- RSnake Report
- Posts
- RSnake Report 20250628
RSnake Report 20250628
Israel Iranian peace deal, AI is number one hacker in the world, etc

What's In the News
Hello, and thanks for reading! I hope you’re having a great summer. I’ve been building a fence for the lady of the house to keep out the pesky deer from her garden, so I'm getting a real sense of the Texas heat. Mornings and nights are reserved for manual labor. But with evening storms each night, it’s pretty limiting on the number of hours you can be out there without getting heat stroke. 🫠 Also, got a little time out at the range, with my buddy’s full-auto HK416, which is reportedly what the Navy SEALs were using up until very recently. Here’s an action shot of yours truly. 🇺🇸

HK416 in full auto
In Russia-Ukraine news, the Russians are starting to shield their Bukhankas from Ukrainian FPV drones with a new Mad Max inspiration… the "porcupine Bukhanka.” It's like they're trying to make their vehicles look like they're straight out of a Mad Max movie. I guess the idea is that the spikes limit how close the drones can reach, and hopefully thwart most of the blast.

“Porcupine Bukhanka.”
But the more I think about it, the less I think these scooby do vans will be safe. For example, the glass needs to be exposed with zero armor. The "Phoenix" battalion, for instance, is showing a ton of videos of impressive 1-foot accuracy with drones, consistently getting them into open tanks. It’s just incredible precision. I mean, maybe if both the van and the drone were moving and the drone had little to no penetration power, sure. But I think the juice just isn’t worth the squeeze on this one. Something as simple as a chicken wire would likely be just as effective or more and weigh less. It’s kinda fascinating to watch these improvised armor systems being developed on the fly. I suspect strongly that is the first and last video you’ll see of the spiky scooby do van, though.

“Phoenix” battalion
Ukraine has upped the ante in the arms race by launching its own ballistic missile, the Sapsan – Yermak. This beast carries a hefty 480 kg of explosives and can reach up to 500 km, putting Moscow within its sights. Ballistic missiles tend to be much more difficult and expensive to intercept, which is what we saw when Iran was firing them at Israel. There is no way Russia can build enough air defense to stop these things if they are created at any meaningful rate.

“Yermak”
Russian forces are getting creative with their defensive strategies by repurposing naval AK-630 autocannons as fixed defensive firing positions. It's like they're turning their ships' armor into land-based fortresses, which is both innovative and a bit desperate. These six-barreled 30mm cannons can fire up to 1,000 rounds per minute, making them a formidable addition to their defenses; however, they are insanely heavy and therefore need to be in fixed positions, and have limited ammo, so they probably only get a few bursts off before they run out. Still, interesting how the ships are being cannibalized.

“AK-630 is a six-barreled 30mm cannon.”
It all makes sense to me, though, because the Navy appears to be extremely corrupt, so it would make sense that ships would be broken into smaller, potentially useful sub-components for war fighting. Leaked Russian Navy documents have revealed a scam involving the Black Sea Fleet, where senior officers are keeping unseaworthy vessels in active service to skim off repair funds. The more I see examples like this and the Chinese news of water in the rocket engines, and the Russian plastic explosives being replaced with blocks of wood, the more I think we really need to focus on rooting out any areas of potential corruption in the US armed forces.

“Unseaworthy vessels in active service”
The 242nd Training Center is taking a shotgun approach to training soldiers to shoot down drones in motion. It's like they're preparing for a dystopian version of skeet shooting, by being dragged around on a sled and shooting at drone-like targets. That this is now becoming part of standard training for front-line troops shows the importance of troops being armed with a shotgun with a box or drum magazine.

“Training to shoot down drones”
The new Commander of Ukraine's Unmanned Systems Forces has introduced a points system for drone units that seems straight out of a video game. It's like they're trying to gamify the war, with 25 points for a destroyed drone operator and 12 for a wounded one as an example. Soldiers get 12 points for a kill and 8 for a casualty, turning the battlefield into a leaderboard. This system is designed to incentivize targeting Russian drone operators, leading to more drone operator deaths. When they hit targets that leads to those points being made available to purchase military hardware. One of the bad things about this is it doesn’t leave a lot of wiggle room for new troops to learn, but it does put the best troops in charge of the best hardware, so there is something to be said for it.

“APU DRONE MARKETPLACE”
In related news, Ukrainian "Vampire" heavy drones are now equipped with GPS trackers, turning them into potential booby traps for the Russians. The Russians, lacking their own heavy drone lift, are eager to salvage these "Baba Yagas," but they must first disable the GPS devices to avoid being tracked.

“GPS trackers are also being used.”
And on cue, the Ukrainians destroyed a Russian UAV command post, incinerating all documentation, cash, FPV, and recon drones, along with ammunition and technical equipment. I wonder how many points those soldiers made in this attack, but just shows the shift in targeting.

