RSnake Report 20250323

Gaza ceasefire over, auto-pen signed pardons may not be valid, etc.

What's In the News

Hello, and thanks for reading! Spring is finally here, though you might have thought that for a while if you lived in Austin with 80-90-degree temps. I’ve had a lot of house guests this week and have not had time to track down an issue with delivery of my newsletter, so if you are seeing some delivery issues, that is a known issue, and I’ll get to it. Let’s get to the news.

Let’s start with Ukraine/Russian news where Ukrainian forces appear to have taken a page from Russia’s playbook and are now using those wacky anti-drone nets over their roads. These awkward but apparently effective spiderwebs of netting have begun appearing along Ukraine’s most vulnerable logistical routes, mirroring Russia’s earlier deployments around Bakhmut, and tacitly admitting that it is an effective defense- despite how much hate the Russians got about it.

Russia lit up Odesa with a massive drone assault that hit shopping centers and residential buildings city-wide. This happened around the same time that Trump announced a ceasefire on energy and infrastructure, and Russia bombed a power station in Sloviansk/Kropyvntskyi, blacking out large swaths of the Donetsk region. Doesn’t look like that ceasefire is working as expected.

“Russian drone attack on Odesa”

But Ukraine is punching back. A massive drone strike on Engels-2 Air Base in Saratov Oblast, home to Russia’s elite fleet of Tu-160/M2 strategic bombers, resulted in an explosion reportedly audible over 20 miles away. More details confirmed that a newly arrived Kh-101 missile was likely the source of the spectacular detonation, scattering debris across a five-kilometer radius. One of the more fascinating parts of this strike was the strike’s precision was credited to slow, evasive drone flight paths. The longer range of these drones isn’t being used just to strike further away; it is to make long meandering paths around air defense. Pretty interesting.

“Russia’s “Engels-2” Air Base"

Ukraine also seemingly reached deeper into Russia’s underbelly, as the Yaysk oil refinery in Kemerovo went up in flames, 3,200 kilometers (2k miles) from the frontlines. I am increasingly thinking that Ukraine is smuggling surface-to-surface missiles and drones into Russian borders and firing them from there to hit these long shots. Pretty incredible. It’s also pretty good evidence that there is no substantive air defense within the

Moscow has got a shiny new toy: the S-500 Prometheus, a next-gen air defense system that’s supposedly capable of knocking out stealth aircraft, ICBMs, and hypersonic weapons. There are “no countermeasures,” is the claim, but color me extremely skeptical. Maybe they mean there are no countermeasures from being targeted vs destroyed in flight by counter-missile systems, but even that sounds unlikely to be true.

In European news, mass protests against Serbian President Aleksandar Vučić took over the streets, with what appeared to be nearly the entire capital city demanding his resignation.

“Serbian capital”

The Serbian police rolled out what looks a lot like an active denial system typically used for crowd control through millimeter wave microwave radiation. I have heard it described as extremely painful but short-lived where people feel they are on fire due to the fact that it bypasses the epidermis and lights up the nerves beneath. Based on people’s reactions, that seems about right. The real risk isn’t so much to them directly, but due to stampeding, and based on what we saw, yeah, that seems likely. Pretty crazy video either way.

“Energy weapon likely used against Serbian protestors”

Meanwhile in Asian news, China is soon to be glowing from the light of a brand new thorium nuclear reactor. China just confirmed full power operation of the TMSR-LF1, the world’s first thorium molten salt reactor brought online since the U.S. scrapped theirs in 1969. Using Pa-233 bred from thorium, it's a fundamentally different kind of nuclear power: more stable, safer, and critically, not easily weaponized. The fact that they are beating the US on energy tech is not great.

“thorium-containing molten salt reactor”

Starting in Turkey, where Erdoğan’s economic experiment has cause the Turkish Lira to approach hyperinflation. This is really not good when they are fighting a war on two fronts in Syria, funding and training the Syrian proxy government and their ongoing conflict with the Kurds in the north.

“The Turkish Lira has hyperinflated”

Meanwhile, the Red Sea has become a live-fire demo zone for the U.S. Navy, which continues its CENTCOM-led operations against Iranian-backed Houthis in Yemen. For about a week straight now, F/A-18F Super Hornets took off from the USS Harry S. Truman to rain JSOW munitions down on Western Yemen.

“CENTCOM operations against Iran-backed Houthis continue”

Syria, which seems to be coming into its own under the new government, launched MLRS strikes on Hezbollah targets in northeastern Lebanon, an extremely rare move prompted by the kidnapping and execution of three Syrian soldiers near Homs. That region is an absolute mess, but it might explain why Israel has not done more to combat the former ISIS troops—enemy of my enemy and all. Likely, Hezbollah is upset because ISIS destroyed a lot of the Hezbollah money-making schemes in Syria, including Hezbollah-run liquor stores.

