RSnake Report 20251122

Hello, and thanks for reading! I hope you and your family are well underway in prepping for Thanksgiving. It’s only a few days away now, and feels a bit like it snuck up on me. But this year, I am Thankful for all of you readers, and your incredible feedback. Trust me, I hear you and appreciate your comments more than you know. So without further ado, let’s get to it, shall we?

In Russia/Ukraine news, there were a few notable hits on the energy sector. For instance, a major natural gas pipeline exploded on the outskirts of Omsk in Siberia, Russia, near the Kazakhstan border, creating an apocalyptic fire in Omsk Oblast near the village of Rostovka.

Russian Telegram channels reported a drone attack on the Ryazan oil refinery, marking the eighth such incident this year. The facility processes about 17 million tons of oil annually. But it also shows that the rate at which Russia can get back up and running is around a month, so each facility needs to be planned to be hit at the rate of once a month if they intend to keep them closed.

In another interesting attack, a fuel/gas train exploded on a railway in Russia's Perm region. This both blocks the path, temporarily, and reduces the delivery of fuel in the process.

Ukraine's 14th Army Regiment conducted a nighttime drone strike using FP-2 guided drones on the Zuevska and Starobesheve thermal power plants in Russian-occupied Donetsk, knocking out the main transformer at Zuhres TPP and causing a power outage. In this supplemental footage, you can actually see the power getting knocked out in the area when the drone strikes.

A gas station in Russia's Belgorod region caught fire following a reported incident. The gas station itself looked mostly unharmed. The fire came from a burning tanker truck.

An oil tanker was identified and found burned off the coast of Vladivostok. It was a few kilometers from the OAO NK Alliance oil-loading terminal, but visible from the shore. The environmental hazard here is enormous, but just one of many similar strikes on the region. War is hell on the environment.

A Ukrainian ground drone armed with a machine gun held a position for a month and a half, replacing infantry to control an intersection from a settlement where Russian forces advanced periodically. Operators deployed it each morning, likely with fresh ammo and batteries, fixed any malfunctioning parts, and retrieved it in the evening. I have been saying for years that remote-controlled guns basically make it impossible for the adversaries to function because of a mix of morale, and because it doesn’t matter if it gets hit. It’s impressive to see it in action.

Ukrainian forces installed barbed wire obstacles monitored by drones to defend positions, demonstrating adaptations in military tactics. In truth, this looks more likely to be razor concertina wire, which can be rapidly deployed from the back of trucks or ground-based drones, making it extremely slow and dangerous for personnel to pass without risking injury.

North Korea reduced artillery ammunition supplies to Russia by more than half in 2025 due to depleted stocks in Pyongyang, with no shipments in September and limited deliveries in October. Even then, and a bit laughably, about half the ammunition required modernization at Russian factories because it was so outdated. So North Korea’s stockpiles are severely depleted, it seems. Russia’s running low on munition options.

The most notable strike from the Russian forces was the targeting of a Turkish LNG tanker carrying 4,000 tons of LNG in Ukraine's Odesa area. It’s a bit impressive that there is any maritime activity in that area, especially a vessel of this size.

Russia also attacked the Isaccea–Orlivka border crossing between Ukraine and Romania with drones overnight, prompting Romania to scramble two F-16s and issue alerts. Technically, it seems that no drones entered Romanian airspace, so there was no reason to consider it an attack on Romania itself. However, the ferry traffic was halted, and ferries anchored on the Romanian side after the damage on the Ukrainian side.

Russia's defense industry faces its worst crisis since the Soviet collapse, with labor shortages, cash-flow problems, delayed payments, and disrupted foreign supply chains from sanctions. Uralvagonzavod lacks imported parts for tanks and suffers from increasing worker deficits. The United Aircraft Corporation relies on foreign avionics, and Kronstadt drones are cut off from Western electronics, degrading combat capabilities in Ukraine. Worse, payments to military personnel in Russia's Yakutia region have been suspended due to budget deficits and unpredictable funding needs. Imagine being in the front line meat grinder and not even being paid for it. Talk about a morale killer.

Speaking of bad morale, cellphone internet outages across dozens of Russian regions, intended to counter Ukrainian drone attacks, have disrupted daily life for months, including credit card failures, ATM disconnections, restricted messaging apps, and even the monitoring of diabetic children's blood glucose levels. This is largely due to the fact that Russia is worried about drones using cellular to navigate. But it just shows how deeply embedded cellular is in daily life amongst tons of various consumer products, and something for us to pay attention to as hostilities mount throughout the world.

In Moscow, 38% of shopping spaces in malls closed as residents lost purchasing power, with the Kremlin preparing food vouchers for loyal citizens. Russia now imports more food than it exports. It’s not just Moscow. Half of the clothes and shoe shops nationwide shut down due to falling incomes and slowing growth, prompting debate on economic stagnation or recession. This is the kind of downturn that accelerates because laid-off people don’t purchase, and that falloff of consumer participation means other businesses will close. It’s an economic spiral.

Russian cargo airlines face potential shutdowns after halving their fleets, with shortages of spare parts, personnel, and aircraft. This can be tied directly to sanctions in some regards, because much of the equipment that is missing to help build out these planes comes from the United States, which no longer supplies the spare parts.