“destroyed a Russian UAV command post”
On the Russian side, a downed Shahed-136s with imaging guidance and AI capabilities have been analyzed, revealing their Iranian origins. This is especially interesting in light of the recent Israeli/Iranian conflict. I wonder if their capabilities to produce Shahed drones have been diminished and what effect this might have on Ukraine. Given that these 1,600 range drones couldn’t even match the minimum distance of 1,700 miles to Israel, and therefore they were never the main threat to Israel, it may not have been a priority.

“Shahed-136s”
In a strange turnabout, Putin has announced plans to scale down military spending due to economic weakness, signaling potential bankruptcy on the horizon. It’s pretty crazy if true, but even if it is, he said he would only start to do it over three years. A lot can happen in three years, but it is a signal that he knows this cannot be a forever war.
In other news, that hits closer to him, the Russian Army has captured the Shevchenko deposit, Ukraine's second-largest lithium field. Lithium is crucial for modern technology and energy solutions. The field, located near Pokrovsk, was supposed to be shared 50/50 between Ukraine and the U.S. under a recent minerals deal. Now that mineral field looks like it is either at risk or is off the table.

“Shevchenko deposit”
In European news, Paris has turned into a scene straight out of a dystopian novel following a street music festival that descended into absolute chaos. The city saw 371 arrests, six stabbings, over 1,500 injuries, 13 attacks on police officers, and 51 vehicles set on fire. But the most disturbing part? 145 girls were injected with syringes containing an unknown substance. It looks like it is somehow related to this random prankster who was injecting people in public, with again… an unknown substance or maybe just poking through their skin. As of the time that I wrote this, no toxicology reports have come back about what was in those syringes.

“145 people being injected with syringes”
In a bizarre twist of international intrigue, dozens of "Scottish independence" X accounts suddenly went silent on June 12, coinciding with Israel's strike on Iran. It's like the digital world had its own version of a blackout, and it turns out these accounts might have been Iranian bots all along. They had been tweeting nonstop for months, but the moment Israel launched its operation, including a major cyber attack, they vanished into thin air. Coincidence? 🤔
That leads us to Middle East news and a follow-up about Operation Midnight Hammer that targeted multiple Iranian nuclear facilities (see more here and here and here). The operation, carried out by the U.S. Air Force using B-2 bombers and MOPs (Massive Ordnance Penetrators), aimed at crippling Iran's nuclear ambitions. The strikes on the Fordow enrichment facility were particularly noteworthy, with six GBU-57s entering through ventilation shafts, directly hitting the main hall where centrifuges and sensitive equipment were housed. The remaining six GBU-57s were used to destabilize the mountain overhead, causing a likely collapse of the facility.

“Ventilation shafts”
I have been asked what I think happened and if I thought the damage was bad enough to stop work at those facilities because the DIA report claimed the damage was minimal, and my answer is yes, the damage is very severe, and while there were photos of three holes, in reality all the MOPs went down a singular hole, the others are from the blast, not from the entry.

“5 mops entered the same hole.”
These things act like a thermobaric explosive, at well over 1,000PSI, so for sure, everyone and anything even vaguely soft was destroyed or warped heavily. That includes sensitive electronics and motors used in centrifuges. Als,o beyond the overpressure is heat, and Uranium powder will ignite fairly easily, and that would cause a pretty aggressive fire. The only downside here is that a HEU burn creates Uranium dioxide, which can be converted back into HEU, apparently, through a complicated reduction process. So while it’s not currently in a form that can be used and inert, with work, it may be recoverable.
The IRGC headquarters west of Tehran was also completely destroyed in the recent strikes, showcasing the extent of the damage inflicted on Iran's military infrastructure. It’s not clear if this is related or not, but there is some anecdotal evidence that Mossad operatives created a phone line and encouraged the Revolutionary Guard to all go to a single place where they were killed, although at least one person believed it was spoofed calls using AI voices to encourage them to converge on the singular location. The Iranians really have to rethink their entire security posture.

“IRGC headquarters”
The IDF struck six regime airports across Iran, destroying runways, underground hangars, and aircraft, including F-14, F-5, and AH-1 models. These strikes were aimed at impairing Iran's ability to launch aircraft and conduct military operations from these locations. More or less, Iran has no meaningful air force at all at this point.

“IDF struck 6 regime airports”
There were briefly theories swirling about potential escalations in the Strait of Hormuz, with predictions that gas prices could skyrocket if the U.S. deploys forces to secure the strait, but… no. I don’t think any of that is going to happen based on what I am seeing. When the peace deal happened, and even though there were hundreds or even up to 1,000 IRGC casualties in one day even after the deal was struck with Iran for a ceasefire, it was clear the Iranians were a bit shocked at how ill prepared they were to fight a modern Western army. It was lopsided at best.
Iran did have to save face and pretended to retaliate by shooting a little over a dozen missiles at U.S. forces at the Qasrak Military Base in Syria, but the one missile that came close was intercepted. Surface-to-air missiles from Al Udeid Air Base in Qatar successfully intercepted the remaining Iranian ballistic missiles over Doha. Qatari air defenses, equipped with Patriot PAC-3 MSE batteries, successfully destroyed incoming Iranian short-range ballistic missiles.

