Daily Drop (1187)

11-23-25

Sunday, Nov 23, 2025 // (IG): BB // GITHUB // SN R&D

China Secures Tanzania Rare Earth Mine After Western Bid Fails: Peak Resources Sold to Shenghe

Bottom Line Up Front (BLUF): Australian firm Peak Rare Earths has been acquired by China’s state-linked Shenghe Resources, handing Beijing control over one of the most promising rare-earth deposits in Tanzania. The mine was once seen as a key opportunity for the West to reduce dependence on Chinese supply chains. The sale reflects a broader trend of Chinese strategic dominance in the critical minerals sector, as Western governments repeatedly failed to backstop or secure alternative mining investments.

Analyst Comments: State-backed buyers, strategic patience, and low-cost market manipulation make it nearly impossible for Western firms to compete without direct government support. Peak’s collapse was predictable—squeezed by falling prices, zero public funding, and geopolitical red tape. The kicker: Shenghe paid eight times the average premium for mining deals. That’s not a market play—it’s a strategic acquisition. With this, China further cements its grip on the rare-earth supply chain just as the U.S. and allies scramble for alternatives amid rising export restrictions. Lessons here are brutal: ideology-free capital wins when the other side won’t even show up.

READ THE STORY: WSJ

White House Opposes GAIN AI Act, Prioritizes Global Chip Market Access Over Export Restrictions

Bottom Line Up Front (BLUF): The Biden administration is pushing back against the proposed GAIN AI Act, a bipartisan bill that would compel U.S. chipmakers like Nvidia and AMD to prioritize domestic companies over international clients—especially China—for advanced AI chip sales. While framed as a national security measure, the White House argues the act could backfire economically and geopolitically, driving China to ramp up its domestic chip production and fragmenting the global semiconductor landscape.

Analyst Comments: The GAIN AI Act reflects rising U.S. anxiety over China’s AI progress, but the White House’s opposition is pragmatic—Nvidia and AMD generate billions from overseas, and cutting off that flow could push China to self-sufficiency faster than expected. Moreover, U.S. firms risk losing their edge if reduced revenue slows R&D. Think of it as Cold War logic in a hyper-globalized economy—the instinct to hoard may weaken the very advantage you’re trying to protect.

READ THE STORY: Opentools

US, China Resume Military Dialogue with Maritime Security Talks in Hawaii

Bottom Line Up Front (BLUF): The U.S. and Chinese militaries held working-level maritime security talks in Hawaii from Nov. 18–20, marking a modest but essential step in reestablishing military-to-military communication after months of strained relations. The Chinese navy described the exchanges as “frank and constructive,” focused on maritime and air security amid increasing regional flashpoints and military posturing.

Analyst Comments: After months of radio silence, this meeting signals a cautious reactivation of crisis communication lines—less détente, more deconfliction. It’s a welcome but limited development, particularly as both navies operate in proximity in the South and East China Seas. While this is not yet a complete reset of mil-mil ties, it shows both sides recognize the risk of escalation from miscommunication or accidents at sea. The timing is also notable—coming shortly after trade and tech dialogues saw signs of softening. Still, don’t expect a return to pre-2018 engagement levels. Beijing remains wary of what it sees as U.S. containment, and Washington continues to deepen ties with regional allies. Think of this as a tactical step, not strategic alignment.

READ THE STORY: Reuters

Nvidia H200 Chip Sales to China Amid AI Trade Truce

Bottom Line Up Front (BLUF): The Trump administration is considering relaxing export restrictions on Nvidia’s H200 AI chips to China, signaling a potential thaw in tech tensions following a recent trade détente with Beijing. If approved, the H200—roughly twice as powerful as China-bound H20 chips—would mark the most advanced U.S. AI semiconductor legally accessible to Chinese firms since October 2022 export controls. The move has sparked backlash from national security hawks, who warn it could aid China’s military AI ambitions.