Russia also began selling physical gold reserves for the first time to fund the war, mirroring National Wealth Fund transactions. Their holdings dropped 57% to 173.1 tons by November 2025, with liquid assets shrinking 55% to $51.6 billion, or 1.9% of GDP. If they dump gold at today’s currency prices, it would be a nice short-term bump to their economy, and it could hurt people who have locked up assets in gold with the new circulation. Though I don’t think it’s enough to truly destabilize gold.

It is not clear if it’s real or not, but a supposedly leaked 28-point peace plan from the Trump administration outlines Ukraine's confirmed sovereignty, a non-aggression pact with Russia and Europe, no further NATO expansion, security guarantees for Ukraine limited to 600,000 troops, constitutional bans on NATO membership, no NATO troops in Ukraine, and European jets in Poland. It includes U.S. compensation for guarantees, EU market access for Ukraine, a global rebuilding fund with U.S. involvement in gas infrastructure and minerals, phased Russian reintegration including G8 return, use of $100 billion frozen Russian assets for Ukraine (with U.S. taking 50% profits) and joint U.S.-Russia projects, non-aggression laws, nuclear treaty extensions, Zaporizhzhia NPP 50-50 power split under IAEA, cultural tolerance programs rejecting Nazi ideology, recognition of Crimea, Luhansk, and Donetsk as Russian with Kherson and Zaporizhzhia frozen at contact lines, a demilitarized buffer in Donetsk, Dnieper River access, prisoner exchanges, elections in 100 days, war amnesties, and enforcement by a Trump-led Peace Council. There is a lot in the plan, and a lot of concerns about what’s underpinning some of the line items, like historical issues being considered resolved, so that remains to be seen.

In European news, Polish authorities identified three acts of sabotage on the railway network, including explosives planted by Russian GRU along tracks, a C4 explosion on the Warsaw-Lublin route near Mika village used for NATO aid to Ukraine, and a metal plate with a wired smartphone near Puławy Azoty station; Prime Minister Donald Tusk confirmed state security threats and damage near Lublin, with suspects as two Ukrainian nationals linked to Russian intelligence, one previously convicted in Lviv and the other from Donbas, who entered from Belarus and fled back after the incidents. I am sure Russia felt that these two guys were not going to be caught, and if they were, Ukraine would be blamed, but it’s pretty obvious what is going on here. This feels a lot like NATO is now at a slow-burning war with Russia, and we are starting to see the kinetic effects.

The UK released footage of its Dragonfire laser weapon system destroying drones at a test range, with the Royal Navy planning ship deployments within two years. This may be the only reasonable defense for any guided munitions. Unguided non-explosive penetrator rounds may still be a threat, but those aren’t widely used against ships at the moment; the tech exists to leverage them if militaries decide it’s important to do so. Think hypersonic projectiles, either through rail guns or through ram accelerators.

In South East Asian news, the U.S. Army awarded Raytheon a $698,948,760 contract for National Advanced Surface-to-Air Missile Systems (NASAMS) to Taiwan's armed forces, with completion by February 28, 2031. This is a pretty meaningful system to reduce the first-wave effect of cruise missiles and long-range drones, and increase the danger to any human-navigated first strike against Taiwan.

In African news, Russia's Rybar channel proposed supplying Algeria with Geran drones to target Moroccan fuel storage, power plants, and radars. So we may actually see the spillover of the Russian/Ukraine war in Morocco, which might actually be a fairly good distraction for the Russians while they enable allies in North Africa, and put France and Portugal within range.

Islamist Fulani militias kidnapped 315 children and teachers, mostly girls aged 12-17, from St. Mary’s Catholic primary and secondary schools in Nigeria. They also attacked and kidnapped two Chinese nationals. We have begun to hear more and more about the Islamists attacking Christians in Nigeria, and while that is true, it appears they are fairly indiscriminate, as long as they aren’t obviously Islamists.

In Middle East news, the Israeli Air Force conducted heavy airstrikes on Lebanon’s Beqaa Valley. So far, we don’t have a lot of information on what their intel is that led to this particular strike, but it is almost certainly Hezbollah locations.

In South of the Border news, thousands protested corruption outside Mexico’s National Palace in Mexico City after the cartel murder of Mayor Carlos Manzo in Uruapan, with demonstrators breaching barricades and riot police in defensive formations, calling for President Claudia Sheinbaum's resignation and labeling her a "narco-president" bought and paid for by cartels. She’s already on the road talking to people on the ground, shaking hands, and not addressing the situation.

In private talks, it is alleged that President Trump discussed Venezuela's 300 billion-barrel oil reserves, receiving an offer from President Nicolás Maduro for U.S. rights without military action. Trump halted negotiations, but a senior official indicated the same negotiations continue indirectly. Trump is using USS Gerald R. Ford carrier group deployments in the southern Caribbean as leverage in negotiations, undoubtedly. Meanwhile, a NOTAM for Venezuela's Maiquetía FIR warned of military activity hazards, reducing flights in the region. It’s created its own Bermuda Triangle of a kind as ships cannot pass into the region as well. 😆 

An explosion occurred at a petrochemical complex in Anzoátegui, Venezuela, possibly linked to narcotics production or storage. Either way, it is likely that the US is already on the ground in Venezuela, and special forces are conducting operations there. The Venezuelan Defense Minister says he knows that the CIA is already on the ground there, so I think we can say that this is basically a fact.

