Wednesday, Feb 12, 2025 // (IG): BB // GITHUB // SN R&D
Xi Attempts to Build an Economic Fortress Against U.S. Pressure
Bottom Line Up Front (BLUF): As tensions with the U.S. rise, China is aggressively investing in technological self-sufficiency, aiming to reduce reliance on foreign products. Xi Jinping’s government is pouring billions into key industries like electric vehicles, semiconductors, and AI, positioning China as a global leader in advanced manufacturing. However, this strategy comes with high costs, trade tensions, and significant challenges, particularly in chip production.
Analyst Comments: China’s push for self-sufficiency directly responds to U.S. trade restrictions and geopolitical pressure. While investments in EVs and AI have yielded global competitiveness, Beijing’s industrial policies are straining financial resources and fueling trade disputes. The long-term viability of this strategy depends on China’s ability to balance economic resilience with diplomatic tensions, mainly as the U.S. implements countermeasures like tariffs and export controls. If successful, China could challenge Western dominance in key sectors, but inefficiencies and reliance on foreign semiconductor technology remain significant obstacles.
FROM THE MEDIA: The government is heavily funding industries like robotics, aerospace, and renewable energy while pushing companies to align with national priorities. Notable successes include the dominance of Chinese EV makers like BYD and the rise of AI firms like DeepSeek. However, China’s ambitious industrial policy is expensive and has led to inefficiencies, particularly in semiconductor development, where U.S. sanctions have stifled progress. Despite these challenges, Beijing remains committed to economic self-sufficiency, viewing it as essential for national security and long-term growth.
READ THE STORY: WSJ
PowerSchool Data Breach Exposes Sensitive Student Records
Bottom Line Up Front (BLUF): A cyberattack on PowerSchool, an education software provider, has exposed highly sensitive student data, including special education status, mental health details, disciplinary records, and custody agreements. The breach affected around 6,500 school districts, with hackers claiming to have obtained data on 62.4 million students and 9.5 million teachers.
Analyst Comments: This breach underscores the vulnerabilities in educational institutions' data security, particularly when sensitive personal information is involved. The exposure of medical alerts, special education statuses, and legal custody records raises significant privacy and compliance concerns under federal and state student protection laws. Schools must reassess their cybersecurity protocols, ensuring stronger data encryption, access controls, and monitoring mechanisms. Additionally, the incident highlights the risks of third-party software solutions handling vast amounts of personal data without adequate security measures.
FROM THE MEDIA: The PowerSchool hack has exposed sensitive student records across multiple school districts, with affected data including medical alerts, special education designations, disciplinary histories, and custody agreements. In Wakefield, Massachusetts, notifications confirmed the exposure of data for hundreds of students, including 708 with special education plans and 1,384 with medical alerts. Toronto’s district confirmed similar breaches, with compromised records dating back to 2017. PowerSchool stated that some of the exposed fields were custom configurations added by individual schools. Education officials and cybersecurity experts stress that schools, as stewards of student data, must improve security measures to prevent future breaches of this scale.
READ THE STORY: The Record
American Bar Association Warns of Threats to Rule of Law
Bottom Line Up Front (BLUF): The American Bar Association (ABA) has issued a strong warning about attacks on the rule of law, citing concerns over the Trump administration’s actions to dismantle federal agencies and undermine judicial independence. The ABA has also joined a lawsuit against the administration for its move to shut down the U.S. Agency for International Development (USAID), marking a rare and direct legal challenge from the legal community.
Analyst Comments: The lawsuit and statements suggest that legal institutions are preparing to oppose policies they view as unconstitutional. The administration’s approach—targeting diversity programs, cutting agency funding, and challenging court rulings—risks further legal battles and public scrutiny. These tensions could lead to broader institutional resistance and increased judicial intervention in executive actions if these tensions escalate.
FROM THE MEDIA: The ABA criticized calls to impeach a federal judge who blocked an administration attempt to access Treasury Department systems, describing such actions as intimidation tactics. ABA President William Bay warned that the administration’s chaotic governance threatens the rule of law and emphasized that courts must safeguard against constitutional violations. The ABA also opposed Trump’s executive order to investigate diversity programs, signaling broader legal challenges ahead.
