RSnake Report 20251115

Hello, and thanks for reading! It was a light week, as I think things are slowing down as the holidays approach. One of the things that happened last week that was noteworthy was that Grossman Ventures had its first successful exit of Wirespeed to Coalition. Coalition is a cyber insurance company for small and medium-sized businesses. Wirespeed was a very inexpensive/scalable managed detection and response company, and we knew the Coalition team, so we introduced them, knowing they would be a winner for Coalition. The rest is history. From beginning to end, it was just about exactly 6 months between when we made an investment and they were acquired. Excellent news for the fund!

In Russian/Ukrainian news, Oil and energy still appear to be the major targets, leading into winter, as Ukrainian naval drones struck the Russian Black Sea port of Tuapse in Krasnodar Krai overnight, damaging Pier 169, Russian vessels, and port infrastructure. The port hosts a major oil refinery processing about 240,000 barrels per day and a terminal for oil, fuel, and petroleum exports, while also serving the Black Sea Fleet. The strikes disrupted military logistics, and the refinery halted crude processing after a November 2 attack after a massive explosion from a USV.

The Saratov oil refinery, operated by Rosneft and producing 7 million tons of oil products annually, caught fire after an attack. Also, the Orsknefteorgsintez refinery's atmospheric-vacuum distillation unit, which processes crude oil into primary fuels, is burning. Color me impressed that they are able to saturate air defense so easily at this point.

Also, an oil processing unit at the Nizhnekamsk refinery in Russia's Republic of Tatarstan caught fire after a Ukrainian strike.

But the big one was that Ukraine struck Russia's Novorossiysk Port with long-range Neptune missiles, damaging a reservoir and pier belonging to Chernomortransneft, the NUTEP container terminal, the Sheskharis oil depot, and residential buildings. A state of emergency was declared in the city. One strike hit an S-300/400 air defense system position, and maybe as many as 12 total launchers were there. Transneft halted oil pumping to the port, coinciding with the attack. The port's destruction cuts Russia's sea oil exports by 8-10 percent immediately, as it is a key oil export hub. Or… was anyway.

Russia's Lukoil invoked force majeure at its West Qurna-2 oil field in Iraq, halting operations and sending foreign staff home. Iraq suspended payments to Lukoil due to fears of secondary U.S. sanctions after the company's blacklisting. Baghdad is seeking legal ways to continue the project, but Lukoil has terminated foreign contracts. This is a huge loss for Russia, because it lost one of its major oil fields outside of Russia.

But it’s not just Russia that has its energy under attack. Russia launched more than 150 missiles and 2,000 drones at Ukraine's energy system in October and early November, targeting generation, transmission, distribution facilities, and gas infrastructure. This will be a big deal for the everyday Ukrainian who depends on natural gas and oil for heating their homes and powering their electricity.

Russia plans to deploy more Strelets interceptor drones, each with five 12-gauge shotgun barrels, to the front lines in late 2025. As we have seen, Ukrainian forces use a similar dual-barreled shotgun drone to repel attacks.

There was an interesting story where Ukrainian forces jammed Russian Kinzhal-type aeroballistic missiles using Lima electronic warfare systems, spoofing satellite navigation with the Ukrainian song "Batko Nash Bandera," and at the same time conducted a cyberattack to disrupt the missile guidance. The Night Watch unit disrupted about 10 Kinzhal launches in the last two weeks.

Ukrainian company Sine Engineering developed LoRa time-of-flight beacons for drone navigation without GPS. Beacons placed 3-5 km apart form a network of 2-4 points with fixed coordinates, connected to a ground station, allowing drones to navigate without GPS or any other systems. I have a feeling these won’t last long because it’s fairly easy to saturate LoRa, but we’ll see. If you haven’t already looked into LoRa, it’s a pretty cool distributed SMS-like system that allows people within a few miles to talk to one another using encrypted messaging. I have a LoRa setup at the house, for talking to friends a few miles away, as a matter of fact.

The LoRa is in response to the fact that Russia shut off mobile internet in the Ulyanovsk region until the war ends, not just temporarily. Apparently, enough cellular triangulation is used in drones that Russia would rather block everything altogether. Authorities are also fining residents for subscribing to unpatriotic Telegram channels amid a somewhat growing anti-war movement.

There was a pretty intense montage video of Russian soldiers on speedboats along the Dnepr River in southern Ukraine repelling Ukrainian FPV drone attacks, with footage showing many extreme close encounters. It is amazing that anyone can survive this, with dozens of drones stalking them. I doubt they’d make that trip successfully more than a handful of times, but still, it’s clear the small arms fire did manage to stave off a number of the drones, and the water dampened the explosions when the drones missed.

