shuts Down 2,000 Russian Liquor Stores, Disrupts Vodka Supply Chain
Bottom Line Up Front (BLUF): Russian alcohol giant Novabev was hit by a ransomware attack on July 14, 2025, forcing the closure of over 2,000 retail locations, including its WineLab chain. The company refused to pay the ransom and continues to recover operations with help from external cybersecurity experts. No personal data exfiltration has been confirmed so far.
Analyst Comments: Novabev’s decision not to negotiate with attackers may signal a more assertive stance by Russian firms. However, it also suggests extended operational downtime and financial loss, up to $2.8 million daily. With no group claiming responsibility and the unknown attack vector, this breach underscores how ransomware groups evolve beyond geographic and political constraints. Expect increased security investments in Russia’s retail and manufacturing sectors as such attacks proliferate.
FROM THE MEDIA: The attack shut down the WineLab retail chain and temporarily halted operations across digital and physical sales platforms. According to Russian media, daily losses ranged from $2.6 to $2.8 million. The attackers demanded a ransom, which Novabev refused to pay, maintaining a no-negotiation policy. Though the company reported no evidence of data theft, forensic analysis is still underway. No group has claimed responsibility, and the method of intrusion remains undisclosed. The incident is a rare but growing example of ransomware campaigns targeting high-profile Russian firms.
READ THE STORY: CPO MAG
Microsoft Investigates Leak Enabling Chinese Exploitation of SharePoint Flaws
Bottom Line Up Front (BLUF): Microsoft is investigating whether a leak from its Microsoft Active Protections Program (MAPP) allowed Chinese state-affiliated hackers to exploit unpatched vulnerabilities in SharePoint, breaching over 400 organizations, including the U.S. National Nuclear Security Administration. The breach raises renewed concerns about trusted cybersecurity partnerships and the unintended risk of pre-patch vulnerability disclosure.
Analyst Comments: Although designed to give defenders a head start, the program’s history of previous leaks—particularly from Chinese partners—suggests a structural weakness in balancing transparency with national security. Threat groups like Linen Typhoon and Violet Typhoon’s exploitation of SharePoint underscores China's strategic cyber espionage focus on critical infrastructure. With increasing pressure on tech vendors like Microsoft, regulators may demand tighter controls or restructured international trust models for vulnerability sharing.
FROM THE MEDIA: Program members received alerts about a critical SharePoint flaw in June and early July. Microsoft released an incomplete patch in mid-July, but by July 7, active exploitation was underway—likely triggered by leaked information. Affected entities include the U.S. nuclear agency, Fortune 500 firms, and government bodies worldwide. This follows historical precedents, including prior leaks in 2012 and 2021 that enabled large-scale attacks. Experts warn that obligations under Chinese law to report vulnerabilities to the government may undermine international trust and heighten espionage risks.
READ THE STORY: GBhackers // Reuters // Propublica
EAGLET Backdoor Targets Russian Aerospace Sector in Operation CargoTalon
Bottom Line Up Front (BLUF): A new cyber espionage campaign dubbed Operation CargoTalon has targeted Russia’s aerospace and defense sectors. Deploying a backdoor known as EAGLET, believed to be the work of threat group UNG0901, the campaign leverages spear-phishing emails with weaponized LNK files to install malware and exfiltrate data from victims like the Voronezh Aircraft Production Association (VASO).
Analyst Comments: The overlaps between EAGLET and tools used by the Head Mare group suggest evolving collaboration or code reuse among espionage-focused clusters. Using logistics-themed lures and sanctioned entities such as Obltransterminal indicates a tactical awareness of geopolitical tensions, particularly post-2024 Western sanctions. As EAGLET’s infrastructure evolves or resurfaces, monitoring for its variants and tactics will be critical for defense and aerospace organizations globally.
FROM THE MEDIA: Once deployed, EAGLET connects to a hardcoded C2 server (185.225.17[.]104) to execute remote commands, supporting shell access and file transfers. The targeting of VASO and reference to Obltransterminal, a U.S.-sanctioned logistics firm, adds a geopolitical dimension. Seqrite’s analysis reveals ties to previous campaigns against Russian military entities and technical similarities with the PhantomDL backdoor. The report coincides with new UAC-0184 attacks delivering Remcos RAT in Ukraine, signaling a sustained increase in regional cyber operations.