“Qasrak Military Base”
But if you were following this closely, it all seemed silly. There was no way this was really a full-throated reply. This felt more like theatre, and sure enough…. it turned out that Iran coordinated with Qatar in advance of the missile launches, to quell angry voices inside their own regime by looking like they did something against the Americans, but also not actually escalate something. This coordination provided an off-ramp for President Trump to negotiate, allowing Iran to claim a victory at home while returning to the negotiating table. President Trump then confirmed early warnings of the Iranian missile launches, indicating that the U.S. was well-prepared for the attack, allowing the ceasefire to begin.

“Iran coordinated with Qatar in advance.”
Since we talked a little about the number of missiles in the Israel and US inventory, here is the breakdown of the missile systems used to defend Israel, and it doesn’t look great, at roughly 10-15% of all of the US inventory of THAAD was used up in 12 days. These are not being replenished at the rate one might hope for given how valuable they have been against ballistic missiles, but at least they are proving that the tech works. I have to wonder if the reason we are not replenishing the old stock is because we have something better in the works. A guy can hope!

“AT LEAST, 39 THAAD, 34 Arrow-3, & ~9 Arrow-2s have been used”
In other horrifying news, Pakistan might be developing a nuclear-tipped intercontinental ballistic missile (ICBM) capable of reaching the U.S. This development could lead to the U.S. designating Pakistan as a nuclear adversary, further complicating international relations. There is zero reason to want this unless you want to threaten the United States. The US has stayed out of the Pakistan/India conflict except for perhaps some intelligence sharing, but I think Pakistan wants some more reassurance.
We’ll skip North American news today because there wasn’t anything hugely interesting happening, other than some SCOTUS decisions overruling the injunctions against Trump and the Senate killing the 2A part of the omnibus called the SHORT Act due to the Byrd rule.
In Tech news, AI hacking bots have taken the top spot in the world. It's like watching a sci-fi movie unfold in real-time, where the machines are not just assisting but leading the charge in cyber warfare. I haven’t personally seen a demo of this, although I have contacted the XBOW CEO for a demo of it. I have heard mixed thoughts that either they are flat out lying, or that the human in the loop is doing a lot more work than they might normally do if it were really AI automated. But either way, this is the direction things are heading, and people are thinking in this direction. Until I see it for myself, I remain skeptical of the claims that XBOW is making, but I do believe it is only a matter of time until someone gets there.
On a lighter note, someone has figured out how to reduce the cost of audio by simply speeding it up. OpenAI charges by the minute, so the hack here is to make those minutes shorter by doing audio duration compression. It's a clever workaround that could save a pretty penny for those who rely on audio services.
I also saw this example of a fully automated Tesla going from the factory to the new owner, all in one long shot. It is slightly unnerving to watch a car with no one in it going down the road. No one is in the vehicle to stop it if things go wrong, not even a passenger. But this is still super impressive, so congrats to Tesla. That said, we reall,y really need to make sure that this thing cannot be hacked!
And in a project that blends radio frequency (RF) and AI design, you can print out an antenna using a pixel layout that… just works? Strangely, and for reasons that may not be obviously explainable, RF design apparently can be tuned to very specific design parameters by using generative AI, which isn’t exactly the same thing and works quite differently than fuzzing might. Either way, it correctly determines the layout of the pixels of the antenna for the right operating parameters. Very odd, and cool.