Ukraine deployed the DWS-1 drone wall system by Atreyd, consisting of small battery-powered drones with low-yield charges forming an aerial minefield to intercept UAVs and glide bombs without GPS. Radar detects threats and launches interceptors that use friend-or-foe identification to detonate nearby, with unused drones returning for reuse. AI adjusts the wall in real time to match threat trajectories. Tests succeeded, and Ukraine will use them to stave off inbound drone and missile swarms from Russia.

Russian forces stormed Pokrovsk in what looked like they may quickly overrun the city. Ironically, the video, which was intended to show off their march, ended up rallying Ukrainian forces, and they began to push the attack back. Most of the city temporarily fell under Russian control, with reinforcements and logistics entering amid bad weather. Ukrainian forces used a tank to hold Rodynske and regained control an hour later, with Pokrovsk standing.

Russian forces struck residential apartment buildings in Myrnohrad, Donetsk region, with FAB-3000 and FAB-1500 bombs, destroying the city allegedly without distinguishing targets. These are enormous bombs to be dropped into a city.

There was an interesting post by secretsqrl123 who found that Russian forces are beginning to remove turrets from tanks to APCs, reducing combat power while simultaneously increasing costs. This is a pretty huge fall from grace in terms of combat effectiveness.

Russia, however, is still heavily betting upon the meat assaults. It continues to recruit about 30,000 men per month, allowing it to sustain thousands of monthly losses in Ukraine by treating soldiers as disposable munitions. It makes sense without proper ground forces and armor to protect them.

Some eagle-eyed OSINT analysis revealed Vladimir Putin's actual locations despite three identical offices at his residences designed to conceal his position during TV appearances. Details like light switches, door handles, wood patterns, and wall seams exposed the deceptions. This is likely to make him even more paranoid, now that he knows he cannot hide where he is claiming to be, and it will make him look weaker now that people know he is hiding far away from Moscow.

There is a big sign of economic downturn heading Russia’s way. Russia's Central Bank prints rubles via repo auctions, where commercial banks bid using government bonds as collateral, then buy new bonds from the Ministry of Finance. The Ministry sold 1.855 trillion rubles in bonds today, with 450 billion due tomorrow, netting +1.455 trillion. Year-to-date growth in turnover is +5.872 trillion rubles. The government forced banks to buy its bonds, increasing outstanding bonds by 600 percent in a year to fund the war.

The way this works is that the government needs money to fund the war effort, but because of Russia’s Central Bank independence law, it can’t legally print rubles and hand them over directly. Instead, the Central Bank of Russia (CBR) prints the money and holds a “repo auction,” where commercial banks bid for short-term loans by offering their government bonds as collateral. The banks that offer the best terms, usually the most collateral for the lowest rate, get the rubles. They then use that freshly borrowed cash to buy newly issued government bonds from the Ministry of Finance. After a few days, the repo loan matures: the banks repay the CBR the rubles they borrowed plus a bit of interest, and they get their bonds back. The result is that the government ends up with new cash to spend, the banks take on short-term debt to the central bank, and ordinary Russians absorb the cost through inflation as more rubles flood the economy

In European news, French authorities arrested three Niqab-wearing Muslim women aged 18, 19, and 21 for planning a terrorist attack in Paris. They possessed explosive belts and Kalashnikovs, with the leader linked to a radical Islamist under surveillance. It’s not clear if they were funded by others, or if they were operating alone, but I suspect there will be a huge investigation.

Meanwhile, Germany reinstated mandatory conscription for all 18-year-old men, requiring military examinations. If volunteers are insufficient, a lottery will select draftees. Women will receive questionnaires assessing military readiness. The army aims for 260,000 active personnel and 200,000 reservists. Service lasts six months, with three months of basic training. Volunteers earn about €2,600 monthly, and one-year contracts provide professional soldier status and salary.

In Middle East news, Indian authorities arrested ISIS-K terrorists with 4 kg of ricin mash, enough to kill 250,000 people, foiling a plot to poison temple devotees by mixing it into prasad. One suspect, De Mohiuddin Syed, extracted the ricin and had planned to mix it with the Prasad. Prasad is made with whole wheat flour (atta), clarified butter (ghee), sugar, and water, and is considered a holy dish.

In South of the Border news, the USS Gerald R. Ford Carrier Strike Group entered Southcom's area of operations in the Atlantic Ocean and will conduct anti-cartel and narcotics trafficking missions in the Caribbean Sea. We still haven’t seen any meaningful exchange of fire, but we shall see what happens in the coming days and weeks. The buildup is enormous, though.