Over in Gaza, the ceasefire is officially over, with Netanyahu blaming Hamas for refusing to release the remaining hostages. Airstrikes resumed almost immediately. Israel’s former National Security Advisor put it bluntly: peace with Hamas is not on the table. Eliminating the group entirely and rebuilding Gaza from scratch is now the stated goal. They don’t mean killing every civilian like the press likes to make it out to seem, but it almost certainly would involve mass deportations.

In Lebanon, Tyre was hit by Israeli strikes in response to rocket fire from Hezbollah, with the IDF also targeting command nodes and rocket launchers in southern Lebanon. Israel is now fighting Hezbollah in the north, Hamas in the south, and public opinion everywhere else.

“strikes on Hezbollah targets in southern Lebanon”

South of the border, El Salvador continues its transformation into a prison-industrial state, now with international franchises. President Nayib Bukele announced that 238 members of Venezuela’s Tren de Aragua gang have arrived from the United States and were immediately funneled into CECOT, his showpiece “Terrorism Confinement Center,” where they’ll join 40,000 other inmates sewing, welding, and other manual labor tasks. The U.S. tossed in 23 MS-13 gangsters for good measure, including two big fish from the group’s top hierarchy. Part of me hates that this is a thing, and part of me thinks that these people will never stop until the punishment matches the crimes of ruining so many people’s lives.

Meanwhile, Colombia’s FARC has decided drones are for more than just weddings and volcano footage. New footage suggests FARC units are actively using drones. If true, this marks yet another escalation in how legacy insurgent groups are adopting 21st-century tools with all the subtlety of a flashbang in a library. Also, isn’t it funny how most people thought FARC was dead and disarmed? If you read my counterfactual newsletter on LinkedIn, you know I suspected they could easily become a new force in that region, especially with drone tech.

Back in the U.S., Trump is now arguing that Biden’s last-minute pardons are invalid because they were signed by autopen, not Biden himself. Included in the list are everyone from Dr. Fauci to General Milley to family members and members of the J6 Committee. Keep in mind, this is a man who, according to Robert Hur, was a "well-meaning elderly man with a poor memory," with the final statement saying that it wouldn’t make sense to put him on trial. Ostensibly unfit for trial but fit enough to sign pardons? That will be the major issue to overcome for the former Biden administration if these autopen signatures need to hold.

“Biden’s last-minute pardons are void due to ‘autopen’ use”

IICE wants to make deportation “user friendly.” Their new CBP Home app now includes a feature for “intent to depart,” a polite way of saying: if you’d like to self-deport, there’s an app for that. Kinda funny to think that the US built an app that more or less says, “I’d like to leave the country now.” This really isn’t a minor point, though, because if they don’t opt to leave, they may never be eligible to return and face fines, etc.

There has been a rash of vandalisms against Teslas, including in Las Vegas, where presumably Democrats set Teslas on fire. This is after the nazi engravings and even poo smeared on the vehicles. Most of these people will end up in jail, and the cars are likely insured, so aside from ruining the environment and being self-defeating, it’s not clear what the hope is.

“several Tesla vehicles engulfed in flames”

The COVID discourse is still evolving with a new 99 million-person study has surfaced with scary numbers on post-vaccination adverse effects. The findings suggest spiking risks for myocarditis, encephalomyelitis, and other rare conditions. “The chances of experiencing a neurological event after acute SARS-CoV-2 infection were found to be up to 617-fold greater than following vaccination, indicating that the benefits of vaccination substantially outweigh the risks.” So, while not safe, it is safer than the alternative.

Meanwhile, Trump unveiled the F-47 fighter, calling it the most advanced and lethal aircraft ever built. Apparently, it’s been flying in secret for nearly five years with thousands of hours of flight time and reportedly overpowers anything else in the sky. I wouldn’t be surprised if the claims of its stealth are accurate, but what else it’s capable of is likely around advanced sensor fusion.

“The F-47 will be the most advanced, most capable, most lethal aircraft ever built.”

In tech news, there is another nail in the copyright coffin, thanks to Gemini 2 Flash, which can now remove watermarks from images with unsettling ease. I keep saying that copyright and LLMs cannot co-exist, but this is a different version of that where copyright is simply obliterated and the content stolen without a care in the world. It’s both neat and kind of proves that information does want to be free, and by free, I mean only the cost to produce and distribute it.

“removing watermarks in images”

Hackers have figured out a way to make it so that our wired headphones are transformed into remote microphones. According to new research, headphone cables act like antennas, meaning attackers can listen in from up to 15 meters away without touching your device. So, if you thought ditching Bluetooth for a cable made you more secure, nope. This is why we can’t have nice things.