“Generative AI meets RF circuit design”
Okay, onto the articles!
Geopolitics
The US military is planning to deter China from invading Taiwan through a comprehensive joint force effort that includes threats against China's economy and the use of force in all domains.
The US military is planning a comprehensive joint force effort to deter China from invading Taiwan.
The strategy would involve using US attack submarines, hypersonic anti-ship missiles, persistent overhead reconnaissance, and anti-access/area denial to vital Chinese shipping lanes and ports.
[RSnake: All that makes sense, but we’d need a huge, huge barrage of such things. Keep in mind, China has more than 1,000 boats in its fleet. That’s a lot of munitions that need to be able to not just hit but correctly identify and fully sink those boats.]
Source: https://www.realcleardefense.com/articles/2025/06/27/in_deterring_china_peace_through_strength_cannot_be_just_a_catch_phrase_1119231.html
President Trump acknowledged approving Iran's attack on the Al Udeid Air Base in Qatar, which was subsequently defended by U.S. troops. This situation arose following U.S. strikes on Iranian nuclear sites. Reports indicate differing perspectives on the impact of these strikes on Iran's nuclear capabilities.
Iran executed a missile attack on a U.S. military base in Qatar after receiving permission from President Trump.
The U.S. military successfully defended against the missile strike, but concerns about troop safety and military readiness have been raised.
[RSnake: So weak, but that was the entire point, now wasn’t it? It is funny to me how Internet sleuths figured this out a full day ahead of Trump announcing that they were right.]
Source: https://www.military.com/daily-news/2025/06/27/trump-said-he-okd-irans-plan-strike-al-udeid-his-top-military-adviser-said-troops-there-fended-off.html
The USS Gerald R. Ford has deployed from Norfolk, Virginia, as part of the U.S. Navy's commitment to operations in the European theater, following significant conflict developments in the Middle East involving missile exchanges between Iran and Israel. The deployment comes amid ongoing tensions and military engagements in regions such as the Red Sea and Eastern Mediterranean, reflecting the U.S. military's strategic positioning in response to these conflicts.
USS Gerald R. Ford has begun its second deployment to the European theater with 4,500 sailors.
Recent military actions included U.S. strikes on Iranian nuclear sites and missile exchanges between Iran and Israel.
[RSnake: That plus EU approving a 5% GDP spend for their military, and Israel winding down hostilities with Iran, and it’s looking like we are actually back to being able to focus most of our energies on the Pacific theatre.]
Source: https://news.usni.org/?p=116603
Russian forces have launched an attack on the city of Dnipro, resulting in 16 fatalities and over 279 injuries, with casualty numbers expected to rise. The strike caused significant damage to infrastructure, including residential buildings, educational facilities, and medical centers, and resulted in a day of mourning declared in the city.
Russian military attacks have caused serious civilian casualties in Dnipro.
Critical infrastructure, including schools and hospitals, has been severely damaged in the strike.
[RSnake: They are making small gains here, but it’s just a mounting cost to their GDP. I think they end up having to capitulate purely due to economic rationale. Speaking of….]
Source: https://www.pravda.com.ua/eng/news/2025/06/24/7518465/
GLOBSEC has mapped seven scenarios regarding the future of the Russo-Ukrainian war through 2026, indicating that the most likely outcome is a war of attrition due to resource depletion, with a significant probability assigned to ongoing hostilities outweighing potential peace scenarios. There are stark implications for global security, including the risk of nuclear proliferation spurred by perceived Western hesitance in responding to Russian aggression. The need for decisive military support for Ukraine has been emphasized to mitigate prolonged instability in Europe.
The report suggests that future military conflicts will likely be driven by resource depletion and continued aggression from Russia.
There is an increased risk of global conflicts as the Western approach to nuclear threats may encourage other nations to act aggressively.
Military readiness and immediate intervention are essential for Europe to prevent a resurgence of Russian aggression.
[RSnake: Yep, I think that is the most likely outcome unless some new form of attack breaks out that significantly alters the stalemate situation they’re currently in.]
Source: https://euromaidanpress.com/?p=346252
North Korea is increasing its military support for Russia in the ongoing conflict in Ukraine, sending thousands of construction workers and combat engineers to assist Russian forces. This partnership has evolved over time, with North Korea supplying ammunition and equipment, which has become critical for Russia’s military operations. The introduction of North Korean troops on the battlefield has contributed to their combat experience and has raised international security concerns about further escalation.
North Korea is sending military construction workers and engineers to support Russia's war efforts in Ukraine.
The military cooperation between Russia and North Korea is aiding Russian combat operations and raising security concerns in the region.
[RSnake: We heard about this in the last RSnake Report. I know Russia could use the help, and North Korea is probably happy to get some more intelligence on how their troops fare in actual combat situations, not to mention fewer mouths to feed while they’re in theatre, and a stronger strategic alliance with Russia, plus cash. It’s a win-win for Kim Jung Un.]
Source: https://www.atlanticcouncil.org/?p=855792
Cybersecurity
A high-severity vulnerability in AMI MegaRAC firmware allows attackers to gain complete control over thousands of servers, potentially compromising mission-critical tasks and sensitive data.