The Arleigh Burke-class destroyer USS Stockdale transited between Aruba and Curaçao and is operating 30 miles off Venezuela's coast. These are the same vessels that shot down Houthi ballistic missiles over Israel, which is something previously deemed impossible. Given that Russia has given Venezuela a number of air defense systems like the S-300/S-400 it likely also has a fair number of missile systems as well.

In North American news, President Trump signed a temporary funding bill restarting federal operations until January 30, ending a 43-day shutdown that furloughed 750,000 employees while keeping essential services like police, border patrol, and emergency medical teams active. The shutdown delayed, amongst other things, $5 billion in U.S. weapons shipments to NATO allies, including Ukraine. The dispute over health insurance tax breaks was resolved via compromise, with back pay for employees. The deal enables full-year funding for Agriculture, Veterans Affairs, and Congress departments, ensuring food assistance continuity and barring mass firings for three months. Democrats secured the reinstatement of laid-off employees despite criticism from their own party for ending the standoff.

For those THC/cannabis users, this one affects you, too. The government shutdown bill bundled Agriculture-FDA spending that redefines hemp to include total THC, not just delta-9 THC, and counts similar-effect cannabinoids toward the total. It prohibits synthesized cannabinoids or converted CBD intermediates and, probably most importantly, caps finished hemp products at 0.4 milligrams total THC per container. That is an extremely small amount, which means things will have to be individually sold and in high quantities, or the market will have to shift elsewhere. A lot of the synthetics are being used by kids and are nothing like THC, even though they are only one molecule off, and in some cases are extremely dangerous.

California plans to revoke 17,000 commercial driver's licenses issued to immigrants, citing state law violations. This is almost certainly in reaction to the Trump administration's concerns over undocumented recipients driving semi trucks or buses. Governor Gavin Newsom denied that the revocations stem from immigration status but provided no specifics; therefore, it’s extremely likely that he had no choice but doesn’t want to admit Trump was right about the danger. That said, there are a lot of needed jobs in trucking that just went vacant. So if you know anyone young who needs a job…

Anduril funded the development of the Omen Group 3 VTOL tail-sitter airplane, which achieves thousands of miles of range while carrying hundreds of pounds of payload. It’s kinda like an airplane, but takes off vertically before rotating into a different orientation. Cool design, and I can see how it is probably a lot less costly than tilt rotor designs like the Osprey.

In Tech News, there was a very creepy new tech built by 2wai that takes digital video and audio of your loved ones so that when they die it can create an LLM powered avatar of said loved one. It’s really awful in many ways, because even in the video, it shows that you only need a few minutes of video. A few minutes of your loved one in no way captures their complexity, and LLMs are not particularly good at nuance or actually knowing anything about your loved ones. But now a creepy avatar version of your dead loved one can live on in your phone as long as you remember to pay your monthly subscription.

Researchers developed robot tiles for infinite VR walking. Sensors read gait and predict steps, sliding tiles into place underfoot to simulate forward movement while keeping users in a small area, eliminating treadmill needs and wall collision risks… as long as you are walking forward. I still think there is a lot more work to be done on this because lateral movement would have you drop to the ground, rather than safely walking to the next tile. But in case you are wondering why I am tracking this, it is because the prediction is that the holodeck will be humanity’s last invention, and one of the major problems with the holodeck is seamless locomotion. We’re one step closer, and I think with some more thought, this research is directionally correct in fixing the locomotion uncanny valley.

A Chinese state-sponsored group, GTG-1002, conducted a cyber espionage operation targeting 30 entities with successful intrusions into several. The campaign integrated AI autonomously across reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration, using Claude Code as penetration testing orchestrators and agents. Humans tasked AI groups for 80-90 percent of operations at high request rates. Anthropic detected, investigated, banned accounts, notified victims, and coordinated with authorities over 10 days.

Apple launched Digital ID in the U.S., allowing users to add passports or IDs to Apple Wallet for TSA checkpoints at over 250 airports on domestic flights. There is a lot of concern about how this could be used against Americans, and it’s not all conspiracy. For instance, in China's WeChat serves as both digital wallet and ID, restricting features like recharging electric cars or vending machine purchases to users with a social credit score of 550 or higher. If you don’t have a good social credit score, you can’t do almost anything in China. All it takes is an authoritarian to decide that they want to abuse the power, similar to how banking sanctions have been used to target conservatives in Canada.

On the space front, Honda launched its first reusable rocket design, reaching 271.4 meters altitude and landing 37 cm from the target after 56.6 seconds. This is a direct competitor to SpaceX’s design, and it’s good that we are seeing alternatives in the market, because that drives even more innovation in space, driving down costs and increasing capabilities.