In North American news, President Trump signed the Epstein Files Transparency Act (H.R.4405), requiring the Justice Department to release all Epstein case files within 30 days, except for victim privacy, child abuse materials, active investigations, abuse imagery, or classified national security info, with redactions justified in the Federal Register. President Trump then criticized Bill Clinton and Larry Summers for visiting Epstein's island. But what surprised me is that Harvard president Larry Summers openly expressed shame in a class over his communications with Jeffrey Epstein. I have a feeling a lot of heads are about to roll, and this appears to be a preview of what is going to come! I know the damage will affect some very powerful people, and likely on both sides of the aisle. I say, let ‘em hang and bring the popcorn. 🍿 

Meanwhile I spotted a searchable Gmail clone preloaded with Epstein's emails became available online. This isn’t the new information that will be released, but it makes it far more accessible to see what was said and released previously, though this comes mostly from redacted documents, and the OCR isn’t that great, so it’s anything but perfect, but still a clever way to allow people to get into the mind of Epstein. I wouldn’t be surprised if this gets a notable update in the next month!

In rather infuriating news, many in Minnesota's Somali immigrant communities were arrested over diagnosed autism in children to fraudulently claim around a billion dollars in Medicaid funds. These funds were then diverted to Al-Shabaab terrorist cells in Somalia. The most cutting comment I heard was, “The greatest financier of Al-Shabaab is the Minnesota taxpayer.” Ouch. 👎️ 

In Tech News, Meta introduced SAM 3D models for 3D object, scene, and human body reconstruction from 2D images, achieving state-of-the-art accuracy. This has huge implications for human tracking and robotic understanding of a scene, to allow it to “mentally” model the environment, similar to how humans think about a scene, and the placement of the important objects within the visual range.

Also, I spotted a report on Figure's 02 humanoid robots at BMW's Spartanburg factory, which produced over 30,000 X3 vehicles, loaded 90,000 parts across 10-hour shifts, walked 200 miles, and met KPIs of 84-second cycle times, over 99% accuracy, and zero interventions. One robot ran continuously for six months, with the most notable failures being in the forearm, informing the Figure 03 design. So if you were worried that robots might come for factory jobs, I think it’s already here, my friends. Like the saying goes, the future is already here, it’s just not spread evenly.

Meanwhile and in fairly scary news, Chinese LLM, DeepSeek generated dangerous code when prompted along side geopolitical modifiers involving rivals like Falun Gong, Uyghurs, Islamic State, USA, Tibet, South China Sea, or Taiwan. So if you were to ask it to write you a payment system, it would do it at a certain accuracy level and with a normal amount of risk, but if you add in that it is for the United States, it would start introducing more vulnerabilities into the code. So once again, do not use these Chinese models if you can help it!

Researchers, in just a couple of days of research, created synthetic "ghost smells" using ultrasound for olfactory stimulation. This opens paths for precise smell mapping and potential sensory expansions to optic nerves or tongues and more. Think of this as one step closer to the holodeck. You could even potentially smell things that are otherwise deadly by mimicking what they might smell like. For instance, if you wanted to simulate a nerve gas or poisonous agent like Mustard Gas, you could do it with this kind of system, theoretically.

Briefly, in Economic news, Oracle's $300 billion OpenAI deal now values at minus $74 billion, per the Financial Times in credit default swaps. I am not saying that it is definitely bad, but I am saying I strongly think that Oracle should come out and directly address its strategy.

Okay, onto the articles!

Tensions in the Taiwan Strait are escalating as China increases military activity around Taiwan, asserting its claim over the island amidst a shift in public sentiment towards Taiwanese sovereignty. The situation reflects a growing complexity as Taiwan prepares its defense strategy while navigating international responses to reduce the risk of conflict with Beijing.

• China views Taiwan as a key part of its national rejuvenation and has intensified military pressure on the island.

• Taiwan is strengthening its defense posture in response to the growing threat while managing domestic and international tensions.

[RSnake: And Japan and the Philippines too - China is making friends right and left.]

Source: https://www.realcleardefense.com/articles/2025/11/21/pressure_points_managing_risk_and_escalation_in_the_taiwan_strait_1148827.html

A draft proposal for ending the war in Ukraine has been presented by former President Donald Trump, which includes terms that favor Russia by suggesting Ukraine cede territory and forgo NATO membership. The proposal also outlines economic cooperation between Russia, Ukraine, and the U.S. along with significant security guarantees for Ukraine.

• The proposal demands that Ukraine confirm its sovereignty while agreeing to limit its military size.

• It includes provisions for territorial recognition and a comprehensive non-aggression agreement between Russia, Ukraine, and Europe.

[RSnake: I think that this should be seen only as an intended outline, and not as the actual terms, lest you miss a lot of what the actual ramifications for non-compliance and how things are measured are. It won’t be this ambitious in the final agreement if it does even get that far.]