The vulnerability, CVE-2024-54085, resides in the AMI MegaRAC firmware package and can be exploited through a simple web request to a vulnerable BMC device over HTTP.
Successful compromise of a single BMC can pivot into internal networks and compromise all other BMCs, allowing attackers to implant malicious code directly into the BMC's firmware and evade endpoint protection and security tools.
[RSnake: Patch up your BMC devices!]
Source: https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/
A critical vulnerability known as CVE-2025-36852 has been disclosed, affecting build systems that utilize remote caching, which may impact numerous organizations reliant on CI/CD pipelines. The vulnerability allows individuals with legitimate access to inject malicious code and potentially compromise production artifacts, necessitating immediate review and mitigation by affected organizations.
The CREEP vulnerability enables code injection into production artifacts via remote caching systems.
Historical data indicates that similar vulnerabilities have led to significant breaches in high-profile organizations.
[RSnake: This is in a company called NX if you happen to use them.]
Source: https://thereadable.co/nx-identifies-critical-security-vulnerability-in-build-cache-systems-affects-thousands-of-organizations-worldwide/
Cisco has reported two critical remote code execution vulnerabilities in its Identity Services Engine (ISE) that allow unauthenticated attackers to execute arbitrary commands and upload files with root privileges. The flaws, assigned CVEs 2025-20281 and 2025-20282, affect multiple versions of ISE and have a maximum severity rating, necessitating immediate patching to secure systems. Additionally, a medium-severity authentication bypass flaw has been identified in ISE, impacting all versions up to the 3.4 branch, with fixes scheduled for future updates.
Two critical vulnerabilities in Cisco's Identity Services Engine allow remote code execution.
Immediate patching is required to secure affected systems and prevent exploitation.
A medium-severity authentication bypass flaw has also been identified in the same product.
[RSnake: Oof, more attacks against security hardware. I think the security hardware industry is in for a rude awakening if they don’t get a handle on this situation.]
Source: https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-rce-flaws-in-identity-services-engine/
Russian internet service providers have begun severely throttling access to websites and services protected by Cloudflare, impacting access for 2.2 million individuals, as part of a broader effort to limit the influence of Western technology. The throttling has also affected other Western internet service providers, complicating internet access and the use of circumvention tools within Russia. In addition, the country has implemented extensive mobile internet restrictions across over 30 regions, further limiting access to information.
Russian ISPs are throttling access to Cloudflare-protected websites, allowing only partial downloads.
This action is seen as an attempt to combat circumvention tools used by citizens to access restricted content.
Mobile internet restrictions have expanded significantly in Russia, affecting multiple regions.
[RSnake: Ah, Russia… But by slowing or breaking access to Cloudflare, they are more or less neutering a huge chunk of the Internet indiscriminately.]
Source: https://www.bleepingcomputer.com/news/technology/russias-throttling-of-cloudflare-makes-sites-inaccessible/
A Washington Post editor, Thomas LeGro, has been charged with possessing child pornography and is on leave, and his home was searched by authorities.
Thomas LeGro, a Washington Post editor, has been charged with possessing child pornography and is on leave.
The U.S. Attorney's Office announced the charges and will be prosecuted by Assistant U.S. Attorneys Caroline Burrell and Janani Iyengar.
[RSnake: Why am I not surprised? A lot of the journalists pushing for fringy causes seem like they are on a slippery slope to a very dark place.]
Source: https://www.foxnews.com/media/washington-post-editor-leave-after-doj-charges-him-possessing-child-pornography
A large cyber-espionage network, identified as 'LapDogs,' has been attributed to Chinese state actors, infecting over 1,000 devices across several countries, including the US, with a custom backdoor. This network is involved in covert operations that could undermine traditional cybersecurity measures, utilizing compromised devices in various sectors, including IT and media.
LapDogs has infected devices in the US and Southeast Asia, building an extensive cyber-espionage infrastructure.
The network uses compromised home and office devices for reconnaissance and command-and-control operations.
[RSnake: Ah, the CCP… always acting as the adversary they are.]
Source: https://www.darkreading.com/threat-intelligence/china-lapdogs-network-backdoored-soho-devices
The United States and China are engaged in a strategic competition in cyberspace, with a significant focus on offensive cyber capabilities like zero-day vulnerabilities. China has developed a more efficient and centrally coordinated pipeline for cybersecurity talents and exploits, while the United States grapples with a fragmented acquisition process and reliance on international expertise. As both nations invest in their cyber capabilities, the urgency to secure a competitive advantage has heightened amid rising tensions.
The United States faces significant challenges in securing a reliable supply chain for offensive cyber capabilities compared to China.
China's integration of AI into its offensive cyber strategies and its robust domestic talent pipeline give it an increasing advantage in cybersecurity.
U.S. government efforts need to address hurdles in acquisition processes and find innovative ways to strengthen domestic talent in order to maintain cybersecurity competitiveness.