For those users who use Signal, there was a fascinating story where the software was updated to include tools exploiting Cellebrite vulnerabilities. Cellebrite is software designed to do data collection from cell phones, and it turns out to be exploitable to FFmpeg vulnerabilities that are going around right now. By including malicious images, users who have their cell phones confiscated and triaged by Cellebrite will presumably have their machines compromised, allowing infection of forensic devices used by law enforcement. This means your Signal install ships with malware. Interesting, eh?

A data breach at Knownsec, a Chinese cybersecurity firm with government ties, exposed over 12,000 confidential files, including cyber weapons, internal tools, and a target database. Stolen data covers intrusions into 80 overseas targets, such as 95 GB of Indian immigration data, 3 TB of Korean LG U Plus call records, and 459 GB of Taiwanese road planning data. Files detail cross-platform RAT tools for Linux, Windows, macOS, iOS, and Android, plus hardware like malicious mobile power banks for data upload. Targets include Japan, Vietnam, India, the UK, Taiwan, and over 20 countries. The breach reveals Knownsec's state affiliations and is auctioned on dark web forums. China, for its part, denied involvement, because of course they did. 😆

In Economic News, Fannie Mae will drop its 620 minimum credit score for mortgages, using its own risk analysis to ease borrowing barriers and expand home ownership. This will open the low end of the buyer market, but these high-risk individuals will only add to the fragility of the market. We saw similarly dangerous financial instruments being built in the lead-up to the subprime mortgage crisis by amassing lots of debt.

Michael Burry estimated hyperscalers understate depreciation by $176 billion from 2026-2028 by extending useful lives of AI equipment like Nvidia chips on 2-3 year cycles. He believes this allows companies to overstate earnings: Oracle by 26.9 percent, Meta by 20.8 percent in 2028. Recent 10-K filings from Meta, Oracle, Intel, and Nvidia show accounting changes increasing equipment useful life, understating hundreds of billions in depreciation over two years. A Google Cloud VP countered that 7-8 year old TPUs run at 100 percent utilization, 2020 A100s remain active, and H100s will not retire before 2027, suggesting less understatement than Burry claims, and this is backed up by some people I know who work for some of these companies. Meanwhile, Barclays downgraded Oracle's debt to sell. So… we shall see! 🫠 

SoftBank booked $8 billion in gains on OpenAI shares via a forward derivative contract, designating Vision Fund 2 to underwrite a $500 billion second investment tranche it cannot pay, creating the gains from thin air. Almost at the same time, SoftBank liquidated $5.83 billion in Nvidia shares and $9.17 billion in T-Mobile shares. It’s not clear if this is a move towards liquidity or if they are now gun-shy about those bets.

But adding some drama to this, it turns out Michael Burry closed trades in extremely out-of-the-money, long-term put options on Palantir and Nvidia, bought in August-September, and exited near breakeven in late October before his 13F filing. He used 50,000 January 2027 $50 puts on Palantir (trading at $180) and 10,000 December 2027 $110 puts on Nvidia (trading at $190), with low deltas around 2. Positions matched contract volumes, indicating liquidity tolerance for short-term speculative shorts, unlike his longer-held MBS trades. Burry then shut down Scion Asset Management as his value estimates diverged from market prices in an AI-driven bubble with inflated earnings from extended depreciation on hyperscaler equipment. He views current multiples as based on overstated EPS from 2-3 year cycle assets, expecting earnings slowdown or negativity by 2026-2028, compressing multiples and reversing passive flows in index-heavy stocks. Closing avoids client redemptions during a potential reset akin to the housing crisis, allowing him to make bets, and maybe even very, very dangerous out-of-the-money bets, without any investor oversight.

Okay, onto the articles!

The Department of War has made significant changes to its acquisition process, shifting from a cost-centric model to one focused on speed and innovation. This transformation will prioritize purchasing off-the-shelf technologies and implementing Lean methodologies, enabling the department to better compete with allies and adversaries, including China.

• The Department of War is redesigning its acquisition system to accelerate the delivery of advanced weaponry.

• New rules will allow for faster procurement processes and encourage startups to supply innovative technologies.

[RSnake: Of course, the real issue here is that while this will get us more capabilities faster, it will also allow chances for inferior products to make their way in, with questionable supply chains. Sometimes slow is better, but I think if I had to pick one, I’d go with innovation, given how fast things are evolving. More on the SPEED and FoRGED concept here.]

