Daily Drop (1207)
12-21-25
Sunday, Dec 21, 2025 // (IG): BB // GITHUB // SN R&D
Epstein File Release Sparks Outcry Over Redactions and Political Fallout
Bottom Line Up Front (BLUF): The U.S. Department of Justice has published a heavily redacted batch of documents related to Jeffrey Epstein, including photographs of public figures such as Donald Trump, Bill Clinton, Prince Andrew, and others. The release—just 4,101 documents out of hundreds of thousands—fell short of Congress’s legal mandate for full disclosure by December 20. Lawmakers from both parties are accusing the DOJ of stonewalling, and critics say the release raises more questions than it answers.
Analyst Comments: While the DOJ cites victim protection and ongoing investigations as reasons for redactions, the optics are poor—particularly given how bipartisan the demand for transparency has been. Politicians across the spectrum have connections to Epstein, and this controlled trickle of documents fuels further speculation and conspiracy. The fact that key images and references (e.g., the “masseuse list”) were obscured only deepens suspicion. With digital forensics and data correlation likely underway from journalists and open-source analysts, more substantive revelations may emerge from what’s not redacted in the coming weeks.
READ THE STORY: FT
"The Asian Crime Century" – How Chinese Criminal Networks Went Global
Bottom Line Up Front (BLUF): A sprawling, global web of Chinese criminal networks—evolved from triads and casino junkets—now dominates online fraud, money laundering, illegal gambling, and human trafficking operations from Southeast Asia to beyond. Rooted in historical organised crime, accelerated by pandemic-driven digitalisation, and abetted by legal loopholes, regulatory gaps, and geopolitical complexity, this new generation of transnational Chinese crime is rapidly outpacing law enforcement capabilities.
Analyst Comments: These networks combine digital fluency, transnational logistics, weak enforcement in border regions, and covert state tolerance. They’re agile, borderless, and highly profitable, blending scams, trafficking, gambling, and money laundering into a unified criminal ecosystem. The state-crime nexus, though often indirect, presents a uniquely difficult challenge. United Front work and state security ties make criminal suppression politically sensitive, especially where influence operations overlap with diaspora communities. Expect more criminal migration to weak governance states, greater use of digital currencies, and further co-option of diaspora economic organizations under the guise of “patriotic investment.”
READ THE STORY: The Asian Crime Century
Trump-Brokered TikTok Deal Lets ByteDance Retain Control Over Core US Business
Bottom Line Up Front (BLUF): Despite U.S. legislation mandating a complete divestiture of TikTok’s U.S. operations, ByteDance will retain control of its core business—including e-commerce, advertising, and the recommendation algorithm—under a new joint venture approved by President Trump. Oracle, Silver Lake, and MGX will manage data protection and moderation via a new entity built on TikTok’s US Data Security (USDS) framework. At the same time, ByteDance keeps operational and revenue-driving influence through a complex ownership structure.
Analyst Comments: ByteDance keeps control of TikTok’s most valuable assets while satisfying political optics via a tokenized joint venture. While Oracle is responsible for algorithm oversight, the underlying technology still originates from China, and the app’s recommendation engine—arguably its most influential and controversial component—remains effectively in ByteDance’s control. This structure offers minimal assurance against foreign influence or surveillance, especially given China's strict export controls on algorithms and the licensing framework referenced in the deal. The move appears more like a national-security rebranding exercise than a genuine separation of powers.
READ THE STORY: FT
BlueDelta (APT28) Expands Credential Harvesting Campaign Targeting Ukrainian Webmail Users
Bottom Line Up Front (BLUF): Russia-linked threat actor BlueDelta—also known as APT28, Fancy Bear, and Forest Blizzard—has intensified a credential-harvesting campaign against users of UKR.NET, Ukraine’s leading webmail and news platform. The operation, active from June 2024 to April 2025, demonstrates GRU-backed actors' continued shift toward low-cost, evasive infrastructure to support strategic cyber espionage aligned with Russia’s war objectives in Ukraine.
Analyst Comments: BlueDelta is refining its tradecraft by leveraging free infrastructure (ngrok, Serveo, Mocky APIs) and layering proxies to avoid attribution and detection. The group’s integration of typosquatting, CAPTCHAs, multi-factor phishing, and PDF lures shows an operational evolution—and a detailed understanding of how to bypass modern email defenses. This is classic APT28: cost-effective, persistent, and built for strategic espionage. Organizations serving Ukrainian users or adjacent government, media, and policy circles should harden defenses and expect continued targeting well into 2026.
READ THE STORY: GBhackers
Reshaping the Arsenal of Freedom
Bottom Line Up Front (BLUF): The Department of War (DoW) and the U.S. defense ecosystem are undergoing one of the most comprehensive transformations in decades. Key moves include command realignments, hypersonic missile deployments, rapid acquisition offices (RCOs), revitalized industrial strategies, and contractor accountability mechanisms. From restructuring combatant commands and pushing unmanned systems to targeting vendor lock-in and launching elite tech talent programs, 2025 ends with a stark message: adapt or fall behind—especially in a race with China.