“listen to your wired headphones (up to 15 meters away)”

In Florida, a drone light show lit up the sky with a glowing thank-you message to Trump, complete with synchronized formations and patriotic iconography. It's a fairly silly light show in some ways, but clearly, the drone swam they used rivaled what we see in China on a somewhat regular basis, which is ultimately a good thing.

In a darker corner of the world, Infosec drama appeared with a startup called Unciphered. It turns out Morgan Marquis-Boire, an alleged sexual predator who lost count of the number of women he raped, was secretly co-founder of the crypto recovery firm, using the alias “Frank Davidson” the entire time. Even worse, Eric Michaud, another security industry darling, co-founded it with him. So that company is due for some internal upheaval. Eric is out, since presumably he knew about Morgan’s role, and it’s not clear what happens to his and Morgan’s shares. It's a pretty ugly situation.

Over in the fiat economy, car owners are discovering that keeping their vehicles might be harder than affording eggs. The number of borrowers who are 60+ days late on car payments just hit the highest level ever recorded. That’s not a typo. As the cost of vehicles, interest rates, and basic existence skyrocket, delinquency rates are showing us what the Fed won’t: Americans aren’t “pausing” consumption; they’re getting repoed.

“at least 60 days late on their car payments is at the highest on record”

Okay, onto the articles!

Geopolitics

The Sudanese army has seized control of the central bank headquarters in Khartoum from the Rapid Support Forces (RSF) amid ongoing conflict. This military victory follows the army's recapture of the presidential palace, but RSF retaliated with a drone attack that resulted in casualties among journalists and soldiers. The conflict has led to significant humanitarian crises, with a large number of casualties and displacements since its escalation in April 2023.

  • The Sudanese army claims control over the central bank amidst military advances in Khartoum.

  • The conflict between the Sudanese army and RSF has resulted in a humanitarian crisis with many deaths and displacements.

[RSnake: The number of drone-related explosions entering the mainstream media is pretty awful. We are going to need a lot more counter drone defenses. These are not difficult items to smuggle into the US, even with a relatively closed southern border.]

Source: https://www.aljazeera.com/news/2025/3/22/sudans-army-seizes-control-of-central-bank-amid-steady-gains-in-khartoum?traffic_source=rss

Israeli air strikes in Gaza have increased following the end of a ceasefire, resulting in significant casualties, including the death of a prominent Hamas leader. Tensions escalated with ongoing military operations by Israel in response to prior attacks from Hamas, leading to widespread destruction in Gaza and substantial loss of life among Palestinians.

  • Israeli air strikes resumed in Gaza after a ceasefire ended, with significant casualties reported.

  • The conflict between Israel and Hamas has intensified since the October 2023 cross-border attack.

[RSnake: Now we see if Israel + the US has the resolve. It also questions how much Egypt will handle this situation. Will they help transport these people elsewhere? You can’t exactly just drive them into the sea, they do have to migrate somewhere.]

Source: https://www.bbc.com/news/articles/cq5zxe5l58go

The IRS is nearing a data-sharing agreement with ICE that would allow immigration officials to use tax data to support deportation agenda.

  • The IRS would be able to check names against its confidential databases using sensitive taxpayer information to further the Trump administration's immigration policies.

  • Section 6103 of the federal tax code requires the IRS to keep individual taxpayer information confidential with certain limited exceptions.

[RSnake: Interesting. I wonder how many illegals are paying taxes, though, or if there is some other way that it helps them identify illegals.]

Source: https://abcnews.go.com/Politics/irs-close-finalizing-data-sharing-agreement-ice-sources/story?id=120063278

Former Philippine President Rodrigo Duterte is standing trial at the International Criminal Court for crimes against humanity related to his controversial drug war, during which thousands of people were reportedly killed. Human rights advocates claim the death toll may be as high as 30,000, while Duterte's administration officially counts around 6,252 fatalities from police encounters.

  • Rodrigo Duterte is on trial for crimes against humanity due to his drug war policies.

  • Human rights organizations assert that the number of deaths during Duterte's drug war may be significantly higher than official figures.

[RSnake: Pretty interesting to see how this is ending up. I think he is quite different than Bukele, and despite his crackdown on drugs, he was pretty corrupt, whereas Bukele seems to want to stay on the good side of history. We shall see, though. The public is fickle.]

Source: https://www.nytimes.com/2025/03/23/opinion/duterte-icc-drugs-victims.html

Jews and Israelis are facing increasing global anti-Semitism, exacerbated by sophisticated propaganda that distorts perceptions of Israel and Jewish communities. Violent incidents against Jews and the normalization of anti-Zionism as a form of anti-Semitism are rising, leading to fears for the safety of Jews both in Israel and the diaspora. The situation is deemed more complex and perilous than historical anti-Jewish sentiments, with political and social dynamics intensifying the challenges faced today.