READ THE STORY: Reuters
AI: Revolutionary or Hype? Investors Say Both
Bottom Line Up Front (BLUF): Silicon Valley investors at the WSJ CIO Network Summit acknowledged that AI is in a hype cycle but insisted that its long-term value is accurate. While AI's full economic impact is still years away, early use cases in coding and customer service already provide returns. The challenge for enterprises is navigating vendor selection, interoperability, and security risks while ensuring AI investments deliver tangible business value.
Analyst Comments: The AI industry is at a crossroads—some companies overpromise while others quietly drive real innovation. Investors from Sequoia Capital and Greylock Partners argue that AI’s impact will be massive, but timelines are uncertain. Businesses must balance short-term AI benefits with long-term strategic bets, all while navigating vendor hype and regulatory uncertainty. Not all startups and incumbents will survive as AI matures, so making careful investment decisions is critical for CIOs and executives.
FROM THE MEDIA: AI-powered automation is already delivering value, particularly in areas like coding and customer support. However, enterprises face challenges in managing data privacy and security and integrating AI-native solutions with legacy technology. A key uncertainty remains whether businesses should place their bets on disruptive startups or rely on established tech giants, as not all players will emerge successful. Despite concerns over market overvaluation in some areas, venture capitalists argue that AI-driven transformation will ultimately expand the market, with long-term success favoring those who focus on real business needs rather than speculative trends.
READ THE STORY: WSJ
DeepMind Advances Distributed AI Training with Streaming DiLoCo
Bottom Line Up Front (BLUF): DeepMind has unveiled Streaming DiLoCo, an enhancement to its Distributed Low-Communication Training (DiLoCo) framework. This approach enables efficient AI model training across decentralized computing clusters using 400 times less bandwidth than traditional methods. The breakthrough could reduce reliance on massive GPU data centers, potentially democratizing AI development and lowering training costs.
Analyst Comments: By enabling distributed, low-bandwidth training, Streaming DiLoCo could decentralize AI development, making powerful models accessible beyond tech giants like OpenAI, Meta, and Google. While promising, challenges remain in network synchronization, scaling efficiency, and real-world deployment. This technique could disrupt the AI arms race by making cutting-edge model training cheaper and more scalable.
FROM THE MEDIA: The approach aligns with recent trends, such as Nvidia’s push for interconnected global data centers, to address AI infrastructure constraints. Experts suggest this could unlock new opportunities for decentralized AI training, with potential applications in federated learning and distributed computing.
READ THE STORY: The Register
Apple Patches iOS Flaw Allowing Unauthorized Access to Locked Devices
Bottom Line Up Front (BLUF): Apple has released emergency security updates to fix a zero-day vulnerability (CVE-2025-24200) that allowed attackers to disable USB Restricted Mode on locked iPhones and iPads, potentially granting unauthorized access to device data. Citizen Lab researcher Bill Marczak discovered the flaw, which may have been used in sophisticated cyberattacks targeting high-profile individuals.
Analyst Comments: This vulnerability highlights ongoing security risks for iOS users, particularly in cases where law enforcement, surveillance firms, or cybercriminals attempt to access locked devices. The exploitation method resembles tools like Cellebrite and GrayKey used for forensic investigations. While Apple has patched the issue, users should update immediately to protect against potential unauthorized access. Additionally, government agencies and privacy advocates will likely scrutinize how this exploit was used and whether it targeted dissidents, journalists, or activists.
FROM THE MEDIA: Apple acknowledged that the flaw had been exploited in the wild but did not disclose specifics about the attack scope or targets. The bug affected all iPhones from the XS model onward and iPads from the 7th generation onward. IOS 18.3.1 and iPadOS 18.3.1 fix the issue by improving state management in USB Restricted Mode. The discovery comes amid growing concerns over surveillance software like Pegasus, which has been used to compromise mobile devices.
READ THE STORY: The Record // THN
Trump’s Crypto Company Launches Strategic 'Token Reserve'
Bottom Line Up Front (BLUF): World Liberty Financial (WLF), a crypto platform in which President Donald Trump holds a financial stake, has created a strategic token reserve to stabilize significant cryptocurrencies like Bitcoin and Ethereum. The reserve is designed to mitigate market volatility, fund decentralized finance projects, and attract institutional partnerships.