Source: https://www.military.com/benefits/2025/11/21/trumps-plan-end-war-ukraine.html

The US Navy faces a critical shortage of ships due to insufficient public shipyards and limited private sector capacity, which is undermining the nation's ability to defend itself at sea.

• The US Navy has a deficit of 68 ships compared to the mandated 355 combat force ships, with only 287 ships currently in commission.

• The four public shipyards are outdated and inefficient, with a decline in the number of shipyards from 11 to 4 since WWII, resulting in a bottleneck for fleet availability.

• Private sector yards face capacity limitations due to limited numbers and narrow specialization, leading to delays in ship delivery and production shortages.

[RSnake: This is an area we’ll need something akin to a moonshot to get back up and running, though I hear rumblings that we are slowly beginning to re-invest in this sector.]

Source: https://www.realcleardefense.com/articles/2025/11/20/the_dire_state_of_our_shipbuilding_infrastructure_1148537.html

The civil war in Sudan, involving the military and the Rapid Support Forces (RSF), has triggered a severe humanitarian crisis, displacing millions and causing widespread food insecurity. The conflict is similar to past genocides and is exacerbated by international inaction and geopolitical maneuvers, with growing pressures for humanitarian aid and political solutions from countries like the United States and UAE.

• The Sudanese civil war has led to millions being displaced and facing acute food shortages.

• International responses have been criticized as inadequate, allowing the crisis to deepen.

• Support for neighboring countries like Chad, which host refugees, is crucial for regional stability.

[RSnake: It’s not going to get better on its own. But I still do not think this is a conflict we want to get involved in, because there are no clear good guys and no easy path to win even if we did pick a side.]

Source: https://foreignpolicy.com/?p=1212652

A Russian missile strike in Ternopil has resulted in 28 fatalities, including three children, and 94 injuries, with rescue operations ongoing for those still missing. The attack destroyed a high-rise residential building, and explosions were reported across multiple oblasts in Ukraine on the night of November 18-19.

• 28 people have been confirmed dead from the Ternopil missile strike.

• Rescue operations are still active to search for missing individuals.

[RSnake: This is the result of less and less use of ultra-targeted solutions, and I think a lack of interest in hitting precise targets, but also I would not at all be surprised if Ukraine were placing some command and control within heavy population centers.]

Source: https://www.pravda.com.ua/eng/news/2025/11/20/8008279/

Chaos Industries is revolutionizing defense technology with its Coherent Distributed Networks system, enabling faster and more accurate detection of threats such as drones and missiles. The company's Vanquish radar system has already catapulted its valuation to $4.5 billion, and investors are placing massive bets on the future of defense technologies. This shift in the defense industry could impact border security, infrastructure protection, and military forward bases.

• Chaos Industries is developing a new radar system using Coherent Distributed Networks that can detect threats faster and farther.

• The Vanquish radar system is designed to detect unmanned aerial systems (UAS), missiles, and aircraft, with the ability to detect drones from hundreds of kilometers away.

• This technology could shift the balance in favor of defenders, who could gain precious minutes to respond to threats earlier.

[RSnake: Cool - I think there are many different bandwidths/wavelengths that will prove to be very useful in this regard.]

Source: https://sofrep.com/?p=219390

Six US Democratic lawmakers have accused President Donald Trump of inciting seditious behavior, punishable by death, after he released a video urging US service members to refuse unlawful commands.

• The six Democrats say they will not be deterred from their duty to follow lawful orders despite Trump's accusations.

• The incident comes amid concerns about politically motivated attacks in the US, with many instances of violence against political figures reported recently.

[RSnake: Technically, they didn’t do this - but it’s easy to read it that way, and I think that is exactly the point. They have since walked that back and said they can’t point to any illegal orders specifically, but a lot of people will assume that if they said such a thing in the video, that illegal orders must be disobeyed, and that illegal orders are being issued. I think it would be hard to prosecute these individuals, but the GOP is right to call them out, because it’s incredibly dangerous.]

Source: https://www.bbc.com/news/articles/cx2p2dz9zk2o?at_medium=RSS&at_campaign=rss

The Polish ambassador to Russia was attacked by pro-Kremlin activists in St. Petersburg during a public event, which marks a significant escalation in hostility towards Polish diplomats amid ongoing tensions related to the Russo-Ukrainian war. Poland's Foreign Ministry condemned the incident, describing it as the most serious assault on its diplomats in years, prompting diplomatic discussions regarding security and relations with Russia.

• Polish ambassador Krzysztof Krajewski was targeted by a group of pro-Russian activists while attending an Independence Day event.

• The incident reflects heightened tensions between Poland and Russia amid the ongoing conflict in Ukraine.

[RSnake: It’s a little surprising that diplomats are still in the country, given the fact that Ukraine is hitting targets deep inside Russian territory.]

Source: https://euromaidanpress.com/?p=375189

South Africa has been removed from the Financial Action Task Force's gray list amid a significant corruption crisis that hampers its governance and economic stability. The nation faces severe economic challenges, characterized by high unemployment rates and a reputation as a hub for criminal activity, while concerns grow over the effectiveness of its efforts to combat corruption and money laundering.