Analyst Comments: If the H200 is cleared for export, it would mark a significant policy pivot—one that prioritizes economic engagement and market access over maintaining strict technological containment. The chip has far more compute and memory bandwidth than the downgraded H20, raising serious questions about whether current licensing frameworks are keeping pace with the strategic risks of frontier AI acceleration in adversarial states. For Beijing, access to the H200 could meaningfully enhance model training speed and efficiency in military, surveillance, and synthetic biology applications. Washington’s willingness to authorize such transfers likely reflects both industry pressure (from Nvidia and others) and diplomatic tradeoffs negotiated during last month’s Xi-Trump meeting in Busan. But make no mistake—this is a litmus test for the future of AI export controls.

READ THE STORY: Reuters

The U.S.–India AI Moment: Strategic Tech Alliance Gains Momentum

Bottom Line Up Front (BLUF): The U.S. Department of War has streamlined its list of critical technologies from 14 to 6, prioritizing Applied AI, Quantum & Battlefield Information Dominance, Biomanufacturing, Contested Logistics, Scaled Hypersonics, and Scaled Directed Energy. The updated roadmap signals a sharper focus on scalable, deployable capabilities for great-power conflict—but excludes key enablers like autonomy and advanced communications, raising concerns about gaps in future warfighting integration.

Analyst Comments: While the Pentagon is rightly emphasizing scalable capabilities like hypersonics and directed energy, and aligning AI efforts with operational decision-making, several omissions stand out. Most notably, autonomy—arguably the backbone of future unmanned and distributed warfare—is missing. That’s a problem, especially given the DoD’s investments in collaborative combat aircraft (CCA), drone swarms, and uncrewed maritime systems. Similarly, burying advanced comms and EMSO under the quantum banner risks underplaying the importance of survivable networks and spectrum dominance in near-peer conflict. This list says a lot about what the Pentagon wants to build—but just as much about what it’s struggling to integrate.

READ THE STORY: SCSP

Ukraine, U.S. to Hold Peace Talks in Switzerland Amid Growing Pressure for War Endgame

Bottom Line Up Front (BLUF): Ukraine and the United States are set to begin consultations in Switzerland on the potential framework for ending Russia’s war, according to Kyiv’s National Security and Defence Council. The talks, confirmed by Ukrainian security chief Rustem Umerov, reflect escalating international pressure to transition the conflict toward a negotiated settlement. The delegation, approved by President Zelensky, will include top national security officials and be led by his chief of staff.

Analyst Comments: The venue (Switzerland), the timing (on the sidelines of G20 coordination), and the language (“parameters of a future peace agreement”) suggest a shift from battlefield stalemate to political realism. Kyiv’s public messaging remains firm: no compromise on sovereignty. But behind closed doors, these talks mark the beginning of what could become a slow, phased transition toward an armistice—likely conditional on security guarantees, reconstruction terms, and control over frozen Russian assets. Whether this amounts to a diplomatic breakthrough or just a diplomatic placeholder will depend on how much leverage Ukraine still holds after a grinding year of attrition.

READ THE STORY: Reuters

Russia Escalates Hybrid Warfare Against Europe: Implications for NATO

Bottom Line Up Front (BLUF): Russia is ramping up hybrid warfare operations across Europe, deploying a coordinated mix of cyberattacks, disinformation, and economic disruption to destabilize governments and fracture alliances. The strategic pressure is forcing NATO to accelerate cyber defense integration and expand joint resilience efforts. The escalation presents an ongoing threat to European political cohesion, with disinformation targeting democratic processes and digital infrastructure increasingly vulnerable.

Analyst Comments: Russia’s hybrid warfare strategy blends conventional force posturing with cyber ops, economic coercion, and psychological manipulation. Platforms like X (formerly Twitter) are seeing spikes in discourse around foreign influence operations, particularly targeting Eastern European states. NATO has increased cyber exercises and launched new tech-sharing initiatives to bolster defenses, but adaptation challenges remain. Disinformation campaigns have been linked to attempts at electoral manipulation and social polarization across multiple EU countries.

READ THE STORY: Meyka

Iranian Operations Expose Israeli Security Weaknesses Across Cyber and Physical Domains

Bottom Line Up Front (BLUF): A string of cyber and physical infiltrations tied to Iran has exposed deep security vulnerabilities in Israel’s defense and intelligence apparatus. Incidents include cyber breaches of military industry personnel data, access to sensitive documents from defense firms, human infiltration of military bases, and the arrest of multiple individuals—including active-duty soldiers—accused of espionage for Iran.