  • Global anti-Semitism is on the rise, with Jews in Israel facing significant threats.

  • Anti-Zionism is increasingly seen as a modern form of anti-Semitism, endangering Jewish communities.

[RSnake: I have seen a lot more of it in places I wouldn’t have expected - tight groups of people with no anonymity. It is curious to see how this rhetoric is picking up pace outside of fringe and radicalized neo nazis and ultranationalists.]

Source: https://www.jewishpress.com/?p=732505

A US jury has convicted two men for attempting to assassinate Iranian journalist Masih Alinejad, and the government is investigating and disrupting alleged front groups and proxies trying to operate in the US. The conviction was seen as a significant moment of accountability for Iran's actions against Americans. The men were found guilty on five charges including conspiracy to commit murder-for-hire.

  • Iran has targeted Americans and spread terror, including journalist Masih Alinejad, who was the target of a plot to assassinate her.

  • The US government is investigating and disrupting alleged front groups and proxies trying to operate in the US on behalf of Iran's Islamic Revolutionary Guard Corps (IRGC).

  • The conviction of the two men has been seen as a significant moment of accountability for Iran's actions against Americans, including Alinejad.

[RSnake: Interesting. I am curious how this plays into the White House’s opinion on what to do about Iran.]

Source: https://www.iranintl.com/en/202503227880

Australia has successfully tested and delivered a Long Range Anti-Ship Missile (LRASM) to its military forces, which is designed to detect and destroy specific targets within groups of ships by employing advanced technologies that reduce dependence on intelligence, surveillance and reconnaissance platforms. The Australian Government has committed $895.5 million to the acquisition of the LRASM, which will increase the Royal Australian Air Force's (RAAF) maritime strike range to over 370 kilometres.

  • The LRASM is designed to detect and destroy specific targets within groups of ships by employing advanced technologies that reduce dependence on intelligence, surveillance and reconnaissance platforms.

  • The LRASM will play a significant role in ensuring military access to operate in open ocean/blue waters, owing to its enhanced ability to discriminate and conduct tactical engagements from extended ranges.

[RSnake: These short or medium-range missiles tend to be a bit less expensive and still provide a fairly good network if you interlink them. Still though with navies on the order of thousands of ships, I don’t think the Aussies can get enough of these aloft. That said they are probably more meant for larger vessels.]

“LRASM”

Heathrow Airport has grounded 1,300 flights due to an explosion at a substation in Hayes, London, which is under investigation for possible Russian sabotage. This event follows a pattern of similar attacks by Russian intelligence targeting critical infrastructure across various NATO countries, affecting operations and power supply in affected areas.

  • Heathrow Airport is facing significant operational disruptions due to an explosion linked to a suspected Russian attack.

  • The incident is part of a broader pattern of Russian intelligence activities targeting critical infrastructure in NATO countries.

[RSnake: I was thinking to myself as I read this, “I don’t know anyone who is affected by this, it’s not really news,” and then not even an hour later, a family I know well got stuck there. Lol, Whelp. Okay, so the reason it is news beyond that is we don’t know how it started, and it has the hallmarks of a Russian op.]

Source: https://euromaidanpress.com/?p=329057

China is expanding its network of overseas ports and military bases, which it could leverage in a potential conflict with the United States. Concerns center around China's ability to conduct intelligence operations, disrupt logistics for U.S. forces, and pre-position military assets near crucial maritime routes. This evolving military strategy may significantly impact global trade and military dynamics in any future confrontation.

  • China has invested heavily in foreign ports that may be used strategically in conflict.

  • The U.S. faces risks in its military logistics and global trade due to China's growing overseas military presence.

[RSnake: The CCP is sensing our rivalry in places like Panama, for instance. Once they start getting bases in South America, we have a lot more to worry about.]

Source: https://www.atlanticcouncil.org/?p=824422

In South Korea, the head bodyguard of the Presidential Security Service is facing accusations for allegedly inquiring about martial law and the dissolution of the National Assembly shortly before President Yoon Suk Yeol declared martial law. This incident has prompted serious legal challenges, including the impeachment of President Yoon and ongoing investigations into the actions of the Presidential Security Service during this controversial period.

  • Accusations against a Presidential bodyguard are tied to a martial law declaration in South Korea.

  • The incident has led to President Yoon's impeachment and complex legal proceedings involving the Presidential Security Service.

[RSnake: Inquiring is not the same thing as acting on it, so this will be an interesting case.]

Source: https://gizmodo.com/?p=2000579056

Israeli troops have retaken a strategic area in the Gaza Strip, signaling a significant escalation in military operations against Hamas. The Israeli military's renewed airstrikes and ground advances threaten to reignite widespread conflict after a period of ceasefire, during which humanitarian aid had briefly surged into the region.