• South Africa has been taken off the FATF's gray list despite ongoing corruption scandals involving high-level officials.

• The country faces one of the highest unemployment rates globally, with significant implications for its stability and governance.

[RSnake: I had a long talk with a South African immigrant a few weeks back, and he doesn’t believe it is a salvageable situation. There is just too much corruption, and most of the people who would have the competence to be able to fix things have fled.]

Source: https://foreignpolicy.com/?p=1212604

Canada's Army is undergoing a modernization process to transition from towed artillery to a more mobile and protected self-propelled howitzer fleet. This change is essential for adapting to the demands of modern warfare, which requires rapid response and high-volume fire capabilities on the battlefield. The modernization effort includes investments in munitions supply, alongside improvements in technology and training to ensure operational readiness.

• Canada must modernize its artillery forces to meet the challenges of contemporary warfare.

• The shift to self-propelled howitzers is crucial for ensuring rapid response and effective firepower in military operations.

[RSnake: We shall see what is the better option, but I do think having armor is a good idea, where much of the towed artillery has historically been towed by unarmored vehicles.]

Source: https://www.realcleardefense.com/articles/2025/11/21/dead_guns_tell_no_tales_1148818.html

An Indian fighter jet crashed at the Dubai Air Show, killing its pilot, and a court of inquiry is being constituted to investigate the cause of the accident.

• India's indigenous fighter aircraft, Tejas, is expected to bolster India's depleted fighter fleet as China expands its military presence in South Asia.

• Deliveries of 97 Tejas jets are expected to begin in 2027, following a contract signed by India's Defense Ministry with Hindustan Aeronautics Limited.

[RSnake: It has led to all kinds of internet drama about how safe the Tejas is, when in reality it is rarely flown, so on a per-flight-hour basis it is far more dangerous than similar jets like the F-16. I can’t tell what the point of that trolling is, but maybe it’s from the Tejas’ manufacturing company ADA trying to save face.]

Source: https://www.defensenews.com/global/mideast-africa/2025/11/21/indian-fighter-jet-crashes-at-dubai-air-show-killing-pilot/

The United States and the Philippines have formed a joint task force designed to enhance military deterrence against China's maritime claims in the South China Sea. This task force aims to improve response times for U.S. and Philippine forces in the region, where tensions continue to escalate between Beijing and Manila over contested territories.

• The U.S.-Philippine task force seeks to deter China's coercion in the South China Sea.

• The collaboration aims to enhance real-time military coordination and intelligence sharing between the U.S. and Philippine forces.

[RSnake: Makes sense. The Chinese are causing all kinds of issues for the Philippines. The Chinese back yard is filled with countries that can’t stand them due to their belligerent expansionist behavior over the last few decades.]

Source: https://www.defensenews.com/global/asia-pacific/2025/11/21/us-philippine-task-force-to-reestablish-south-china-sea-deterrence/

Lithuania is ramping up its drone production and defenses in response to increased border incursions from Belarus and the ongoing conflict in Ukraine. Granta Autonomy, a Lithuanian company, is manufacturing and deploying advanced drones designed for combat and surveillance, significantly contributing to Ukraine's military capabilities.

• Granta Autonomy is developing new drone technologies, including a vertical take-off and landing strike drone for Ukraine.

• Lithuania is enhancing its military capabilities and responding to threats from neighboring Belarus and ongoing tensions with Russia.

[RSnake: Good. Technically, each of these is an act of war, even if they weren’t intended to attack Lithuania. But if they ever did decide to, that would be a useful investment.]

Source: https://www.defensenews.com/global/europe/2025/11/21/lithuanian-startup-rushes-strike-drones-to-ukraine-in-fluffy-padding/

The UK Ministry of Defence has contracted MBDA UK to install two DragonFire laser-directed energy weapons on Royal Navy Type 45 destroyers as part of a broader strategy to enhance naval defense capabilities. This initiative aims to provide cost-effective alternatives to traditional missile systems, particularly in addressing threats from drones and other asymmetric warfare tactics observed in recent conflicts.

• The UK contracts for DragonFire laser capabilities to enhance naval defense.

• The program aims to provide a cost-effective alternative to expensive missile systems.

• The initiative is driven by lessons from recent conflicts involving drone threats.

[RSnake: Good. I think these are a wise investment given that many of the attacks against boats around Crimea are drones.]

Source: https://www.navalnews.com/?p=80367

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has warned government agencies to patch a pre-authentication remote code execution vulnerability in Oracle Identity Manager, CVE-2025-61757, which has been exploited in attacks potentially as a zero-day.

• CISA has given Federal Civilian Executive Branch (FCEB) agencies until December 12 to patch the flaw as mandated by the Binding Operational Directive (BOD) 22-01.

• The vulnerability was discovered and disclosed by Searchlight Cyber analysts Adam Kues and Shubham Shahflaw, who warned that it poses significant risks to the federal enterprise.

[RSnake: Patch up if you use Oracle!]

Source: https://www.bleepingcomputer.com/news/security/cisa-warns-oracle-identity-manager-rce-flaw-is-being-actively-exploited/

Avast has launched Scam Guardian, an AI-driven scam defense tool, which will be available for free worldwide to help combat the rising threat of AI-enhanced scam attacks. Reports indicate that data breaches and phishing scams have surged, creating an urgent need for effective online protection against increasingly sophisticated scams.