Analyst Comments: Trump’s deepening involvement in cryptocurrency signals a broader shift toward mainstreaming digital assets in U.S. financial markets. The strategic reserve could help address concerns about crypto market stability while reinforcing Trump's positioning as a pro-business, tech-forward leader. However, regulatory scrutiny is likely to follow, especially as his administration navigates ongoing debates over crypto regulation. Additionally, WLF's rapid token sales—reportedly totaling $500 million—suggest strong investor interest but raise questions about long-term sustainability and oversight.
FROM THE MEDIA: The reserve is designed to mitigate market volatility, invest in decentralized finance projects, and attract partnerships with financial institutions to expand WLF's tokenized asset holdings. Since its launch, WLF has reportedly sold $500 million in tokens, with Trump and his affiliates controlling a 60% stake in its holding company. The announcement follows Trump’s growing involvement in the crypto space, including the launch of his $Trump meme coin and his family’s expansion into financial services tied to digital assets. At a recent financial summit, Donald Trump Jr. emphasized the need for a regulatory framework that allows crypto to thrive, positioning it as central to the future of finance and American economic influence.
READ THE STORY: Reuters
Google Clarifies Android SafetyCore's Role in On-Device Content Classification
Bottom Line Up Front (BLUF): Google has confirmed that its new Android SafetyCore feature does not perform client-side scanning but provides an on-device infrastructure for detecting unwanted content such as scams, spam, and malware. The clarification comes amid privacy concerns surrounding on-device content classification technologies.
Analyst Comments: The introduction of SafetyCore reflects Google's ongoing efforts to enhance security within Android while balancing user privacy. Unlike client-side scanning (CSS), which has raised concerns over potential government overreach and mass surveillance, Google asserts that SafetyCore operates only when an app requests classification and does not report content to external servers. This places it closer to Apple’s Communication Safety feature, which analyzes messages for sensitive content but does not scan for illegal material. However, as AI-powered classification tools evolve, the cybersecurity community must remain vigilant about potential scope creep and misuse of such features.
FROM THE MEDIA: Google introduced SafetyCore in October 2024 as a security enhancement for Android 9+ devices. It is designed to provide on-device classification of spam, scams, and malware, primarily assisting apps like Google Messages in identifying unwanted content. SafetyCore requires at least 2GB of RAM and is also available for Android Go devices. While some speculated that it might serve as a client-side scanning tool, Google and the GrapheneOS team have clarified that it is not used for scanning or reporting illegal content. Instead, SafetyCore operates locally and is only engaged when an app specifically requests classification. The cybersecurity community remains cautious about on-device AI classifiers, given the potential for privacy violations if misused or expanded beyond their original scope.
READ THE STORY: THN
U.S. Lawmakers Push for DeepSeek Ban on Government Devices
Bottom Line Up Front (BLUF): U.S. lawmakers have proposed the "No DeepSeek on Government Devices Act," citing national security risks associated with the Chinese AI application DeepSeek—the bill introduced by Reps. Josh Gottheimer (D-NJ) and Darin LaHood (R-IL) aim to prohibit the use of DeepSeek on all federal government-issued devices due to its connections to the Chinese Communist Party (CCP) and evidence that it sends user data to China Mobile, a state-owned telecom company. Several federal agencies, including the Pentagon, Navy, and NASA, have already imposed bans.
Analyst Comments: The DeepSeek ban underscores ongoing concerns over China's AI expansion and data collection practices. This move mirrors the TikTok national security debate but with a more aggressive bipartisan push due to DeepSeek’s direct links to China Mobile, a banned entity in the U.S. As tensions in U.S.-China AI competition escalate, additional restrictions on Chinese AI platforms and data security regulations are likely. The private sector is also taking action, with numerous companies blocking DeepSeek at the enterprise level.
FROM THE MEDIA: The Feroot Security analysis also found that the app fingerprints users and tracks them online. Countries including Italy, Australia, South Korea, and Taiwan have already imposed DeepSeek bans, with U.S. lawmakers accelerating efforts to remove them from federal networks. The broader U.S.-China AI conflict is also intensifying, with additional tech sanctions, trade restrictions, and AI policy measures under consideration.