Source: https://steveblank.com/2025/11/11/the-department-of-war-just-shot-the-accountants-and-opted-for-speed/

The U.S. and China are engaged in a competition for leadership in artificial intelligence (AI), with implications for their global influence and technological standards. This contest is seen as crucial for both nations, as the development and deployment of AI technologies will shape future societal structures, governance, and values worldwide.

• The U.S. is struggling to coordinate its private sector and government efforts in AI development.

• China's government integrates AI into various sectors under state strategy, giving it an advantage.

[RSnake: They are definitely ahead in power generation, which is a huge component. But so are chips, and data centers.]

Source: https://www.realcleardefense.com/articles/2025/11/13/its_time_to_reckon_with_the_geopolitics_of_artificial_intelligence_1147055.html

The United States has launched Operation Southern Spear, a military initiative aimed at targeting drug trafficking organizations in Latin America. This operation coincides with a significant military buildup in the region, including the deployment of advanced naval forces, which has raised tensions, particularly with Venezuela, where President Maduro has condemned the US actions as a threat to national sovereignty.

• The US military is conducting operations against narco-terrorists in the Caribbean and Pacific.

• Venezuelan President Maduro has criticized the US military presence, framing it as an imperialist threat.

[RSnake: It is an interesting page out of Putin’s book - power projection nearer to home, where we find the enemy has taken the route.]

Source: https://www.aljazeera.com/news/2025/11/14/us-announces-southern-spear-mission-as-forces-deploy-to-south-america?traffic_source=rss

The Russian army is experiencing disintegration in the ongoing conflict around Pokrovsk, with soldiers increasingly refusing orders and opting for prison over combat, describing missions as suicidal. The battle has turned into a lethal urban conflict characterized by small, autonomous force engagements dominated by drone surveillance, severely impacting morale and leading to high desertion rates among Russian troops.

• Russian soldiers are refusing orders and deserting due to a high risk of death in the conflict.

• The battle dynamics have shifted to small group engagements influenced by drone warfare.

[RSnake: Prison is the best option, unfortunately. Most of them will be beaten/tortured, raped, and/or shot for disobeying orders.]

Source: https://euromaidanpress.com/?p=373997

At COP30 in Belém, Brazil, global leaders are confronting a gap in climate finance, with only a small fraction of investments reaching emerging markets and developing economies despite a record high in total climate financial flows. Countries are called to massively increase funding to achieve necessary climate and energy transition goals, while facing challenges of disagreement over financial requirements and tools, as well as the broader economic implications of climate inaction.

• Global climate finance needs are projected to be much higher than current flows, particularly for emerging markets and developing economies.

• Insufficient investment in climate adaptation and clean technologies could lead to substantial economic losses and stability risks.

[RSnake: We have bigger fish to fry geopolitically. And until China decides to fix its issues, we are just putting ourselves in a worse position. It is advantageous to China that we waste resources on climate.]

Source: https://www.atlanticcouncil.org/?p=887660

China has begun sea trials of its new amphibious assault ship, the Sichuan, shortly after commissioning its first aircraft carrier, part of an accelerated naval expansion strategy. This modernization aims to increase China's military capabilities, particularly regarding potential operations in the Taiwan Strait, where the nation seeks to assert its influence. Sichuan's advanced features, including an electromagnetic catapult system, position it as a significant asset in China's naval fleet.

• China is conducting sea trials for its amphibious assault ship, the Sichuan.

• Sichuan's capabilities may play a crucial role in any military strategy involving Taiwan.

[RSnake: It looks like it can carry a wide variety of short-takeoff arial vehicles, like drones, helicopters, etc.]

Source: https://www.military.com/daily-news/2025/11/14/fresh-off-commissioning-new-aircraft-carrier-china-starts-sea-trials-of-amphibious-assault-ship.html

A new federal lawsuit alleges horrifying conditions at California's largest migrant detention facility, including inadequate medical care, dirty housing, forced isolation, and religious freedom violations.

• Inadequate medical care and access to necessary resources for migrants in detention.

• Dirty housing units, restrictions on family visits, delays in access to lawyers, and confiscation of prayer mats, head coverings, and holy texts.

[RSnake: I suspect it’s bad just about everywhere, which is one of the arguments for making sure people don’t end up there in the first place and they don’t cross the border illegally, and/or they self deport.]

Source: https://www.foxnews.com/us/californias-largest-migrant-detention-center-accused-horrific-conditions-federal-lawsuit

Russia is allocating RUB 700 billion (approximately US$8.7 billion) for a program aimed at relocating residents from Ukraine's occupied territories to Siberia. This initiative raises concerns over forced resettlements reminiscent of Soviet-era practices, and there are reports of Ukrainian children being sent to military camps in Russia for training.