  • Israel has resumed military operations in Gaza, retaking a corridor that separates north from south.

  • The ceasefire, which allowed for humanitarian aid and hostages' release, is breaking down as Israeli defense officials anticipate increased attacks.

[RSnake: And potentially renewed will to finish what they ostensibly started after the Hamas paraglider raid.]

Source: https://www.military.com/daily-news/2025/03/19/israeli-troops-advance-gaza-and-retake-part-of-area-divides-north-south.html

Mexico City is facing a severe water crisis caused by overpopulation, climate change, and historical mismanagement of water resources, which has led to significant shortages and social tensions. The capital's primary water source, the Cutzamala system, has reached critically low levels, while areas around the city are experiencing droughts and pollution that threaten local communities and ecosystems.

  • Mexico City may run out of drinking water due to overpopulation and climate change.

  • The Cutzamala water system provides a critical supply of water for the capital but suffers from severe resource depletion.

  • Community tensions are rising around water shortages, with poorer areas struggling to access clean water amidst worsening conditions.

[RSnake: Desalinization is really the only step left for a lot of places that can’t pipe or truck their water in. Of course, that is both crazy expensive, requires a lot of power, and is logistically difficult.]

Source: https://mexicocitywater.longlead.com

Germany is holding closed-door discussions about US-made weapon systems, particularly the F-35 fighter jets, focusing on the reliability and potential risks associated with them. The talks come amid concerns over US control, including a possible 'kill switch' that could disable these aircraft, potentially impacting Germany's operational capabilities. These discussions reflect a broader European desire for defense independence and a reevaluation of reliance on US military technology.

  • Germany is reassessing its dependence on US military technology, particularly the F-35 jets.

  • Concerns include the control of these aircraft by the US, specifically regarding a potential remote disabling feature.

[RSnake: We are telling countries we don’t backdoor our F-35s and then tell them we’ll intentionally make future aircraft worse than our domestic ones. I don’t blame Europe for wanting to get more self sufficient.]

Source: https://sofrep.com/?p=213759

Cybersecurity

Google has acquired Wiz for $32 billion to enhance its cloud security offerings. Other significant events include SpaceX returning NASA astronauts from the International Space Station and Nvidia announcing new advancements in AI and robotics at its GTC event. Additionally, xAI, founded by Elon Musk, has purchased Hotshot to compete in the AI-powered video generation sector.

  • Google's acquisition of Wiz aims to strengthen its position in cloud security.

  • SpaceX successfully returned astronauts to Earth after a mission to the ISS.

  • Nvidia announced new AI and robotics advancements during its GTC event.

[RSnake: Google has tacitly admitted that for $32 billion dollars in R&D they can’t even make a single Wiz. Because this isn’t a customer acquisition play since they don’t need the handful of Wiz customers, this is a tech play. Pretty shocking how bad Google’s dev teams have gotten. Honestly amazed. Also, don’t forget that Cyberstarts allegedly paid for Wiz’s first customers, so you need to discount a lot of their revenue.]

Source: https://techcrunch.com/?p=2984837

Microsoft experiencing technical issues, including critical service outage and zero-day exploit

  • A recent code change in Microsoft's Outlook on the web service resulted in a critical service outage impacting thousands of users.

  • An 11-state hacking group has been exploiting a previously unknown zero-day vulnerability in Windows since 2017, which was recently mistakenly uninstalled by a Windows update.

A backdoor was discovered in a widely used decompression software integral to Linux systems, having been covertly inserted by a malicious maintainer over three years. This incident exposed vulnerabilities in the open source supply chain, emphasizing the need for enhanced security measures to prevent similar attacks by malicious actors in the future.

  • A backdoor was covertly inserted into decompression software used in Linux distributions.

  • The incident highlights vulnerabilities in the open source supply chain.

  • Enhanced security measures are needed to protect against malicious attacks.

[RSnake: The issue is about a year old now, but this write-up is new. Thankfully, xz isn’t used as much as some of the other decompression software options out there, but still. Nasty.]

Source: https://luj.fr/blog/how-nixos-could-have-detected-xz.html

Oracle's SSO login servers were allegedly breached by a threat actor, who claims to have stolen sensitive data including encrypted passwords and enterprise manager JPS keys.

  • The breach is believed to be caused by a vulnerable version of Oracle Cloud servers, which use an outdated CVE with no public PoC or exploit.

  • The threat actor claims to have stolen data from the US2 and EM2 cloud regions, and is selling it for an undisclosed price on the BreachForums hacking forum.

[RSnake: Not a great week for Oracle. Some of these older CVEs can easily be weaponized by the right actor.]