READ THE STORY: THN
Senator Demands Mandiant Records Amid Fears Salt Typhoon Still Embedded in US Telecom Networks
Bottom Line Up Front (BLUF): Senator Maria Cantwell has requested that Mandiant hand over documentation related to its investigation of the Salt Typhoon cyber-espionage campaign targeting AT&T and Verizon. Despite both telecoms asserting the threat has been contained, lawmakers and cybersecurity experts persist that the group may still have persistent access to U.S. telecom infrastructure. Mandiant has until August 6, 2025, to respond.
Analyst Comments: The continued opacity from major telecoms like AT&T and Verizon is alarming, especially given their foundational role in national emergency response networks. If Salt Typhoon retains latent access, it could pivot from intelligence-gathering to disruptive operations, potentially crippling communications infrastructure. Congress’s increasing scrutiny reflects the rising urgency to secure operational technology (OT) systems, not just traditional IT environments.
FROM THE MEDIA: A Department of Homeland Security memo in June revealed the group compromised a U.S. Army National Guard network, harvesting data across multiple states. While AT&T and Verizon claim the threat is neutralized, they have refused to share Mandiant’s internal assessments with Congress. Cantwell argues this raises serious concerns over residual risk and accountability. Cybersecurity leaders warned lawmakers that such access could shift from espionage to sabotage if geopolitical tensions rise.
READ THE STORY: Industrial
Google Shuts Down Catwatchful Spyware Hosted on Its Servers After Data Exposure
Bottom Line Up Front (BLUF): Google has suspended the Firebase account of Catwatchful, a surveillance app marketed as a child-monitoring tool but often deployed as stalkerware. The action came a month after TechCrunch notified Google that the spyware operation was using its cloud infrastructure to exfiltrate personal data from over 26,000 infected Android devices.
Analyst Comments: Despite its terms prohibiting such usage, Google's delayed response raises concerns about enforcement gaps in primary infrastructure services. With repeated failures across spyware operations exposing sensitive user and attacker data, the ecosystem shows systemic technical security and oversight issues. Increased pressure may lead to tighter regulation of surveillance tools and stronger accountability for service providers.
FROM THE MEDIA: TechCrunch alerted Google in mid-June, but the company only took action a month later. A security bug in the spyware’s backend left its entire database—including 62,000 customer emails and passwords—open to the internet without authentication. The developer behind the spyware was identified as Omar Soca Charcov, based in Uruguay. Victims and researchers were guided to detect and remove the spyware, while advocacy groups continue calling for more decisive tech industry action against stalkerware abuse.
READ THE STORY: TC
Beijing Expands Global Influence Through Smart Device and IoT Infrastructure
Bottom Line Up Front (BLUF): China has developed a long-term industrial strategy to dominate the global Internet of Things (IoT) ecosystem by exporting smart devices, setting international standards, and embedding PRC-controlled infrastructure into global markets. This effort includes deploying state-backed smart home devices and IoT platforms, many of which pose cybersecurity risks due to embedded vulnerabilities and legal obligations for data access under Chinese law.
Analyst Comments: China’s strategic integration of smart home and IoT technologies into its geopolitical toolkit reflects a shift toward structural power, exercising influence through military or economic leverage and the infrastructure that underpins daily digital life. The fusion of consumer convenience with cyber risks and data asymmetry to train domestic AI and enable surveillance should prompt urgent global reviews of procurement and data governance practices. As Beijing pushes beyond manufacturing dominance to shape global IoT standards, the line between connectivity and coercion will continue to blur, especially in emerging markets reliant on subsidized PRC technology.
FROM THE MEDIA: Cybersecurity researchers have linked Chinese-manufactured IoT products to advanced persistent threats (APTs), such as Volt Typhoon and LapDogs, which have used compromised routers and smart devices to penetrate critical infrastructure in the U.S., Japan, and Europe. British and American officials have raised concerns over PRC-made IoT modules embedded in traffic systems, EVs, and power grids. These deployments form part of a broader PRC strategy from 2009 to control global IoT standards and data flows, backed by plans like Made in China 2025 and China Standards 2035. The goal is to align the global digital ecosystem with Party-state interests.
READ THE STORY: The Jamestown Foundation
New York Proposes Landmark Cybersecurity Standards for Water and Wastewater Systems
Bottom Line Up Front (BLUF): New York State has proposed comprehensive cybersecurity regulations for its water and wastewater systems, marking the most ambitious U.S. state-level initiative to protect this critical infrastructure sector. The draft rules include mandatory incident reporting, vulnerability assessments, access controls, and NIST Cybersecurity Framework 2.0 alignment. The proposal includes a $2.5 million grant program to support under-resourced utilities.