READ THE STORY: CPO MAG
Hackers Exploit Google Tag Manager to Skim Credit Cards from Magento Stores
Bottom Line Up Front (BLUF): Cybercriminals are using Google Tag Manager (GTM) to inject credit card skimming malware into Magento-based e-commerce sites. Security researchers at Sucuri discovered that attackers are leveraging a compromised GTM container to load an obfuscated JavaScript payload from the Magento database, which steals payment data during checkout. At least three sites remain infected, down from six initially identified. The stolen data is then sent to an attacker-controlled remote server.
Analyst Comments: Since GTM is commonly trusted for analytics and tracking, many site administrators may overlook security risks when implementing it. Given Magento’s history of being targeted by Magecart-style attacks, businesses must regularly audit third-party scripts, enforce strict access controls, and monitor for unauthorized modifications. Expect continued abuse of GTM and other legitimate web technologies to deploy stealthy, persistent malware on online stores.
FROM THE MEDIA: The malware is loaded from the Magento database’s "cms_block.content" table, injecting a JavaScript skimmer that captures credit card details during checkout. Similar GTM-based attacks were previously used in malvertising campaigns, proving its effectiveness for covert cybercrime. This attack follows recent DOJ charges against two Romanian nationals involved in physical credit card skimming operations, highlighting the growing global threat to payment security.
READ THE STORY: THN
Triplestrength Cybercrime Gang Hits Victims with Ransomware, Cloud Hijacks, and Crypto-Mining
Bottom Line Up Front (BLUF): A newly identified cybercriminal group, Triplestrength, is attacking victims with a three-pronged approach: deploying ransomware, hijacking cloud accounts, and using compromised systems for crypto-mining. Google's threat intelligence team has been tracking the group since 2023, noting its focus on brute-force attacks, ransomware-as-a-service (RaaS), and illicit cloud resource exploitation.
Analyst Comments: Triplestrength appears to be a financially motivated threat group that combines traditional ransomware tactics with cloud-based attacks. This approach maximizes their financial gain while diversifying attack vectors. Their reliance on older ransomware variants, such as Phobos and LokiLocker, suggests a preference for cost-effective methods over high-profile double-extortion tactics. However, their ability to infiltrate Google Cloud, AWS, Microsoft Azure, and other cloud platforms through stolen credentials and brute-force attacks makes them particularly dangerous to businesses with weak cloud security policies. Organizations should prioritize vigorous password enforcement, multi-factor authentication (MFA), and rapid detection of unauthorized access to mitigate the threat.
FROM THE MEDIA: Google’s security researchers have identified Triplestrength as a small but active cybercrime group engaging in ransomware attacks, cloud hijacking, and crypto-mining operations. The group has been observed on underground forums, selling access to compromised cloud accounts and recruiting cybercriminals. Their ransomware attacks primarily target on-premises Windows systems using ransomware-as-a-service (RaaS) models, without engaging in double extortion. Instead, they encrypt files and demand a ransom for decryption keys. Their cloud hijacking efforts involve stealing credentials from compromised Google Cloud, AWS, Linode, and other platforms, deploying crypto-miners, and racking up massive cloud computing costs for victims.
READ THE STORY: The Register
Elon Musk’s $97.4 Billion OpenAI Bid Increases Pressure on Sam Altman
Bottom Line Up Front (BLUF): Elon Musk has made an unsolicited $97.4 billion bid for OpenAI, challenging CEO Sam Altman’s leadership and complicating OpenAI’s transition to a for-profit model. Musk’s move could force OpenAI’s board to reconsider its valuation and governance, particularly as Microsoft and other investors negotiate their stakes in the company. Altman and OpenAI’s board have rejected the offer, calling it a distraction from their mission to advance AI safely.
Analyst Comments: This bid is the latest escalation in the ongoing feud between Musk and Altman, who co-founded OpenAI but parted ways in 2018. Musk has since accused OpenAI of abandoning its nonprofit mission, while OpenAI has countered that Musk once supported the transition to a for-profit model. Beyond personal conflicts, Musk’s bid could significantly impact AI industry dynamics, particularly as OpenAI seeks to raise to $40 billion in new funding. If successful, Musk would gain control over one of the most influential AI companies, potentially reshaping OpenAI’s direction—or even merging it with his xAI venture.