Source: https://www.bleepingcomputer.com/news/security/oracle-denies-data-breach-after-hacker-claims-theft-of-6-million-data-records/

A phishing campaign using malicious Semrush Google Ads aims to steal Google account credentials and sensitive business data, targeting SEO professionals.

  • A Brazilian threat group is employing a crafty technique to target SaaS platforms and gain access to sensitive Google data without compromising the Google account itself.

  • Google Ads are being used to promote malicious Semrush results when users enter related search terms, leading to phishing sites that mimic Semrush's interface but don't offer standard sign-in options.

[RSnake: Interesting - attacking SEOs. It makes sense, they often have tons of access.]

Source: https://www.bleepingcomputer.com/news/security/fake-semrush-ads-used-to-steal-seo-professionals-google-accounts/

A major data breach at the Pennsylvania State Education Association has affected over 500,000 individuals, compromising personal information such as Social Security numbers and payment card details. The cybercrime group Rhysida has claimed responsibility for the breach that occurred in July 2024, demanding a ransom, although it's unclear if it was paid. This incident is part of a broader trend of ransomware attacks targeting various organizations, including healthcare and education sectors.

  • The Pennsylvania State Education Association experienced a breach that impacted 517,487 individuals.

  • The Rhysida ransomware gang claimed responsibility for the attack and demanded a ransom.

  • The leak included sensitive personal, financial, and health information.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has instructed recently fired employees to provide sensitive personal information via insecure password-protected email attachments for potential reinstatement. This action follows a court ruling reinstating over 130 probationary CISA employees. The approach raises significant security concerns as it may expose sensitive data to cyber threats and further compromises the integrity of federal cybersecurity operations.

  • Recently fired CISA employees were asked to send personal data via insecure email methods for potential reinstatement.

  • A court ruling has mandated the reinstatement of over 130 probationary CISA employees.

  • The actions taken by the current administration reflect a disregard for basic security protocols in cybersecurity operations.

[RSnake: I have spoken to a few people close to this. It’s a bit short-sighted, but also, CISA has lots of issues worth discussing by people who want to honestly do the right thing for US cyber security.]

Source: https://krebsonsecurity.com/?p=70729

Recent analysis of 52 wireless-scanning SDKs in Android shows that 86% of apps utilizing these tools collect sensitive user data, risking privacy through continuous tracking and profiling. The study reveals practices such as SDK-to-SDK data sharing and the creation of detailed mobility profiles that compromise user anonymity.

  • Most apps using wireless scanning SDKs collect sensitive data like GPS coordinates and user identifiers.

  • There is significant data sharing among SDKs which can lead to long-term tracking of users.

  • Mitigation strategies for privacy risks include stronger SDK sandboxing and stricter platform policies.

[RSnake: That’s a lotta apps. Eesh.]

Source: https://arxiv.org/abs/2503.15238

Apple's password manager has a major security flaw that can be exploited to phishing attacks, and users are advised to update their iPhone to the latest version of iOS as soon as possible.

  • The security flaw in Apple's password manager allows an actor with privileged network access to take over the connection and redirect the link to a fake website, potentially leading to phishing attacks.

  • The issue has existed since iOS 14 was released in 2020 and has been addressed in recent updates, including iOS 18.3.2, which contains another important security patch.

[RSnake: Time to patch up the iOS devices. Especially if you use this feature.]

Source: https://lifehacker.com/tech/apples-passwords-app-has-a-major-security-vulnerability?utm_medium=RSS

Critical vulnerability found in popular WordPress security plugin, allowing attackers to remotely execute code and hijack servers.

  • WP Ghost is vulnerable to a critical remote code execution (RCE) vulnerability that could lead to a complete website takeover.

  • The vulnerability affects all versions of WP Ghost up to 5.4.01 and stems from insufficient input validation in the 'showFile()' function.

[RSnake: I have recently given up on WordPress. Saved $500/yr by just self-hosting on Github and front-ending it with Cloudflare. Of course, you need to know what you’re doing to manage that but I suspect it’ll get easier over time.]

Source: https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-wp-ghost-vulnerable-to-remote-code-execution-bug/

Technology

Boom Supersonic has developed a supersonic plane, the XB-1, aiming to bring high-speed air travel back to the market for lower costs than previous models like the Concorde. The company is addressing engineering challenges, including fuel efficiency, before mass production can begin, potentially revolutionizing commercial air travel. If successful, this could signify a new era of affordable supersonic flights.

  • Boom Supersonic has created a supersonic jet called XB-1, designed for efficiency.

  • The company aims to make supersonic travel affordable, unlike the expensive Concorde experience.

[RSnake: It’s really cool, but I still haven’t heard an estimate of how long this is expected to take to market and be used by normal travelers.]