Analyst Comments: By mandating controls like multifactor authentication and rapid breach disclosure, New York is confronting long-standing vulnerabilities in increasingly network-connected and often underfunded systems. If implemented successfully, this regulation could serve as a blueprint for other states or even inform renewed federal policy discussions. However, smaller utilities may struggle to meet compliance deadlines without significant technical assistance.
FROM THE MEDIA: These would apply to systems serving over 3,300 people, with stricter obligations for systems over 50,000 residents. The rules mandate 24-hour breach reporting, staff training, vulnerability scans, and the adoption of security controls aligned with NIST standards. In parallel, the state launched the SECURE grant program to fund cyber risk assessments and infrastructure hardening. This initiative comes after cyberattacks like the 2024 breach affecting 14 million Americans raised alarm across the sector. While federal efforts under the Biden administration were blocked by legal challenges, New York's phased rollout aims for compliance by 2027, supported by technical assistance teams and a centralized cybersecurity hub.
READ THE STORY: GovInfoSecurity
Michigan Invests in Startups and Drone Tech to Spur Innovation and Rural Healthcare Delivery
Bottom Line Up Front (BLUF): The Michigan Economic Development Corporation has awarded $1.6 million to Traverse City's 20Fathoms to support early-stage startups, and nearly $1 million to Traverse Connect to expand drone-based healthcare logistics. These initiatives aim to boost economic development and modernize rural service delivery, particularly in northern Michigan.
Analyst Comments: The focus on drone flights beyond visual line of sight (BVLOS) signals a push toward operational autonomy and scalable logistics. The drone initiative, tied to healthcare delivery, could become a nationwide model for rural medical supply chains. Meanwhile, early-stage capital through 20Fathoms could fill critical funding gaps in underserved startup ecosystems, reinforcing Michigan’s position as a Midwest innovation hub.
FROM THE MEDIA: Traverse Connect received $949,000 from the new Advanced Air Mobility Initiative, part of a broader $4.1 million program to expand uncrewed aircraft systems (UAS) across the state. The funding builds on successful drone trials conducted in partnership with Munson Healthcare, which tested lab sample deliveries via drone between nearby facilities. The subsequent phases aim to achieve FAA approval for automated BVLOS operations and multi-mission airspace management, targeting faster diagnostics, medication delivery, and improved patient outcomes.
READ THE STORY: The Ticker
“The Wiz Effect”: U.S. VCs Flood Israeli Cybersecurity Scene After $32B Exit
Bottom Line Up Front (BLUF): Since Alphabet’s $32 billion acquisition of Israeli cybersecurity startup Wiz in March 2025, North American venture capital firms have dramatically increased their investments in Israel’s cybersecurity sector. While this signals strong confidence in the Israeli tech ecosystem, local VCs are increasingly priced out of top-tier deals and redirecting their focus to other verticals.
Analyst Comments: U.S. investors, drawn by the potential for high returns, are crowding out domestic VCs who once dominated Israel’s cyber landscape. This influx of capital may accelerate company growth and global expansion, but it could also risk overheating valuations and marginalizing early-stage domestic backers. If this trend continues, Israel may see its cybersecurity ecosystem become increasingly dependent on foreign capital, with a potential loss of strategic influence over its most critical tech sector.
FROM THE MEDIA: The trend was turbocharged by the $32B Wiz acquisition. Recent examples include Cato Networks’ $359M Series G and Cyera’s $540M Series E, both led by non-Israeli investors. Israeli VC firms, including TLV Partners and IL Ventures, are now largely cut off from the highest-tier deals, with top founders going directly to firms like Sequoia and Andreessen Horowitz. Even with Israel facing war in Gaza and rising tensions with Iran, investor appetite remains strong. In response, local firms are pivoting to AI, fintech, and supply chain startups in search of less saturated opportunities.
READ THE STORY: Pitchbook
Intel 471 Launches Guided Threat Hunts to Elevate Advanced Threat Detection
Bottom Line Up Front (BLUF): Intel 471 has introduced “Guided Threat Hunts,” a feature within its HUNTER platform to enhance threat detection and response. The feature enables security teams—including MSSPs and in-house analysts—to execute structured, intelligence-driven threat hunts using prebuilt and customizable packages aligned with attacker TTPs. This innovation addresses gaps left by rules-based SIEM/XDR tools.
Analyst Comments: As adversaries increasingly adopt evasive techniques, the need for contextual hunting beyond static IOCs becomes critical. Intel 471’s approach—bridging intelligence, automation, and analyst workflows—could help MSSPs scale managed detection and response (MDR) offerings more effectively. The ability to customize hunts for unique threat environments also supports zero-trust and proactive defense models.