• Russia plans significant investments to facilitate the mass resettlement of Ukrainian residents to Siberia.

• This move is being compared to historic forced migrations during the Soviet era.

[RSnake: A lot of people were ready to arrest Bibi over something similar in Gaza. Except in Bibi’s case, Hamas was launching attacks against them, where Russia was the aggressor.]

Source: https://www.pravda.com.ua/eng/news/2025/11/13/8007185/

The U.S. Marine Corps has deployed unarmed MQ-9A Reaper drones to the South China Sea in support of Philippine forces amid increasing confrontations with Chinese vessels. This military presence is part of a broader effort to enhance regional maritime security and uphold a free and open Indo-Pacific.

• The U.S. deployed drones to aid Philippine maritime operations against Chinese aggression.

• The move reflects growing tensions and the U.S. commitment to regional security in the South China Sea.

[RSnake: And China is pissed. They even said it was creating the conditions for war. Of course, they would say that to try to frighten the US, but I suspect they won’t retaliate.]

Source: https://www.defensenews.com/news/2025/11/14/marines-deploy-reaper-drone-unit-to-south-china-sea/

The US Air Force successfully conducted tests of inert B61-12 nuclear bombs loaded onto F-35 fighter jets, marking a significant milestone in ensuring the aircraft and munitions can perform reliably on missions. These tests were part of a life-extension program aimed at modernizing the B61 family of nuclear gravity bombs, which have been in the US arsenal for over 50 years.

• The US Air Force tested inert B61-12 nuclear bombs on F-35 aircraft.

• These tests are part of a modernization program for the B61 family of nuclear bombs.

[RSnake: This is a bit of a nothing-burger, but when the word nuclear comes up, people get upset. This is more or less just making sure our equipment functions as we expect it should. A huge percentage of our nuclear budget goes to making sure it can be used with modern equipment.]

Source: https://www.defensenews.com/air/2025/11/14/watch-the-us-air-force-load-inert-nuclear-bombs-in-f-35-for-tests/

Microsoft has released its November 2025 Patch Tuesday updates, addressing 63 security vulnerabilities, including one actively exploited zero-day flaw in the Windows Kernel. The updates are critical for users still on Windows 10, as it marks the first extended security update (ESU) for the unsupported operating system, urging users to upgrade to Windows 11.

• One zero-day vulnerability was patched, which could allow local privilege escalation on Windows devices.

• The update addresses four critical security flaws, including two remote code execution vulnerabilities.

[RSnake: Make sure you patch up if you use Windows. SAP is in a similar boat.]

Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2025-patch-tuesday-fixes-1-zero-day-63-flaws/

A Chinese woman known as the Bitcoin Queen was sentenced to 11 years and 8 months in jail for laundering Bitcoin from a $7.3 billion cryptocurrency investment scheme, resulting in over 128,000 victims being defrauded in China between 2014 and 2017.

• A large-scale cryptocurrency scam was uncovered in the UK, involving a woman who laundered Bitcoin from a $7.3 billion investment scheme that defrauded over 128,000 Chinese investors between 2014 and 2017.

• The UK's largest single cryptocurrency seizure in history was made, with 61,000 Bitcoins valued at $7.3 billion seized by law enforcement.

[RSnake: I am surprised people think that Bitcoin isn’t primarily used for crime, beyond the people who simply hold onto it.]

Source: https://www.bleepingcomputer.com/news/security/bitcoin-queen-gets-11-years-in-prison-for-73-billion-bitcoin-scam/

Cybercriminal group Akira ransomware has been targeting critical organizations, including those in healthcare, manufacturing, and agriculture, using new tools and attack surfaces.

• Akira ransomware group targets Nutanix VMs, a lesser-known but substantial market player serving over 27,000 customers globally, including critical organizations like the US Navy and London's Gatwick airport.

• The group has been exploiting known vulnerabilities in edge devices, using commercial remote management tools to perform administrator-type actions and undermining security programs.

[RSnake: Akira has also focused pretty heavily on brute force as well.]

Source: https://www.darkreading.com/threat-intelligence/akira-raas-nutanix-vms-critical-orgs

The U.S. law enforcement has initiated measures to combat cryptocurrency fraud targeting Americans by issuing seizure warrants for Starlink satellite internet terminals allegedly used by scammers in Myanmar. This operation, which is part of a broader initiative to disrupt organized crime networks, has reportedly already led to the seizure of approximately $400 million in stolen cryptocurrency.

• U.S. authorities are seizing Starlink devices connected to scams targeting American citizens.

• The initiative is an effort to dismantle an organized crime scheme involving cryptocurrency fraud from Southeast Asia.