Analyst Comments: The recent wave of Iranian-linked activity reveals a coordinated effort targeting Israeli systems, personnel, and infrastructure across digital and human vectors. The blending of zero-day cyber operations with physical infiltration and recruitment of insiders echoes TTPs seen in advanced intelligence services like the GRU or MSS. The most alarming signal is the erosion of insider trust: arrests inside IDF bases, theft of weaponry, and compromise of air force documents point to serious lapses in internal counterintelligence. Expect accelerated hardening efforts within Israel’s defense sector and broader regional implications as espionage thresholds shift.

READ THE STORY: WAWA

MSS Sensationalizes National Security: Public Fear as a Counterespionage Tool

Bottom Line Up Front (BLUF): The Chinese Ministry of State Security (MSS) has intensified its public-facing propaganda, using sensational WeChat campaigns to portray a sweeping range of foreign espionage threats—from VPN apps and smart TVs to social media influencers and scholarly exchanges. The strategy aims to instill hyper-vigilance in the public and reinforce anti-Western sentiment under the banner of Xi Jinping’s “comprehensive national security concept.”

Analyst Comments: The MSS’s latest public messaging strategy shows a clear shift: from shadowy secret police to social media counterespionage influencer. But make no mistake—this isn’t about transparency. It’s about mobilizing the masses as digital informants. The breadth of “spy threat” examples—from card games to travel videos—reveals less about actual tradecraft and more about the Party’s intent to cultivate a climate of normalized suspicion, particularly toward the U.S. and its allies. While these efforts may improve baseline awareness of foreign intelligence risks, they also serve to chill international academic exchange, tech collaboration, and even casual overseas travel by PRC citizens.

READ THE STORY: Jamestown

Escaping the Great Firewall: Still Possible, But Fewer Are Trying

Bottom Line Up Front (BLUF): Despite the continued evolution of China’s Great Firewall (GFW), determined Chinese users can still bypass censorship using VPNs, global SIMs, or free proxy apps. However, increasingly effective domestic alternatives, selective enforcement, and widespread digital convenience have created a population that essentially chooses to stay within the bounds of the China-Net. The real firewall today may be less technical—and more psychological, economic, and social.

Analyst Comments: The perception that the GFW is either unbreakable or trivial to bypass misses the point. Both realities exist, depending on user intent, technical ability, and risk tolerance. Bypassing controls is possible—if you’re motivated. But the Chinese government doesn’t need to stop 100% of data flow to control the narrative. What it needs is to make climbing the wall inconvenient, unnecessary for most, and risky enough to deter scale, while offering a dopamine-rich app ecosystem inside the wall. And it’s working. The vast majority of Chinese internet users now operate within a walled digital garden that offers content parity (entertainment, shopping, news, finance) with global platforms—just without the friction or the uncomfortable truths. Combine this with increasingly seamless mobile ecosystems, language segmentation, payment integration, and platform nationalism, and the result is behavioral containment, not just technical censorship.

READ THE STORY: Netaskari

China Unveils Water-Based eVTOL Launch Platform to Accelerate Low-Altitude Economy

Bottom Line Up Front (BLUF): Chinese eVTOL manufacturer AutoFlight has unveiled a mobile, water-based vertiport that enables rapid deployment of vertical take-off and landing (eVTOL) aircraft in both offshore and inland water environments. The innovation is part of China’s broader strategy to lead the global low-altitude economy, projected to exceed $210 billion by 2025. The system supports 2-ton-class aircraft for passenger, cargo, and emergency operations and is designed for rapid integration into offshore wind farms, maritime logistics, and coastal transit networks.

Analyst Comments: China is betting big on the “low-altitude economy,” and this water-based eVTOL launch pad is a serious leap forward. By bypassing the limitations of traditional land infrastructure, AutoFlight’s system enables faster scaling of sea-air operations for both civilian and dual-use purposes. The implications go beyond tech demonstration: this could underpin China’s maritime logistics, offshore energy servicing, and even surveillance or rapid-response capabilities in disputed waters. The fact that these vertiports are mobile, powered by solar plus storage, and already delivered to early clients suggests this is not just R&D theater—it’s fieldable. Also noteworthy is the contrast with slower-moving Western regulatory and infrastructure rollouts in urban air mobility (UAM).