[RSnake: I do think China has raced ahead, largely in staffing for cybersecurity. They used to be pretty laughable, but they’ve caught up from everything I have seen.]
Source: https://www.atlanticcouncil.org/?p=823804
A new type of webpage fingerprinting attack, called Attack Smarter, has been proposed and demonstrated to be effective in large-scale environments, compromising user anonymity.
The proposed Attack Smarter method surpasses state-of-the-art baselines across datasets of different scales through targeted augmentation of traffic based on attention maps.
It handles multi-tab browsing scenarios by employing residual attention to generate class-specific representations of webpages occurring at different temporal positions.
[RSnake: Cool in theory, but computationally expensive, so not particularly useful for most applications of browser fingerprinting. One caveat to that might be Tor and I2P.]
Source: https://arxiv.org/abs/2506.20082
Partisan culture may influence how people express distress in online mental health support communities, with distinct cultures emerging from each political party. A large-scale observational study of over 2 million posts from Republican, Democrat, and unaffiliated users found significant differences in expressions of distress based on partisan affiliation. The findings highlight the importance of considering partisan cultural differences when designing online support community platforms.
The impact of culture on how people express distress in online support communities is a topic of interest within Computer Supported Cooperative Work (CSCW) and Human-Computer Interaction (HCI).
Partisan users who were closely matched by demographic attributes and platform use showed significant differences in expressions of distress compared to typical support community members.
[RSnake: There is something like a 4-8% improvement in mental health when people stop using Instagram and Facebook. I think you can extend that to TikTok, X, and anything that has the endless scroll feature. Interestingly, it has no effect on their total usage of compute either, so they go off and become more productive while gaining mental health and reducing anxiety.]
Source: https://arxiv.org/abs/2506.20377
CISA has confirmed the active exploitation of a critical vulnerability in AMI's MegaRAC Baseboard Management Controller software, which could allow remote attackers to hijack servers without authentication. This vulnerability potentially affects equipment provided by major vendors to cloud service providers and requires immediate attention from network defenders, especially federal agencies mandated to patch it by July 16th.
A vulnerability in AMI's MegaRAC BMC software is being actively exploited in attacks.
Agencies need to patch their systems quickly to prevent serious security breaches.
[RSnake: Management software, or anything with an external administrative console, is risky.]
Source: https://www.bleepingcomputer.com/news/security/cisa-ami-megarac-bug-that-lets-hackers-brick-servers-now-actively-exploited/
Hawaiian Airlines experienced a cyberattack affecting 2.2 million people, although flights were unaffected, and hackers known as Scattered Spider shifted their focus to aviation and transportation sectors. There is a critical vulnerability, CVE-2025-5777, affecting Citrix devices, which is believed to be currently exploited in targeted attacks, allowing unauthorized access to sensitive data.
Ahold Delhaize's data breach impacts 2.2 million individuals.
Citrix vulnerability CVE-2025-5777 is being actively exploited in attacks.
Hawaiian Airlines reported a cyberattack that did not affect its flight operations.
[RSnake: Awful, and frankly, the prelude to something much worse. You don’t want this many accounts for play.]
Source: https://www.bleepingcomputer.com/news/security/citrix-bleed-2-flaw-now-believed-to-be-exploited-in-attacks/
Technology
Amazon is constructing an extensive data center in Indiana, focusing on artificial intelligence, particularly for the start-up Anthropic. This facility will utilize 2.2 gigawatts of electricity and is part of a larger initiative, Project Rainier, to establish multiple large-scale data centers to support the growing demands of AI technologies. Other tech companies like Meta and OpenAI are also developing similarly large data centers to accommodate the escalating requirements of AI systems.
Amazon is building one of the largest data centers for AI in Indiana, consuming 2.2 gigawatts of electricity.
Project Rainier includes plans for around 30 data centers, with the intention of supporting the AI start-up Anthropic.
[RSnake: Time for nuclear, or fusion if we can get there fast enough. If this isn’t an ad for why we need to double down on fusion research, I don’t know what is.]
Source: https://www.nytimes.com/2025/06/24/technology/amazon-ai-data-centers.html
Recent evaluations of large language models (LLMs) for code generation have shown that they perform significantly below expectations in real-world coding tasks. A new benchmark called REPOCOD reveals that current LLMs struggle to pass a majority of tests that represent complex software development scenarios, calling into question their ability to fully replace human programmers at this stage.
Large language models are being tested against new benchmarks that more accurately reflect real-world programming tasks.
REPOCOD, a benchmark with complex tasks, shows that no LLM tested achieved more than 30% success in tasks requiring repository-level context.
[RSnake: Yes, but that said, in the hands of a good programmer, they can get huge performance gains out of it. I have pumped out more code that is completely functional and high quality in the last two years than my entire 27-28 years prior.]
Source: https://arxiv.org/abs/2410.21647
L&T Technology Services has opened a new Engineering Design Center in Plano, Texas, which is set to create over 350 high-skilled jobs focused on AI, digital engineering, and cybersecurity. The facility is designed to develop and test defense-related products and aims to enhance Texas' position as a hub for innovation in advanced technologies and smart manufacturing.