Analyst Comments: While proponents argue it streamlines bureaucracy and reallocates resources toward INDOPACOM and homeland defense, critics warn that shrinking the stature of commands like EUCOM and CENTCOM could reduce U.S. influence in strategically vital regions. The diplomatic, military, and interagency demands placed on 4-star combatant commanders are immense—comparable to those faced by proconsuls in a global empire. Consolidating three theaters and more than 125 countries under one umbrella is unlikely to deliver speed or clarity. Over the long term, we may see these super-commands splinter again as practical realities set in.
READ THE STORY: Defense Tech and Acquisition
AI Training Datasets Contain Private Medical Photos and Stolen Personal Data
Bottom Line Up Front (BLUF): Security researchers have confirmed that private medical images—including post-surgery photos protected by signed consent forms—have been found in the LAION-5B dataset, one of the most significant sources used to train generative AI models like Stable Diffusion and Google Imagen. The discovery highlights that billions of scraped images were ingested without meaningful consent and that data removal is nearly impossible once a model has been trained.
Analyst Comments: We’re not just talking about scraped selfies or memes—researchers found passports, resumes, credit cards, and medical imagery in datasets used to train commercial-grade AI. Consent wasn’t just missing; it was never possible. Datasets like LAION pose an upstream risk for anyone deploying LLMs or image generators, especially in regulated environments (healthcare, legal, finance). If your organization is shipping AI features and hasn’t mapped the provenance of its training data, this isn’t just an IP risk—it’s a liability time bomb. Opt-out toggles are functionally meaningless once data is in the model. The default posture of “scrape now, litigate later” will not survive GDPR scrutiny or U.S. tort discovery.
READ THE STORY: TOXSEC
Cloud Atlas Revives 7-Year-Old Office Exploit in Multi-Stage Espionage Campaign
Bottom Line Up Front (BLUF): APT group Cloud Atlas is actively exploiting the long-patched CVE-2018-0802 Office Equation Editor vulnerability in phishing campaigns targeting Eastern Europe and Central Asia. The group is using complex multi-layered infection chains and newly developed backdoors—VBShower, PowerShower, VBCloud, and CloudAtlas—to deliver modular payloads for espionage, surveillance, and credential theft. The group’s use of legacy exploits shows the persistent threat posed by unpatched systems and outdated enterprise environments.
Analyst Comments: Cloud Atlas continues to send malicious Word docs as phishing lures, leveraging CVE-2018-0802 to drop an HTA that extracts VBS payloads. These deliver VBShower, which orchestrates additional malware, including PowerShower and CloudAtlas—the group’s most advanced backdoor. The malware uses time/IP-restricted servers, stealthy file-grabbing techniques, and Chrome decryption utilities. It communicates over WebDAV and employs DLL hijacking via VLC Media Player. Active campaigns in 2025 focused on government, telecom, and industrial targets in Russia and Belarus. Security teams are advised to harden Office environments, disable legacy macros, and monitor for VBS and HTA execution.
READ THE STORY: GBhackers
Trump Ramps Up Military Pressure on Venezuela, Seizes Tankers in Caribbean Escalation
Bottom Line Up Front (BLUF): President Trump has declared a “total blockade” on US-sanctioned oil tankers heading to and from Venezuela, backed by live-fire operations, satellite-tracked naval deployments, and seizures at sea. The administration refuses to rule out war, with over 14,000 U.S. personnel now stationed in the Caribbean and assets including F-35s, Growlers, and the USS Gerald R Ford carrier group. Tensions are peaking amid claims the blockade is targeting narco-trafficking—but critics say it's a cover for regime change and oil control.
Analyst Comments: From a security standpoint, this level of U.S. hardware movement is extraordinary outside of declared conflict. The Roosevelt Roads base in Puerto Rico has been reactivated, and ISR platforms, Growlers, and amphibious assault ships are positioned for both surveillance and strike operations. The presence of retrofitted command ships like the MV Ocean Trader and radar deployments in Trinidad and Tobago suggest contingency planning beyond simple interdiction. If a Venezuelan navy escort clashes with a U.S. warship—which is now a real possibility—the escalation ladder becomes very short.
READ THE STORY: FT
UK Government Servers Breached in Suspected China-Linked Cyber Espionage Operation
Bottom Line Up Front (BLUF): An investigation is underway into a suspected Chinese cyber espionage campaign that compromised several UK government servers, including systems connected to sensitive parliamentary and defense operations. Initial findings suggest the breach exploited zero-day vulnerabilities and may have persisted undetected for months. The UK’s National Cyber Security Centre (NCSC) and intelligence services are treating the intrusion as part of a broader state-sponsored cyber effort by China targeting Western democracies.
Analyst Comments: This is not just another intrusion—it’s the latest in a long line of aggressive campaigns by Chinese intelligence actors, likely APT31 or a similar MSS-linked group. The concern here isn't only data theft but long-term access and positioning within key UK government systems. These intrusions are often about building strategic leverage: extracting diplomatic communications, understanding legislative strategy, and shaping foreign policy through targeted intelligence. Given the reported duration and depth of the breach, there will be real questions about what was exfiltrated—and what may still be lingering within UK infrastructure. Expect this to accelerate UK cyber hardening and further strain London-Beijing relations.