• Avast's Scam Guardian leverages AI to analyze and identify scams in real-time.

• The service aims to make advanced scam protection accessible to a global audience in response to growing cyber threats.

[RSnake: It’s a cool idea, but be very careful. Avast is a Czech company, not a US company. They are a NATO ally, but that’s not necessarily a guarantee.]

Source: https://www.bleepingcomputer.com/news/security/avast-makes-ai-driven-scam-defense-available-for-free-worldwide/

Cybersecurity threats are becoming increasingly sophisticated, with phishing kits like Tycoon 2FA using automation and social engineering tactics to bypass traditional MFA systems. Companies are rolling out new biometric phishing proof identity solutions to counter these attacks.

• Phishing kits like Tycoon 2FA exploit vulnerabilities in traditional MFA systems, allowing attackers to intercept and relay credentials with ease.

• Biometric phishing-proof identity solutions, such as those based on FIDO2 hardware, offer a more secure alternative to traditional MFA methods.

[RSnake: This attack has existed since the AOL days. The real trick is to do MFA on the transaction, not on the authentication. So let the attacker get into the bank account, but then send a message to the user’s cell phone asking if they really want to send a million to some Nigerian account, and if so, type in these numbers, because no one is doing that.]

Source: https://www.bleepingcomputer.com/news/security/the-tycoon-2fa-phishing-platform-and-the-collapse-of-legacy-mfa/

A vulnerability in WhatsApp's contact discovery tool exposed the phone numbers of 3.5 billion users, potentially compromising significant personal information. Researchers demonstrated that by exploiting this flaw, they could easily scrape user data, prompting Meta to implement stricter measures to prevent such issues in the future.

• WhatsApp's contact discovery feature allowed researchers to enumerate billions of users' phone numbers.

• Meta has implemented stricter rate-limiting measures following the exposure of this data.

• The vulnerability raised concerns about the use of phone numbers as identifiers for user accounts.

[RSnake: Big compromise. I would expect that it will enable a lot more AI phishing, etc.]

Source: https://www.wired.com/story/a-simple-whatsapp-security-flaw-exposed-billions-phone-numbers/

Latency measurement is flawed due to coordinated omission, where tools ignore data that looks bad on a selective basis, leading to inaccurate results and making it impossible to have intuition based on numbers.

• Coordinated omission occurs when tools omit data that looks bad on a selective basis, leading to inaccurate results.

• A single request can cause a system to stall and result in an inaccurate measurement of latency.

[RSnake: This is a pretty cool paper that describes how latency works in a way I hadn’t seen before. Basically, the moral of the story is don’t average latency, you need to know what the worst numbers are, not the best numbers, because that’s how you identify what the slow-loading assets/features of the app are.]

Source: https://bravenewgeek.com/everything-you-know-about-latency-is-wrong/

Salesforce customers have been hacked again via Gainsight, a third-party app that integrates with Salesforce, and threat actors affiliated with the ShinyHunters extortion group stole OAuth tokens to access customer data.

• Threat actors affiliated with the ShinyHunters extortion group breached many organizations' Salesforce instances via a third-party integration.

• Gainsight, a program for managing customer retention and satisfaction, was also compromised by the attackers.

• Salesforce took steps to contain the damage, including revoking access to Gainsight and temporarily removing it from its AppExchange app marketplace.

[RSnake: Those 3rd party apps seem to be a bit of a nightmare. You see a similar phenomenon with WordPress 3rd party plugins.]

Source: https://www.darkreading.com/cyberattacks-data-breaches/salesforce-customers-hacked-gainsight

The International Association of Cryptologic Research (IACR) has canceled election results after a key needed to decrypt votes was irretrievably lost, making it impossible to verify the outcome. A new election has been initiated, and the IACR will change its key management approach for future voting to require only two out of three key holders instead of all three. A trustee has resigned due to this incident and will be replaced by a new member.

• The IACR's election results were canceled due to the loss of a critical decryption key.

• A new election is being held, and key management practices will be revised to prevent future issues.

[RSnake: Lol, welp. This is what is referred to as “the mud puddle problem,” which is to say, if you drop the device in the mud and you can’t fix the device, there should be no way to get the data back. Good on them for not being able to get the data back, but just shows the issue with truly cryptographically secure systems.]

Source: https://arstechnica.com/security/2025/11/cryptography-group-cancels-election-results-after-official-loses-secret-key/

Cloudflare experienced a massive outage that affected major platforms like X and ChatGPT, causing widespread disruption across the digital economy due to a combination of internal issues and software bugs. This event highlights the risks of centralized integration and the importance of architectural diversity in preventing future adverse events.

• Centralized integration provides convenience but carries enormous systemic risk for the entire internet.

• Using multiple service providers for Web performance, security, and delivery dramatically reduces systemic risk and can prevent a single point of failure.

[RSnake: It was a big one, that largely came down to an issue with their bot detection code that hit some upper limits due to a bad copying of rules that hit an internal limit, causing it to fail. Easy mistake to make that normally would never occur, and it’s extremely difficult to test for.]