The center will house over 350 engineers specializing in AI and digital manufacturing.
It is equipped to handle defense-related product development and cybersecurity solutions.
[RSnake: Yeah, if someone says they want to get into cybersecurity, I tend to always be on the edge about whether that is a good idea. AI and robotics ,though… those seem to have legs… for now. Oh wait…]
Source: https://thereadable.co/lt-technology-services-launches-new-engineering-design-center-in-plano-texas-to-propel-advancements-in-ai-tech-digital-manufacturing/
Researchers at MIT have developed a generative AI model that enhances robot designs, allowing for improved performance such as increased jumping height and stability. This new approach involves using diffusion models to generate innovative designs that can be 3D printed, showing potential for significant advancements in robotics.
Generative AI is being applied to improve robotic designs, achieving better performance than traditional methods.
The system can optimize various aspects of robot functionality while being tailored for specific performance goals.
[RSnake: So maybe just AI then. 😆 ]
Source: https://news.mit.edu/2025/using-generative-ai-help-robots-jump-higher-land-safely-0627
Normalizing Flows (NFs) have been shown to be more effective for generative modeling than previously understood, now exemplified by a new architecture called TarFlow. This model combines Transformer techniques with autoregressive methods, leading to state-of-the-art results in image likelihood estimation and sample generation quality. Key innovations include training techniques that enhance model performance and sample diversity, placing this model at the forefront of generative modeling.
TarFlow is a new architecture that enhances the capabilities of Normalizing Flows in generative modeling.
The model achieves state-of-the-art results in likelihood estimation and sample generation for images.
Innovative training techniques improve sample quality and diversity significantly.
[RSnake: That’s good, but I think what’s really missing is more multi-modality, true memory, and much larger context windows. Because if you think about how a human reasons, that’s how.]
Source: https://machinelearning.apple.com/research/normalizing-flows
A British startup, Space Forge, successfully launched its manufacturing satellite ForgeStar-1 into orbit to test its ability to create materials under unique space conditions. This mission marks a significant step in space manufacturing technology, with the satellite intended to produce high-quality crystals for potential use in advanced semiconductor applications. The satellite will be burned up upon completion of its experiments, as Space Forge has not yet obtained certification to retrieve it from Earth.
Space Forge's ForgeStar-1 aims to produce materials in space using zero-gravity and vacuum conditions.
The mission will gather critical data for future manufacturing missions, while the satellite will disintegrate upon re-entry.
[RSnake: Congrats to the Space Forge team!]
Source: https://thenextweb.com/news/space-forge-uk-space-factory-launch
Emergence AI has launched CRAFT, a natural language platform designed to automate complex enterprise data workflows, significantly reducing the need for coding skills. With CRAFT, users can create and manage intelligent agent systems that operate autonomously across entire data pipelines, aiming to improve productivity and reduce operational costs for businesses. This innovation addresses the growing demand for data specialists by simplifying data management processes.
CRAFT enables non-technical users to automate enterprise data workflows using plain English.
The platform addresses a market representing over $200 billion in global spending on data pipelines.
Emergence AI aims to transform operational efficiency in various sectors by facilitating real-time data processing and decision-making.
[RSnake: I haven’t played with this at all, but I suspect we’ll need better translation logic between traditional languages, and more fuzzy things like AI and user input. The “data is code” concept is dumb/dangerous, and it’s hard to explain why.]
Source: https://thereadable.co/emergence-ai-launches-craft-machine-scale-data-automation-in-minutes-using-just-plain-english-2/
Google rolls out text-to-image model Imagen 4 for free, offering significant improvements in quality and pricing at $0.04 per output image, with the Ultra version priced at $0.06.
Google offers a new text-to-image model called Imagen 4, which provides improved quality and is priced at $0.04 per output image.
The Imagen 4 Ultra version follows instructions more precisely, offering better results compared to competitors, and is priced at $0.06 per output image.
[RSnake: That’s pretty darned cheap! It definitely makes graphic design a lot harder to justify.]
Source: https://www.bleepingcomputer.com/news/artificial-intelligence/google-rolls-out-text-to-image-model-imagen-4-for-free/
The PNG image format has been updated after a 20-year hiatus, introducing new features such as HDR support and animated PNGs (APNGs). Major companies are collaborating to ensure widespread support and compatibility with current technology, paving the way for future enhancements in compression and interoperability.
The PNG format has received a significant update after 20 years, reintroducing key features like HDR support.
Various leading companies are collaborating to ensure the updated PNG spec is widely adopted across different platforms.
[RSnake: Cool - I recommend png over jpeg too if you want to avoid being sued.]
Source: https://www.programmax.net/articles/png-is-back/
Recent developments in GPU performance optimization focus on techniques such as tiling and fusion to maximize data reuse and computational efficiency. The performance of operations on GPUs, like the NVIDIA A100, is heavily influenced by memory bandwidth and compute throughput, leading to memory-bound or compute-bound scenarios depending on the workload and data access patterns.