FROM THE MEDIA: Musk’s offer, backed by a consortium of investors, puts OpenAI’s board in a difficult position as it negotiates with Microsoft and other stakeholders over the company’s future. The bid raises questions about how OpenAI’s nonprofit arm will be compensated in transitioning to a for-profit entity, with regulators in California and Delaware overseeing the process. In response, Altman has publicly dismissed the bid, suggesting Musk is trying to slow OpenAI’s progress rather than genuinely acquire it. Meanwhile, OpenAI Chairman Bret Taylor reaffirmed that the company is not for sale, emphasizing its commitment to its mission. Legal and regulatory hurdles, combined with resistance from OpenAI’s leadership, make it unlikely that Musk’s bid will succeed, but it has certainly intensified the power struggle in AI.
READ THE STORY: WSJ
Arizona Woman Pleads Guilty to Running North Korean IT Worker Scam
Bottom Line Up Front (BLUF): An Arizona woman, Christina Marie Chapman, has pleaded guilty to wire fraud, identity theft, and money laundering for helping North Korean IT workers fraudulently secure jobs at over 300 U.S. companies. From 2020 to 2023, Chapman facilitated the scheme by running a laptop farm and laundering over $17.1 million in illicit earnings, most of which was funneled back to North Korea’s government. The FBI warns that North Korean cyber operatives are increasingly using extortion tactics against U.S. businesses.
Analyst Comments: North Korea’s growing reliance on illicit IT labor schemes is part of its broader strategy to circumvent U.S. sanctions and fund its weapons programs. The FBI’s findings suggest these workers not only steal sensitive corporate data but also extort businesses by holding proprietary information hostage. As scrutiny increases, U.S. agencies will likely tighten hiring regulations, enforce stricter identity verification, and increase monitoring of remote IT hires.
FROM THE MEDIA: The scheme involved fraudulent tax filings, fake work credentials, and remote access from countries like China and Russia. Chapman, who will be sentenced in June 2025, faces up to nine years in prison. The FBI has warned that North Korean cyber operatives are increasingly engaging in extortion—stealing corporate data and demanding ransom payments.
READ THE STORY: The Record
Items of interest
Bitcoin Hunter Aims to Buy Landfill to Recover $728M Hard Drive
Bottom Line Up Front (BLUF): James Howells, a Newport, Wales resident, is making a last-ditch effort to recover a hard drive containing 7,500 Bitcoin (~$728M) by attempting to buy the landfill where he accidentally discarded it in 2013. After a UK court dismissed his lawsuit against the Newport City Council, Howells is now exploring purchasing the soon-to-be-closed site outright. Waste management experts, however, say the odds of recovering the hard drive—due to environmental degradation and sheer volume of trash—are near zero.
Analyst Comments: While Howells’ persistence is remarkable, recovering a drive buried for over a decade in a landfill is an astronomically low probability scenario. This also highlights Bitcoin’s extreme volatility and value retention, as the lost coins were worth mere thousands in 2013 but now exceed $700M. The broader lesson? Secure backups and cold storage solutions are critical for cryptocurrency investors.
FROM THE MEDIA: Howells’ new strategy follows years of legal battles with the Newport City Council, which has consistently denied his excavation requests. The landfill spans 1.4 million metric tons of waste, making the search equivalent to finding a needle in a haystack. Business Waste UK estimates that heat, methane, and toxic leachate likely destroyed the drive’s integrity years ago. Waste experts suggest investing in Bitcoin instead of legal battles may have been the better financial move.
READ THE STORY: The Register
Recovering Millions In Lost Bitcoin | Cryptoland (Video)
FROM THE MEDIA: "Be your own bank" reflects the core libertarian ethos of Bitcoin. But what happens when it goes wrong? A shocking amount of Bitcoins have been lost by their owners either because they lost their passwords or lost their wallets.
$200 Million Worth Of Bitcoin Has Been DISCOVERED In The Trash.. Here's How (Video)
FROM THE MEDIA: Howells says he had 7,500 bitcoins which, at today’s prices, would be worth more than $280 million. He says the only way to regain access to it would be through the hard drive he threw in the trash eight years ago. The Macalinao brothers used a web of bogus identities to create the illusion of a dev community, juicing value on the Saber protocol and Solana blockchain. Now they're moving to Aptos.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.