Source: https://www.darkreading.com/cybersecurity-operations/cloudflares-one-stop-shop-convenience-global-digital-economy

The release of Olmo 3 offers a new family of open-source AI models that allows users to access and customize the full lifecycle of model development. This initiative aims to enhance adaptability and collaboration within the AI community, providing advanced capabilities in reasoning, coding, and instruction following. These models are designed for deployment on a range of hardware, making cutting-edge AI more accessible to researchers and developers.

• Olmo 3 offers fully open models with customizable development flows.

• The models excel in reasoning, programming, and handling long-context tasks.

[RSnake: The most notable part of this model is that, “for the first time, lets you inspect intermediate reasoning traces and trace those behaviors back to the data and training decisions that produced them.” Sorta like a RAG within an LLM.]

Source: https://allenai.org/blog/olmo3

Google is planning to increase its AI infrastructure capacity significantly, needing to double it every six months to meet rising demand, as the company anticipates a thousandfold increase within five years. The tech giant faces challenges not only in investment but also in hardware shortages, particularly GPUs from Nvidia, impacting its ability to deliver new AI features. Major competitors like OpenAI are also expanding data center capacity to keep up with the accelerating AI market.

• Google aims to double AI infrastructure capacity every six months to meet demand.

• Supply shortages of GPUs from Nvidia are impacting AI companies' ability to scale.

• Competitors like OpenAI are also investing heavily in expanding their AI infrastructure.

[RSnake: Therefore, delaying the bubble? Or is this a real resource need that is tied to paying customers?]

Source: https://arstechnica.com/ai/2025/11/google-tells-employees-it-must-double-capacity-every-6-months-to-meet-ai-demand/

Valve is set to release new gaming devices, including the Steam Frame VR headset, Steam Machine console, and Steam Controller. These devices utilize an open-source software approach, with Igalia contributing to the development of an ARM-based system running SteamOS and key driver optimizations for gaming performance. Challenges in translating games from x86 to ARM architectures and ensuring flawless driver performance for the Qualcomm Adreno GPU are pivotal to enhancing the gaming experience on these new platforms.

• Valve is launching a series of new gaming hardware, including a VR headset and a console, which aim to enhance the gaming experience.

• Igalia is developing critical software and optimization drivers that allow compatibility between various gaming platforms, enabling better performance on ARM-based devices.

[RSnake: For those gamers out there! Xmas is coming!]

Source: https://www.igalia.com/2025/11/helpingvalve.html

The U.S. Navy's unmanned surface vessel, Lightfish, has achieved the fastest known transatlantic crossing for this type of craft, taking just over two months to travel from South Carolina to Portugal. This autonomous, solar-powered vessel is equipped with advanced technology that allows it to operate independently and respond to obstacles, marking an advancement in military unmanned systems.

• Lightfish completed a transatlantic journey of over 4,000 miles, setting a new record for unmanned surface vessels.

• The vessel uses solar energy and can operate autonomously while being remotely monitored by naval commands.

[RSnake: The solar-powered aspect is interesting. It can basically live out on the water virtually indefinitely.]

Source: https://www.defensenews.com/unmanned/2025/11/21/solar-powered-unmanned-surface-vessel-sets-new-speed-crossing-atlantic/

Google has launched Nano Banana Pro, a new image generation and editing model that enhances the creation of visuals by providing advanced reasoning and multilingual capabilities. The model aims to empower users to create precise and context-rich images for various applications, including advertising and education, and offers tools for improved image editing, scene adjustment, and consistency in visual design.

• Nano Banana Pro expands image generation capabilities with accurate text in multiple languages.

• The tool enhances creative control for users, allowing complex compositions and improved editing features.

[RSnake: It’s a good model, and it seems great at keeping context cross frames, so great for sprite generation if you need a multi-frame sprite for video games as an example.]

Source: https://blog.google/technology/ai/nano-banana-pro/

Google has developed a feature called Quick Share that allows for secure two-way file sharing between Android and iOS devices, starting with the Pixel 10 Family. This feature utilizes the Rust programming language to enhance security and protect against common vulnerabilities, ensuring that shared data remains safe throughout the process.

• Quick Share enables file sharing between Android and iOS devices.

• The use of the Rust programming language enhances the security of the file sharing process.

[RSnake: This is Google’s version of AirDrop, I think.]

Source: http://security.googleblog.com/2025/11/android-quick-share-support-for-airdrop-security.html

Australia is implementing a ban on social media platforms for users under the age of 16, starting in December 2023. This legislation requires platforms like Twitch, Facebook, and YouTube to prevent underage access or face significant fines. The move aims to reduce children's exposure to potential risks associated with social media interaction.

• Australia will ban social media access for children under 16 starting December 10, 2023.

• Platforms must enforce age restrictions or face fines up to $49.5 million.

[RSnake: Probably wise, but the kids will hate it and will almost certainly find ways around it, including making their own. Coding is no longer a thing that is outside of the realm of possibility for most kids.]

Source: https://www.bbc.com/news/articles/cx2n2955g10o?at_medium=RSS&at_campaign=rss

Thousands of Greenlandic families in Denmark are fighting to get their children back after they were removed by social services, amid criticism of parenting tests used on the indigenous population.