READ THE STORY: GT (CN)

DoW Narrows Critical Tech Focus to Six: AI, Quantum, Hypersonics, and More

Bottom Line Up Front (BLUF): The U.S. Department of War has streamlined its list of critical technologies from 14 to 6, prioritizing Applied AI, Quantum & Battlefield Information Dominance, Biomanufacturing, Contested Logistics, Scaled Hypersonics, and Scaled Directed Energy. The updated roadmap signals a sharper focus on scalable, deployable capabilities for great-power conflict—but excludes key enablers like autonomy and advanced communications, raising concerns about gaps in future warfighting integration.

Analyst Comments: While the Pentagon is rightly emphasizing scalable capabilities like hypersonics and directed energy, and aligning AI efforts with operational decision-making, several omissions stand out. Most notably, autonomy—arguably the backbone of future unmanned and distributed warfare—is missing. That’s a problem, especially given the DoD’s investments in collaborative combat aircraft (CCA), drone swarms, and uncrewed maritime systems. Similarly, burying advanced comms and EMSO under the quantum banner risks underplaying the importance of survivable networks and spectrum dominance in near-peer conflict. This list says a lot about what the Pentagon wants to build—but just as much about what it’s struggling to integrate.

READ THE STORY: Building Our Future

Pentagon Invests $29.9M in ElementUSA to Extract Critical Minerals from Industrial Waste

Bottom Line Up Front (BLUF): The U.S. Department of War has awarded $29.9 million to Texas-based ElementUSA to build a demonstration facility in Louisiana for extracting gallium and scandium—both critical to defense technologies—from alumina production waste. With China currently dominating global supply chains for these minerals, this project is a strategic move to secure a domestic, non-mining-based source of materials vital to missile systems, sensors, and aircraft.

Analyst Comments: The Pentagon’s funding supports the development of a facility that will extract and refine gallium and scandium from the waste generated during alumina production—an approach ElementUSA claims will eliminate the need for additional mining. Gallium is widely used in semiconductors and defense tech; scandium strengthens aluminum alloys used in aerospace. Currently, North America’s capacity to refine these minerals is limited, with Canada’s Rio Tinto being the only regional scandium producer of note. ElementUSA has not disclosed a production start date and is still scaling its technology.

READ THE STORY: The Register

ENISA Becomes CVE Program Root, Strengthening Europe’s Vulnerability Management Framework

Bottom Line Up Front (BLUF): The EU Agency for Cybersecurity (ENISA) has been officially designated as a CVE Program Root, giving Europe a centralized role in global vulnerability coordination. This move establishes ENISA as a trusted issuer of CVE IDs and the central authority for vulnerability disclosure across the EU, directly supporting the EU Vulnerability Database (EUVD), NIS2, and the Cyber Resilience Act. While the designation grants strategic autonomy in vulnerability management, successful implementation will depend on sustained funding and tooling harmonization.

Analyst Comments: For years, the EU has relied on US-based infrastructure like MITRE and NVD—both powerful but bottlenecked, as the recent NVD backlog made painfully clear. With ENISA now a CVE Program Root, the bloc gets something it’s long needed: sovereignty over its vulnerability data. That’s a win for regional coordination, faster CVE assignment, and legal clarity for EU researchers and vendors. But the operational load will be steep. ENISA is already stretched thin with the EUVD rollout and regulatory enforcement under NIS2 and the Cyber Resilience Act. If they can pull this off, Europe could lead the way in modernized, legally grounded vuln management. If not, the fragmentation risk returns.

READ THE STORY: ISG

SonicWall SSLVPN Bug (CVE-2025-40601) Can Crash Gen7 and Gen8 Firewalls

Bottom Line Up Front (BLUF): SonicWall has disclosed a high-severity stack-based buffer overflow vulnerability (CVE-2025-40601) affecting the SSLVPN component in SonicOS on Gen7 and Gen8 firewalls. If exploited, it allows unauthenticated remote attackers to crash the device, resulting in a denial of service. No in-the-wild exploitation has been reported, but administrators are urged to patch immediately or disable SSLVPN as a workaround.