Tiling and fusion strategies can significantly enhance GPU performance by improving data reuse and minimizing memory traffic.
The balance between memory bandwidth and compute throughput determines whether GPU operations are memory-bound or compute-bound.
[RSnake: Yes, they are bound by memory, but they are also bound by networking, assuming your data is larger than whatever an A100 can hold. So much more to discuss about this, but for another day.]
Source: https://damek.github.io/random/basic-facts-about-gpus/
Business
Major issues continue to arise in the pharmaceutical industry, particularly regarding the exploitation of regulatory loopholes and the sourcing of drugs from unverified foreign suppliers. Companies are leveraging these gaps to market compounded medications at lower prices, often resulting in questionable safety and ethical practices while prioritizing profit over patient care.
Companies like Hims & Hers exploit regulatory exemptions in the pharmaceutical industry to market compounded medications, often using low-quality foreign ingredients.
There are significant concerns regarding the ethics and safety of telehealth services that automate prescriptions for marketed medications without adequate medical oversight.
The business model of these companies focuses on profit maximization through subscription traps and premium pricing for generic medications.
[RSnake: The law can’t keep up with cyber security, and it can’t keep up with pharm for the same reasons… blacklists/disallow lists never can keep up unless there is a very small and finite set of things that can be disallowed.]
Source: https://www.alexkesin.com/p/the-hollow-men-of-hims
Broadcom is conducting audits on former VMware customers who have declined to renew their support contracts, sending cease-and-desist letters regarding the use of VMware products. Companies have reported stress and potential financial repercussions due to these audits, as they may be found in violation of their licensing agreements. This situation has raised concerns about Broadcom's practices following its acquisition of VMware and its impact on customers.
Broadcom is auditing former VMware customers for license compliance.
The audits and cease-and-desist letters are causing financial anxiety among companies.
[RSnake: I mean, that sounds bad until you realize they are kinda stealing. It’s in the contract, right…? Maybe there is more to this story.]
Source: https://arstechnica.com/information-technology/2025/06/vmware-perpetual-license-holder-receives-audit-letter-from-broadcom/
MAXIOM Labs and DNAthlete have formed a partnership to integrate DNA science with adaptive artificial intelligence, aiming to provide personalized health and performance guidance. The collaboration, supported by elite athletes, intends to enhance individual well-being and longevity through customized protocols based on genetic and biometric data. The platform is designed with a strong emphasis on data security and user control over personal information.
MAXIOM and DNAthlete are launching a platform that combines DNA analysis with AI for personalized health insights.
The partnership aims to redefine human performance and longevity, integrating genetic data with real-time biometric feedback.
User data security and control are prioritized, establishing a new standard for privacy in health technology.
[RSnake: That is the way things are heading. Concierge medicine from your AI that knows everything about your diet and environmental data, as well as your DNA.]
Source: https://thereadable.co/maxiom-and-dnathlete-announce-groundbreaking-partnership-to-crack-the-code-on-human-health-performance-and-longevity-using-dna-and-adaptive-ai/
Switzerland is leading the world in deep tech investment, with 60% of its venture capital allocated to this sector from 2019 to 2025. Startups in deep tech have significantly increased their funding, reaching $1.9 billion in the last year and projected to hit $2.3 billion by 2025, with AI and machine learning startups taking a large share of investments.
Switzerland's deep tech investments exceed those of any other country.
AI and machine learning startups are becoming the primary focus of deep tech funding.
There is a notable gap in late-stage investment coming from local funds.
[RSnake: Wow, good for them. That’ll pay off for sure.]
Source: https://thenextweb.com/news/switzerland-leads-the-world-in-deep-tech-investment-report-finds
Jeff Bezos married Lauren Sanchez in a lavish ceremony in Venice, attracting protests from various groups.
Lauren Sanchez is a journalist and pilot who started her career as a journalist and has a keen interest in aviation.
The estimated cost of the wedding is between $20 million and more than $50 million.
[RSnake: I hear she deleted all her old Instagram photos. I wonder if that was something he asked for or she wanted to do.]
Source: https://www.bbc.com/news/articles/cdx5g4vjz07o
The S&P 500 and Nasdaq have reached record closing highs as the stock market has surged, gaining more than 20% since the start of April. Despite some volatility due to geopolitical tensions and trade policy developments, investor sentiment remains optimistic amidst signs of economic growth and easing tariffs.
The S&P 500 reached an all-time high, closing at a record price amid rising stock market gains.
Investor confidence has increased due to improved economic indicators and a rollback of tariffs.
[RSnake: And yet interest rates won’t budge. It makes the fed look pretty stupid, actually.]
Source: https://abcnews.go.com/Business/sp-500-hits-record-high-stock-market-surges/story?id=123225899
Got a useful tip? Looking to chat with me? Click here.
Check out the RSnake Show as well.
Full Disclosure: None of this is advice. This newsletter is strictly educational and my opinions. Please exercise caution, conduct your own research, and consult a professional before taking any action based on the information presented here.