Source: https://www.fastcompany.com/91283979/inside-the-groundbreaking-design-of-boom-supersonics-ultrafast-jet

The Dark Energy Spectroscopic Instrument (DESI) has released its first dataset, totaling 270 terabytes and covering a wide array of celestial objects, including 4 million stars and 13.1 million galaxies. This data collection aims to enhance the understanding of dark energy and could provide insights into various areas of astrophysics, such as galaxy evolution and dark matter. The unprecedented size and detail of the dataset make it the largest of its kind, allowing researchers to explore the universe's history and its accelerating expansion.

  • DESI's dataset includes precise distances to millions of galaxies, aiding investigations in astrophysics.

  • The collaboration comprises over 900 researchers and represents a significant advancement in the understanding of dark energy.

[RSnake: Neat - not something civilians can really make any use of given the size of these datasets in aggregate, but still cool. I bet they allow smaller slices of the data to be carved off and used as a slice of the sky.]

Source: https://newscenter.lbl.gov/2025/03/19/desi-opens-access-to-the-largest-3d-map-of-the-universe-yet/

TikTok is adding in-app Amber Alerts, providing vital information on missing children to more than 170 million Americans across the platform, and partnering with the National Center for Missing and Exploited Children (NCMEC) to combat child sexual exploitation and abuse.

  • TikTok is adding in-app Amber Alerts to provide vital information on missing children to more than 170 million Americans across the platform.

  • The alerts will be sent only to those in relevant geographic areas and will display photos and identifying information for the missing child, as well as options to call 911 or read more information on the NCMEC website.

[RSnake: That’s a nice feature, especially if it is geolocated.]

Source: https://mashable.com/article/tiktok-amber-alerts-missing-children

The United Arab Emirates has committed to a $1.4 trillion investment in American industries, focusing on energy, manufacturing, and technology over the next decade. This initiative follows discussions between U.S. officials and UAE leaders aimed at strengthening economic ties and increasing investments in infrastructure and advanced technologies in the U.S.

  • The UAE's investment will significantly boost American energy, manufacturing, and technology sectors.

  • The framework includes specific initiatives targeting AI infrastructure, semiconductors, and natural gas production.

[RSnake: Interesting. We do need to be a bit careful about how we let foreign nations inject cash into our industries, but at least it will create a lot of jobs.]

Source: https://www.dailywire.com/news/trump-secures-1-4-trillion-uae-investment-deal-for-american-industries

The U.S. Patent and Trademark Office has implemented new rules that limit access to inter partes review, a process allowing the public to challenge potentially invalid patents, making it more difficult for small businesses and developers to contest such patents. This change could benefit patent trolls, who exploit weak patents by filing lawsuits for quick settlements, and undermine the original intent of Congress to protect against bad patents. As a result, the patent landscape may become more favorable to large corporations and harmful to smaller entities.

  • The USPTO has reinstated rules that restrict the ability to challenge bad patents through inter partes review.

  • This decision could lead to increased power for patent trolls and create more challenges for small businesses.

[RSnake: I wonder why they did this - maybe it’s a cost cutting measure of some kind?]

Source: https://www.eff.org/deeplinks/2025/03/new-uspto-memo-makes-fighting-patent-trolls-even-harder

Business

The United States is projected to experience a 5.1% decline in international tourist arrivals in 2025, primarily due to the strengthening dollar, adverse foreign relations, and stricter immigration policies. This decline could result in an estimated loss of $64 billion for the tourism sector, with potential repercussions for future major events scheduled in the country.

  • International tourist arrivals to the US are expected to decrease significantly in 2025.

  • Adverse economic conditions and political tensions are contributing to this decline.

  • The tourism industry is at risk of substantial financial losses, impacting upcoming major events.

[RSnake: I saw some story about some guy in Maine complaining that his tourism has dropped by 90% since Trump took office.]

Source: https://timesofindia.indiatimes.com/world/us/effects-of-antipathy-is-us-seeing-a-drop-in-tourist-arrivals/articleshow/119367662.cms

BYD has announced a new electric vehicle (EV) charging technology that allows vehicles to add 250 miles of range in just five minutes, potentially changing the landscape for fast EV charging. However, experts warn that building the necessary charging infrastructure could be challenging and expensive, impacting the feasibility of widespread adoption. As BYD plans to construct four thousand chargers in China, the U.S. continues to lag in EV technology advancements.

  • BYD has developed a superfast charging system capable of delivering up to 1,000 volts, significantly faster than many current EV chargers.

  • The successful implementation of this technology depends on building a sufficient charging infrastructure, which may involve complex and costly logistics.

[RSnake: That’s not bad at all. That puts it far more in line with gasoline engine refueling times.]