Analyst Comments: While it’s not RCE (yet), any unauthenticated denial-of-service against network perimeter hardware is valuable for both opportunistic and advanced actors, especially when paired with exploit chaining or as a precursor to deeper compromise. SonicWall’s confirmation that no PoC or exploitation has been seen yet should not be mistaken for safety. Gen7 and Gen8 appliances are widely deployed in SMBs and MSSP environments—expect mass scanning if a PoC drops. If you can’t patch immediately, disable SSLVPN or restrict it by IP.

READ THE STORY: SA

LINE Messaging Bugs Open Asian Users to Cyber Espionage

Bottom Line Up Front (BLUF): Critical flaws in LINE’s custom encryption protocol that expose millions of users in Asia to message replays, impersonation attacks, and plaintext leakage. These vulnerabilities—confirmed through successful man-in-the-middle (MiTM) testing—undermine the app’s end-to-end encryption guarantees. Despite prior claims of patching similar issues in 2019, the new version (Letter Sealing v2) remains vulnerable, with no confirmed remediation plans from LINE.

Analyst Comments: Custom crypto strikes again. LINE’s attempt to roll its own encryption protocol—already a red flag—has resulted in precisely the kind of design flaws cryptographers warn about. Message replay and impersonation attacks are particularly damning, especially in politically sensitive regions like Taiwan or for users conducting sensitive business over the app. Given LINE’s “super app” status in countries like Japan and Thailand—handling everything from banking to e-government—these flaws represent a serious cyber-espionage risk, especially if a state actor gains MiTM access. The bigger concern? LINE appears unwilling or unable to meaningfully redesign its flawed protocol, leaving users with few options but to trust a leaky system.

READ THE STORY: DR

Qilin Ransomware Incident Shows How Minimal Visibility Still Yields High-Value Forensics

Bottom Line Up Front (BLUF): Huntress Labs investigated a Qilin ransomware intrusion with severely limited visibility—only a single endpoint was monitored, and the agent was installed after the attack. Despite these constraints, analysts uncovered that the threat actor used a rogue ScreenConnect instance, disabled Windows Defender, attempted to run infostealers, and launched ransomware remotely from another compromised system. This case highlights the power of forensic analysis using unconventional but persistent telemetry sources like PCA logs and AmCache.

Analyst Comments: The Qilin affiliate used familiar RMM tooling and infostealers in a botched execution attempt, but still managed to deploy ransomware via lateral movement. The report reinforces two key takeaways: (1) threat actors often reuse RMM infrastructure and mimic legitimate installs (e.g., LogMeIn.msi); and (2) defenders should treat failed payloads as serious red flags, not relief. Even in a post-breach deployment, tools such as PCA logs and event records can effectively reconstruct timelines. Organizations relying solely on agent-based visibility are likely blind to the lateral stages of the kill chain.

READ THE STORY: BleepingComputer

VPN Encryption Principles Dissected: Tunneling and Key Negotiation Build Secure Links on Public Networks

Bottom Line Up Front (BLUF): An in-depth FreeBuf analysis breaks down how VPNs use tunneling protocols and encryption mechanisms to create logically isolated, encrypted communication channels over insecure public networks. Through encapsulation techniques and secure key exchange protocols like IKEv2 and TLS 1.3, VPNs enable private, authenticated, and tamper-resistant data transfer without requiring dedicated physical infrastructure.

Analyst Comments: The breakdown of tunneling layers (encapsulation → transit → decapsulation) and the practical configuration of OpenVPN offer a clear view into real-world deployment. What’s often missed in general discussions is emphasized here: VPNs are only as secure as their endpoint hygiene, certificate trust, and key lifecycle management. Strong encryption is nullified if keys are stale or client devices are compromised. Also notable is the callout to post-quantum crypto—VPNs relying on RSA/ECC may soon need to pivot.