[RSnake: That will work temporarily, but in practice, once the adversaries figure out how they were caught, they’ll use a series of proxies through non-extradition treaty countries, or Tor, or I2P, etc.]

Source: https://www.wired.com/story/doj-issued-seizure-warrants-to-starlink-over-satellite-internet-systems-used-at-scam-compounds/

GlassWorm is a self-propagating malware targeting Visual Studio Code extensions that has continued to infect developer machines worldwide, totaling approximately 35,800 compromised devices. Recent research indicates that the malware is still spreading through the Open VSX marketplace and has also infiltrated GitHub repositories, posing risks to both individual developers and organizations globally.

• GlassWorm has infected around 35,800 developer devices.

• The malware continues to spread through the Open VSX Registry and GitHub repositories.

• Koi Security researchers found ongoing infections and identified a major government entity among the victims.

[RSnake: Be super careful if you are doing vibe coding. That’s 35k developer devices and untold websites/projects that could now be compromised or backdoored.]

Source: https://www.darkreading.com/cyberattacks-data-breaches/glassworm-returns-vs-code-extensions

CISA has mandated U.S. federal agencies to patch a critical Samsung vulnerability that has been exploited to deploy spyware on devices running WhatsApp. The flaw affects multiple Samsung flagship models and may pose significant risks, prompting a call for swift action from all organizations to secure their devices against potential threats.

• CISA ordered the patching of a Samsung vulnerability used in spyware attacks.

• The spyware targets Samsung devices running Android 13 and later by exploiting a flaw to gain unauthorized access to sensitive data.

[RSnake: I am surprised they are allowing government employees to use WhatsApp at all.]

Source: https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-samsung-zero-day-used-in-spyware-attacks/

Yann LeCun, Meta's Chief AI Scientist, is leaving the company to start a new AI venture focused on 'world models' that aim to emulate human reasoning. This departure comes as Meta undergoes an internal restructuring of its AI strategy, moving away from long-term research to a more commercial focus, following disappointing performance compared to competitors in the AI space. The company has faced investor pressure after a significant drop in its market value, and this shift suggests both a philosophical and structural change within Meta's AI initiatives.

• Yann LeCun is departing from Meta to launch a start-up focused on advanced AI models.

• Meta is restructuring its AI strategy amid investor pressure and competition from other AI firms.

[RSnake: This is smart. Once we get robots that are embodied, it will become increasingly critical that they understand the world around them and have very clever feedback loops to prevent them from misbehaving. More on the embodied issue here.]

Source: https://www.nasdaq.com/articles/metas-chief-ai-scientist-yann-lecun-depart-and-launch-ai-start-focused-world-models

Mozilla has implemented new anti-fingerprinting defenses in Firefox version 145, significantly reducing user trackability on the web. The updated protections, which are initially available in Private Browsing Mode and Enhanced Tracking Protection, aim to block a variety of tracking techniques that can uniquely identify users across different browsing sessions.

• Mozilla's new anti-fingerprinting measures will reduce the percentage of users who can be uniquely tracked from 35% to 20%.

• The latest Firefox release will prioritize privacy without compromising essential website functionality.

[RSnake: It’s about time. It’s been almost 20 years since Samy Kamkar came out with his fingerprinting libraries, and I released Master Recon Tool at Schmoocon.]

Source: https://www.bleepingcomputer.com/news/security/mozilla-firefox-gets-new-anti-fingerprinting-defenses/

In 2025, Android has seen a significant drop in memory safety vulnerabilities, attributing this improvement to the adoption of Rust, which is being increasingly used in its software development. The shift to Rust has been associated with faster development processes, fewer code revisions, and greater overall stability compared to C++, suggesting a transformation in software engineering practices aimed at enhancing security without sacrificing performance.

• Rust adoption in Android has led to over a 1000x reduction in memory safety vulnerability density compared to C and C++.

• The transition to Rust is making security improvements more efficient, enhancing overall software development productivity.

[RSnake: That’s good, but Rust doesn’t simply eliminate all vulnerabilities. It’s not a panacea, but yes, it does reduce some risks, and it’s quick, which is good. Granted, Android itself is more or less spyware. 😆 ]

Source: http://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html

Kubernetes has announced the retirement of Ingress NGINX, an important Ingress controller, due to insufficient maintainership and increasing maintenance challenges. Best-effort maintenance will continue until March 2026, after which there will be no support or updates, prompting users to migrate to alternative solutions like the Gateway API.

• Ingress NGINX will cease maintenance in March 2026 due to technical debt and a lack of support.