FROM THE MEDIA: The capability offers prebuilt hunt packages focused on advanced adversary behaviors and pivot and filter queries to enhance data interrogation. Designed for analysts of all experience levels, the feature helps teams operationalize threat hunting without requiring dedicated resources. According to VP Mike Mitchell, the goal is to help teams uncover stealthy threats that evade traditional controls. The tool is particularly valuable for MSSPs, who can use it to scale threat hunting services across client environments with greater speed and consistency. The new feature integrates with leading XDR platforms.
READ THE STORY: MSSPAlert
India Repels Record Cyber Barrage During Conflict With Pakistan, China, and Allies
Bottom Line Up Front (BLUF): During and after Operation Sindoor (May 7–10, 2025), India endured over 100 million cyberattack attempts, primarily from Pakistani, Chinese, and allied hacktivist groups. These attacks targeted critical sectors such as defense, power, telecom, and finance, with Indian agencies thwarting the vast majority. Despite significant defensive success, some intrusions into sensitive defense organizations, including the DRDO, were confirmed.
Analyst Comments: The attacks illustrate the expanding role of Advanced Persistent Threats (APTs) and hacktivist coalitions in geopolitical disputes, often supported or coordinated by state actors. While India’s coordinated cyber response limited the impact, the breaches into high-value defense institutions expose persistent vulnerabilities in legacy infrastructure and personnel targeting. The emergence of coordinated hybrid warfare—including physical attacks and synchronized digital offensives—demands that India prioritize AI-driven threat intelligence, offensive cyber capabilities, and resilient infrastructure at scale.
FROM THE MEDIA: Pakistani APT36, Team Insane Pakistan, and allied actors from China, Turkey, Malaysia, Iran, and Bangladesh mounted coordinated campaigns to breach sensitive systems. Indian agencies such as CERT-In, the Defence Cyber Agency, and NCIIPC successfully blocked the majority, though breaches into DRDO, Military Engineer Services, and other defense research units were confirmed. In response, Indian cyber groups launched retaliatory attacks targeting Pakistani infrastructure. Government agencies increased threat monitoring, activated counter-hack units, and shut down vulnerable systems temporarily. Experts warned that many attacks—particularly from Chinese APTs like Mustang Panda and APT41—aimed to test India’s digital resilience during wartime scenarios, emphasizing the need for deeper investment in cyber readiness.
READ THE STORY: India Today
Items of interest
AI Drone Warfare: Global Militaries Accelerate Use of Autonomous Swarms
Bottom Line Up Front (BLUF): Drones have become a central weapon in modern conflicts, with recent wars—such as in Ukraine—showing that a majority of casualties now stem from drone strikes. The global defense industry rapidly advances drone capabilities by integrating artificial intelligence (AI) to enable coordinated swarm attacks and autonomous operations.
Analyst Comments: AI-powered drone swarms represent a significant shift in military strategy, offering nations a low-cost, high-impact tool for offense and surveillance. Civilian drones repurposed for combat illustrate how asymmetric tactics reshape battlefields, eroding the traditional advantage of high-cost weapons systems. As drone warfare expands, questions around control, escalation risks, and defense against autonomous systems will become increasingly urgent. Nations must invest in counter-drone technologies and policies to address these evolving threats.
FROM THE MEDIA: Modern warfare is witnessing a tactical evolution as drones—many designed initially for civilian use—are converted into effective weapons. In the Ukraine conflict, drones have reportedly accounted for over 70% of casualties, often by targeting high-value military assets. Globally, countries are advancing drone capabilities by combining them with AI, enabling real-time coordination and precision attacks. Open-source AI models are being explored to make these systems more scalable and efficient. The focus is increasingly on swarm technology, where hundreds of aerial or underwater drones operate together to overwhelm defenses or secure strategic areas.
READ THE STORY: ARA
The AI Arsenal That Could Stop World War III (Video)
FROM THE MEDIA: AI in warfare is no longer hypothetical; it's inevitable, says Palmer Luckey, an inventor and founder of the defense technology company Anduril Industries. He takes us inside the high-tech arms race to build AI-powered weapons, "killer robots" and autonomous fighter jets at scale — and makes the counterintuitive case for why this may be the surest path to deterrence and lasting peace.
Drones and AI: How Technology is Changing Warfare (Video)
FROM THE MEDIA: Drones, artificial intelligence, and robots are playing an increasingly important role in warfare. New technologies are transforming weapons systems and what happens on the battlefield.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.