READ THE STORY: The 420
Narrative as Strategic Infrastructure: Lessons on Resilience from Ukraine’s Energy War
Bottom Line Up Front (BLUF): Ukraine’s defense against Russia is not just a contest of arms—it’s a contest of narratives. Attacks on critical infrastructure, especially energy systems, are designed to erode legitimacy and endurance. Ukraine’s response has shown that resilience is not merely technical but political: the ability to translate disruption into legitimacy, coordinate societal endurance, and maintain alliance cohesion under sustained hybrid pressure. The war offers deep insight into how narratives function as operational control layers—on par with logistics, defense, and diplomacy.
Analyst Comments: The Russian campaign against Ukraine’s energy grid is Clausewitz by the book: pressure on society as a proxy for pressuring policy. But Ukraine’s counter—distributed energy, rapid repairs, and transparent communication have turned an expected collapse into sustained resistance. The actual battlefield isn’t just transformers and power plants; it’s public belief in whether those systems will come back online. That belief shapes behavior—whether civilians stay, whether businesses operate, whether allies send weapons or wait.
READ THE STORY: On the Edge of Resilience
MI6’s New Tech-Focused Chief Quietly Reshapes UK Intelligence Operations
Bottom Line Up Front (BLUF): The UK’s Secret Intelligence Service (MI6) is undergoing a significant shift under its new, tech-savvy director general, whose background is in digital operations and cyber capability development. Appointed earlier this year, she has already made a strategic pivot to focus more aggressively on AI, quantum, and offensive cyber capabilities, prioritizing partnerships with tech firms and start-ups to outpace adversaries such as China and Russia in digital espionage.
Analyst Comments: The new chief—whose identity remains classified—is leveraging her technical background to align MI6’s operational focus with rapidly emerging threats in cyberspace and the quantum domain. This reflects a broader trend across Western intelligence services: espionage is increasingly about software as much as spies. Her leadership also signals a growing willingness to work with private sector disruptors, mirroring the CIA’s In-Q-Tel approach. This pivot is overdue—but long-term success will depend on whether entrenched bureaucracies can adapt to faster, more iterative tech cycles.
READ THE STORY: LNG
25,000+ FortiCloud SSO-Enabled Devices Exposed to Critical Auth Bypass Vulnerabilities
Bottom Line Up Front (BLUF): More than 25,000 Fortinet systems with FortiCloud Single Sign-On (SSO) enabled are potentially vulnerable to two critical authentication bypass flaws (CVE-2025-59718 and CVE-2025-59719), according to new scanning data from The Shadowserver Foundation. These vulnerabilities carry a CVSS score of 9.1 and could allow unauthenticated remote attackers to gain admin access using crafted SAML messages. Patches are available, and organizations are urged to verify exposure and apply updates immediately.
Analyst Comments: The presence of over 25,000 internet-facing FortiCloud SSO devices suggests that either these services are being exposed unnecessarily or that patching is lagging well behind public disclosure. Fortinet’s SSO integrations, while useful for central management, now represent a high-risk entry point—particularly in enterprises with distributed infrastructure and limited segmentation. Expect active exploitation if it isn’t already happening. Until systems are patched, disabling SSO may be the safest route.
READ THE STORY: GBhackers
Items of interest
Researchers Demonstrate Spoofing of Aviation Systems with Off-the-Shelf Tools
Bottom Line Up Front (BLUF): A team of researchers from Georgia successfully simulated fake aircraft using spoofed ADS-B signals transmitted over 1090 MHz. Using open-source tools and hardware such as HackRF, they demonstrated how attackers can inject phantom aircraft into air traffic control systems—without physical access or advanced capabilities. The implications for aviation security are significant, especially given the lack of authentication in core aviation protocols.
Analyst Comments: By abusing the ADS-B (Automatic Dependent Surveillance–Broadcast) system, attackers can fabricate aircraft out of thin air and potentially trigger responses from pilots, air traffic control, or automated systems. The aviation industry’s reliance on unauthenticated radio transmissions such as ADS-B, VHF, and GNSS has always been a risk; now it’s actively exploitable with a $300 SDR and a YouTube tutorial. While mitigation is complex due to legacy constraints, the need for authenticated, encrypted aircraft telemetry is urgent. GNSS spoofing and radio deception are no longer the exclusive province of nation-states.
READ THE STORY: Eye on Cyber
Detecting Aircraft Spoofing With Fly-Catcher (Video)
FROM THE MEDIA: Hackers can pose a threat to aircraft by creating fake aircraft using software-defined radios (SDRs) to spoof ADS-B, a type of tracking signal used by pilots and ATC to locate aircraft.
ADS-B: The Future of Aircraft Surveillance (Video)
FROM THE MEDIA: ADS-B (Automatic Dependent Surveillance-Broadcast) is the backbone of modern air traffic surveillance. Aircraft broadcast their GPS-derived position, altitude, and velocity, which ground stations and other aircraft receive for situational awareness.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.