• The Danish government has banned the use of parenting tests on Greenlandic families, but only a fraction of cases have been reviewed.

• Greenlandic parents who had children taken into care after completing parenting tests are often denied their right to see their children again.

[RSnake: What a nightmare. The goal is to ensure parents are competent, but the unanswered question is why the Danish government feels it makes better parents than the parents, just because it can’t answer questions to its liking. Also, why are they denying their ability to even see their own children? That’s overly cruel, and that is putting it nicely.]

Source: https://www.bbc.com/news/articles/c1wlw2qj113o?at_medium=RSS&at_campaign=rss

Tech companies Microsoft and Nvidia are investing a combined $15 billion in the AI startup Anthropic to enhance their cloud services and AI capabilities. This partnership aims to diversify the AI landscape and reduce reliance on OpenAI, which has recently made significant investments of its own.

• Microsoft and Nvidia are investing heavily in Anthropic to strengthen their positions in the AI market.

• The partnership signifies a shift in dynamics among leading AI companies as they compete for cloud services and AI development.

[RSnake: Anthropic is getting more interesting as a company, as is Cursor. I think these are two peas in a pod. Still, ultimately Microsoft could pull the rug on cursor anytime they wanted to, and hit Anthropic in the process, since Cursor is based on VSCode a MS product, and the primary model in Cursor is Anthropic.]

Source: https://arstechnica.com/ai/2025/11/tech-giants-pour-billions-into-anthropic-as-circular-ai-investments-roll-on/

Global stock markets experienced a downturn, particularly in Asia and Europe, triggered by investor fears of an impending A.I. investment bubble following a prior rally driven by Nvidia's strong earnings. Major indexes in South Korea, Taiwan, and Japan declined sharply, reflecting concerns that high spending in AI technologies may be outpacing actual market demand, impacting various technology firms.

• Stocks in Asia and Europe fell sharply due to investor anxiety over a potential AI bubble.

• Major technology companies experienced declines in their share values, linked to concerns about overspending in the AI sector.

[RSnake: It’s a real question that I am not hearing great answers for, other than depreciation is longer than what Michael Burry is saying and what the balance sheets show. Also, to be fair, getting every iPhone user to pay $30-40 a month for a suite of AI services isn’t out of the question, and I am sure many already do, or would if they knew what benefits it could give them.]

Source: https://www.nytimes.com/2025/11/20/business/stocks-ai-global.html

Netflix, Comcast, and Paramount have submitted bids to acquire Warner Bros. Discovery, which could significantly impact the entertainment industry landscape. Each company aims to strengthen its position in the competitive streaming market while also potentially reshaping theatrical releases by incorporating Warner's extensive film library and resources.

• Netflix, Comcast, and Paramount are competing to acquire Warner Bros. Discovery.

• The acquisition could reshape the competitive dynamics in the entertainment and streaming industries.

[RSnake: More consolidation. We’ll see how this shapes up.]

Source: https://www.nytimes.com/2025/11/20/business/media/warner-discovery-bids-paramount-netflix-comcast.html

GE Appliances is allocating $150 million in contracts to U.S.-based suppliers as part of a strategy to relocate its production from China to Kentucky. The company is also investing $490 million to upgrade its Appliance Park complex to produce certain washers and dryers domestically, with plans for further investments in U.S. manufacturing over the next five years.

• GE Appliances is shifting its production operations from China to the U.S.

• The company is investing in U.S. manufacturing to create jobs and enhance domestic supply chains.

[RSnake: That’s good. If for no other reason than that supply chain might disappear altogether, so it’s better to future-proof that now.]

Source: https://www.supplychainbrain.com/articles/42879-ge-appliances-to-hand-out-150m-in-us-supplier-contracts

Klarna, a Swedish financial services company, has raised employee salaries by nearly 60% owing to savings from artificial intelligence, despite reducing its workforce by half since 2022. The company's revenue increased by 108% this year while maintaining flat operating costs, largely due to a hiring freeze and the automation of customer service roles using AI.

• Klarna has reduced its workforce from 5,527 to 2,907 since 2022.

• AI implementation has allowed Klarna to increase employee salaries significantly while cutting jobs.

[RSnake: Wow, that’s a strange side effect. So while the jobs are gone, the people who are still employed are making more. Interesting!]

Source: https://www.supplychainbrain.com/articles/42877-klarna-credits-ai-for-higher-salaries-as-staffing-dwindles

Google has commenced displaying ads within its AI mode, previously restricted to enhance user experience. This shift is part of a broader strategy to integrate advertisements into AI-generated content and adapt user habits towards AI services.

• Google has introduced ads in its AI mode to generate revenue.

• The new ads will appear at the bottom of AI-generated answers, similar to citations.

[RSnake: Of course it is. Because Google is an ad company, not a tech company, their main product is you, the user, and they sell your data to their advertising partners so that you are served up ads for things you probably don’t need. That they want to integrate ads into AI is completely unsurprising to me.]

Source: https://www.bleepingcomputer.com/news/artificial-intelligence/google-begins-showing-ads-in-ai-mode-ai-answers/