• Users are advised to migrate to alternative Ingress controllers immediately to ensure continued support and security.

[RSnake: If you use it, it’s time to forklift upgrade.]

Source: https://www.kubernetes.dev/blog/2025/11/12/ingress-nginx-retirement/

A new provision in a federal spending bill prohibits THC-infused products from containing more than 0.4 milligrams of THC per container, which could threaten the $28.4 billion hemp industry in the U.S. The U.S. Hemp Roundtable warns that this ban may lead to the loss of 300,000 jobs and significant economic consequences as it affects many non-intoxicating hemp-derived products that consumers rely on for health management.

• The spending bill includes a provision banning THC products above specified THC levels.

• The potential fallout includes massive job losses and negative impacts on small businesses nationwide.

[RSnake: So if you are a THC user, you should probably look very carefully into how this will affect you and your ability to purchase products legally.]

Source: https://abcnews.go.com/US/thc-gummies-drinks-face-ban-provision-government-spending/story?id=127509295

DoorDash has disclosed a data breach that occurred in October, affecting users' contact information, and has notified affected customers via email. The incident was caused by a DoorDash employee falling victim to a social engineering scam, and the company is taking steps to respond to the incident, including deploying security enhancements and notifying law enforcement. Some users are questioning the company's handling of the incident and the timing of the notifications.

• DoorDash employees fell victim to a social engineering scam, causing a data breach that affected users' contact information.

• The company has taken steps to respond to the incident, including deploying security enhancements and notifying law enforcement.

[RSnake: This is scarily easy to do. It’s one of the reasons anti-phishing tech and training are very important.]

Source: https://www.bleepingcomputer.com/news/security/doordash-hit-by-new-data-breach-in-october-exposing-user-information/

Verizon is planning to lay off 15,000 employees, accounting for 15 percent of its workforce, in response to increasing competition and a restructuring under new CEO Dan Schulman. The company is also transitioning corporate-owned retail stores into franchised operations. These measures are part of a broader strategy to stabilize subscriber retention and reduce expenses amidst a challenging market environment.

• Verizon plans to cut about 15,000 jobs, representing 15 percent of its workforce, to restructure its operations.

• The company is facing stiff competition from rivals like AT&T and T-Mobile in a maturing wireless market.

[RSnake: This is likely just removing the bottom 15% of the workforce, but it might be more than that, like actual competition and decreased profits/outlook.]

Source: https://www.aljazeera.com/economy/2025/11/13/verizon-planning-its-largest-layoffs-ever-report?traffic_source=rss

Record corporate spending on artificial intelligence in the U.S. is expected to reach $380 billion by the end of 2025, while job cuts have risen significantly, particularly in the tech sector, where layoffs are attributed to AI-related restructuring. This trend may lead to jobless growth, with a strong GDP alongside stagnant or declining job growth, impacting consumer spending and potentially leading to a recession.

• Record investment in AI by major corporations is occurring alongside significant job cuts, with layoffs reaching their highest levels since 2003.

• The phenomenon of 'jobless growth' could occur, resulting in a disconnect between economic performance and employment levels.

[RSnake: I suspect we’ll continue to see a weakening of the job market.]

Source: https://www.supplychainbrain.com/articles/42843-record-ai-spending-collides-with-deepening-us-job-cuts

The PS5 has significantly outsold the Xbox Series X since its release, marking a successful generation for Sony. As both companies prepare for their next consoles, the competitive landscape of gaming is evolving with new threats, including alternative gaming devices and the increasing costs of game development.

• Sony's PS5 has shipped 84 million units, outperforming the Xbox Series X.

• The next generation of consoles faces challenges from new entrants and rising game development costs.

• Sony is expanding its gaming ecosystem beyond consoles, incorporating PC and additional hardware.

[RSnake: Good for them. Although I really wish they would just get along and start sharing titles so that people didn’t have to choose, and games would interoperate. That said, the lock-in is exactly the reason any of these guys have a market.]

Source: https://gizmodo.com/?p=2000685720

A Tesla employee was fired after requesting accommodation due to heat affecting hearing aids, alleging the company failed to comply with federal regulations for people with disabilities.

• Tesla employee Hans Khols was hired via the START internship and assigned to the Casting Department, where he experienced malfunctioning hearing aids due to extreme heat.

• The company allegedly failed to provide a suitable accommodation for Khols' disability under federal regulations, terminating his position just nine days after his request.

[RSnake: Ever hastening the move towards robotic drivers, eliminating the human element altogether. I guess I might do the same in his position, but really it’s just quickening the pace at which humans are deemed too much of a liability.]

Source: https://gizmodo.com/?p=2000685570