Source: https://www.wired.com/story/byd-5-minute-ev-charging/

In recent months, Tesla vehicles and properties have faced a surge in vandalism and attacks across multiple U.S. cities, prompting President Trump to call for severe penalties, including potential prison sentences in El Salvador. The FBI has reported various incidents, including arson and gunfire, while recent financial turmoil has also affected Tesla's stock performance and leadership stability. Multiple individuals have been charged with crimes related to these attacks, which have been described as acts of domestic terrorism by officials.

  • Tesla properties are facing a significant increase in vandalism, including arson and graffiti in various U.S. cities.

  • President Trump has publicly stated that perpetrators of these attacks should face severe legal consequences, including potential prison time in El Salvador.

  • Tesla's stock has dropped nearly 48% this year amid ongoing attacks and recent top executive stock sales.

[RSnake: Pretty ugly stuff. I don’t care what side you’re on, destroying other people’s property is awful and just shy of outright violence.]

Source: https://abcnews.go.com/Politics/trump-suggests-tesla-vandals-prison-el-salvador/story?id=120019715

Disney's live-action remake of Snow White is projected to earn just $45 to $55 million during its opening weekend, a dismal number compared to previous live-action updates like The Little Mermaid and Dumbo.

  • The film is expected to lose money due to its high production budget of around $250 million.

  • The early numbers show the film tracking similarly to the commercial failure that was Dumbo (2019).

[RSnake: It had a 2.8/10 on IMBD last I checked. It may be an okay film, but Disney has chosen a path that puts it at odds with family oriented ideals. I think this is largely backlash. That and Disney hasn’t really been innovative storytellers, opting for garbage re-hashes that no one wants.]

Source: https://www.dailywire.com/news/snow-white-set-for-dismal-opening-weekend-could-be-disneys-next-flop

A high-profile fraud trial involving Charlie Javice centers on her alleged deception of JPMorgan Chase regarding her startup, Frank, which was sold for $175 million. Key testimonies revealed that she sought to create fake user data to mislead the bank about the startup's customer base prior to the acquisition. The case highlights failures in JPMorgan's due diligence and raises questions about internal communication during the deal.

  • Charlie Javice allegedly provided false information to JPMorgan Chase regarding her startup's user base.

  • The case reveals significant lapses in JPMorgan's due diligence process during the acquisition.

[RSnake: We see this a lot. Ashley Madison did something similar for instance. Lots of social media companies do it or don’t stop bad actors who do, to keep their stats nice and high.]

Source: https://techcrunch.com/?p=2985076

ACL has warned that it may have to cease operations in the U.S. if the U.S. Trade Representative enforces tariffs on Chinese-built ships. The CEO indicated that such tariffs would render the company uncompetitive, forcing them to lay off staff, close U.S. offices, and redirect ships away from U.S. trades.

  • ACL could exit the U.S. trade if tariffs on Chinese-built ships are enforced.

  • The proposed tariffs could significantly increase shipping costs, affecting U.S. manufacturers reliant on ACL's services.

[RSnake: Yep, and therefore making manufacturing at home a necessity. This is the short-term pain vs long-term profit playing out in a single company. Hard to know if that gamble will pay off in the short term or send our economy into a tailspin.]

Source: https://gcaptain.com/?p=224650

Barrett Firearms Manufacturing is expanding its headquarters and manufacturing facilities in Rutherford County, Tennessee, with a $76.4 million investment. This expansion will create 183 new jobs and positions the site as a primary firearms manufacturing hub globally, reinforcing its significance in the firearms industry and benefiting the local economy.

  • Barrett Firearms is investing $76.4 million to build a new headquarters and manufacturing facility.

  • The expansion is expected to create 183 new jobs in Rutherford County.

  • The new facility will serve as the primary firearms manufacturing site for Barrett globally.

[RSnake: Cool - good American company. 🔫 ]

Source: https://sofrep.com/?p=213730

The Trump administration is taking steps to import eggs from Turkey and South Korea to alleviate rising prices that have surged over 65% in the past year due to a bird flu epidemic affecting US poultry farms. A $1 billion plan has been announced to address the egg supply crisis and biosecurity measures, amidst ongoing discussions with multiple countries for potential egg exports to the US.

  • The Trump administration is seeking to import hundreds of millions of eggs to combat high prices.

  • A $1 billion plan has been initiated to address the bird flu crisis affecting US poultry.

[RSnake: That’s a nice short-term step, but it should probably offer short-term micro-subsidies to get people to start their own chicken coops, too, IMHO.]

Source: https://www.bbc.com/news/articles/c743g135vj9o

  • Got a useful tip? Looking to chat with me? Click here.

  • Check out the RSnake Show as well.

Full Disclosure: None of this is advice. This newsletter is strictly educational and my opinions. Please be careful, do your own research, and consult a professional before taking action on anything posited here.