READ THE STORY: Freebuf

NSO Group Fights WhatsApp Ban in Pegasus Spyware Case, Citing National Security Needs

Bottom Line Up Front (BLUF): Israeli surveillance firm NSO Group is appealing a U.S. federal court ruling that bans it from using WhatsApp’s infrastructure to deliver its Pegasus spyware. The company argues that the decision misinterprets U.S. cybercrime law and endangers legitimate government surveillance operations. WhatsApp, however, maintains that NSO violated the Computer Fraud and Abuse Act by exploiting its servers to infect around 1,500 devices via zero-click vulnerabilities.

Analyst Comments: NSO’s appeal hinges on national security rhetoric, but the facts remain: Pegasus used WhatsApp’s infrastructure to deploy remote spyware—without user interaction or consent. Courts aren’t buying the argument that enabling this kind of access is somehow protected. For defenders, this reinforces the idea that communications platforms are not just transit layers but also attack surfaces. Expect tighter controls on third-party traffic routing and greater scrutiny of surveillance tech firms that claim “lawful use” while employing nation-state–level intrusion tools.

READ THE STORY: RHC

Teen Scattered Spider Suspects Plead Not Guilty in TfL Cyberattack Case

Bottom Line Up Front (BLUF): Two British teenagers, allegedly linked to the Scattered Spider threat group, pleaded not guilty to serious Computer Misuse Act charges stemming from the 2024 cyberattack on Transport for London (TfL). One suspect also faces U.S.-based charges related to healthcare-sector intrusions. Prosecutors are pursuing conspiracy charges with potential life sentences, underscoring how the UK is elevating legal consequences for cybercrime, impacting critical infrastructure.

Analyst Comments: Thalha Jubair (19) and Owen Flowers (18) were arrested by the UK’s National Crime Agency (NCA) in September 2025 and are accused of conspiring to damage computer systems, including attacks on TfL, U.S.-based SSM Health, and Sutter Health. The NCA claims millions in damages were inflicted during the TfL attack, describing it as a strike against the UK’s critical national infrastructure. Jubair also faces a charge for refusing to disclose device passcodes, while the U.S. DOJ has unsealed a separate criminal complaint against him. Both suspects remain in custody as the case moves forward. The NCA and FBI are continuing to target Scattered Spider and affiliated groups in ongoing investigations tied to victims in healthcare, retail, and the public sector across the UK and U.S.

READ THE STORY: The Record

Items of interest

Trump Peace Plan Echoes Russia’s Core Demands in Ukraine War Negotiations

Bottom Line Up Front (BLUF): A draft peace proposal backed by President Trump incorporates several of Russia’s long-standing conditions for ending the war in Ukraine, including territorial concessions, military downsizing, and halting NATO expansion. While the plan has stirred backlash in Kyiv and across Europe, it aligns closely with Moscow’s original war aims—suggesting a potential diplomatic victory for Russia after years of battlefield attrition and strategic messaging.

Analyst Comments: The 28-point Trump-backed peace framework includes Russian-friendly provisions such as territorial concessions in eastern Ukraine, barring NATO membership for Kyiv, and cutting Ukraine’s military by nearly one-third. Though Trump has suggested he’s open to revisions, Russia has praised the document as a strong basis for a deal. Meanwhile, Ukraine remains wary, citing past agreements violated by Moscow and warning that the plan could leave the country politically destabilized and militarily vulnerable. Some points fall short of Russian maximalist goals—such as complete disarmament and bans on long-range weapons—but the broader shift toward accommodating Russia’s position has alarmed U.S. allies.

READ THE STORY: WSJ

Trump Team Secretly Negotiating Ukraine Peace Deal with Russia (Video)

FROM THE MEDIA: Reports suggest the Trump team is secretly negotiating a potential peace deal between Ukraine and Russia. Sources claim discussions focus on ending the ongoing conflict while navigating geopolitical challenges. The move could have major implications for U.S. foreign policy, Ukraine’s sovereignty, and regional stability.

What is Trump’s peace plan for the Ukraine war, and why is it controversial (Video)

FROM THE MEDIA: A 28-point US-backed peace plan, hatched during “secret” talks, has been revealed and presented to Volodymyr Zelenskyy. He’s under pressure to agree to a framework, or face consequences - but he says he won’t betray their national interests.

The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.