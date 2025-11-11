Good morning. It's Wednesday, 12th of November.

A vulnerability in Samsung Mobile devices disclosed more than a year ago has just been added to the United States Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog. CyberDaily

The European Commission is exploring ways to force European Union member states to phase out Huawei Technologies Co. and ZTE Corp. from their telecommunications networks, according to people familiar with the matter. Bloomberg

Australia’s spy chief has expressed concern about the potential for AI to take online radicalisation and disinformation to new levels. SBS News

ASPI

Building trust into tech: a framework for sovereign resilience

The Strategist

Jason Van der Schyff and James Corera

Governments across the Indo-Pacific are facing a critical question: who can be trusted to build and manage our most sensitive systems? Vendor choices, for everything from cloud infrastructure to identity platforms, are no longer just commercial; they are strategic. As cyber threats rise, supply chains fragment and coercive pressure grows, countries need better ways to assess technology providers and manage risk. Too often, decisions rest on instinct or political reaction rather than structured assessment. Phrases such as ‘secure by design’ or ‘don’t trust, verify’ are common.

Indonesia’s digital direction under Prabowo

The Strategist

Fitriani and Jascha Ramba Santoso

Indonesian President Prabowo Subianto’s first year in office has made clear that his technology agenda is about digital sovereignty and state capacity, beyond shiny infrastructure. While his digital policy sits quietly behind populist social programs of free nutritious meals for students and healthcare vouchers for the poor, it’s no less impactful. The jury is still out on how effective his digital policy is in supporting Indonesia’s ambitious 8 percent economic growth target, but it marks a distinct shift from his predecessor’s focus on infrastructure development.

Australia

Australia’s spy boss warned of a Russian threat — and it’s unfolding in real time

SBS News

Lera Shvets and Jennifer Scherer

With growing reliance on AI chatbots and LLMs, experts are calling for stronger legislation to mitigate against foreign interference and propaganda. Last week, ASIO boss Mike Burgess raised concerns about AI’s potential “to take online radicalisation and disinformation to entirely new levels”. Delivering his address at the Lowy Institute, Burgess said the agency had “recently uncovered links between pro-Russian influencers in Australia and an offshore media organisation that almost certainly receives direction from Russian intelligence”.

Accountancy body warns AI boom brings heightened cyber security risks

CyberDaily

David Hollingworth

The rapid adoption of artificial intelligence tools in Australian workplaces could lead to a new wave of cyber security risks, particularly among smaller enterprises, according to the peak accountancy body CPA Australia. “As AI tools become more integrated into financial systems and workflows, they also create new cyber security vulnerabilities that businesses must proactively manage to avoid substantial financial and reputational damage,” Gavan Ord, CPA Australia’s business investment and international lead, said in an 11 November statement.

Exclusive: Threat actor alleges treasure trove of sensitive Hunter, Collins class info

CyberDaily

Daniel Croft, David Hollingworth and Stephen Kuper

IKAD Engineering, a mechanical and structural engineering firm with offices across Australia, specialises in providing parts and solutions to the defence, marine, industrial, mining, oil and gas and water industries. The firm was listed on the dark web leak site on the J Group ransomware gang, which claimed to have exfiltrated 800 gigabytes of data. The threat actor claimed it had breached the network earlier this year after exploiting a known vulnerability in an older VPN appliance.

China

Chinese bitcoin fraudster jailed after huge UK crypto seizure

Bloomberg

Upmanyu Trivedi

A Chinese woman described as a “super villain” who orchestrated a multibillion dollar investment fraud to buy Bitcoin was sentenced to 11 years and 8 months in jail by a London judge. Zhimin Qian, who evaded arrest in China after fleeing on a moped to the Myanmar border, traveled through southeast Asia and Europe using fake passports before settling in Britain under a fake name — Yadi Zhang. She was arrested as part of the largest Bitcoin seizure ever by British police — now worth $6.4 billion.

Chinese fraud mastermind jailed in UK for laundering bitcoin Nikkei Asia

Nexperia chips have begun flowing to Europe again, auto suppliers say

South China Morning Post

Xiaofei Xu

The first shipments of Nexperia chips are already on their way to Europe after Beijing granted exemptions to its export restrictions, German auto suppliers told the Post, easing the pressure on the battered European car industry. But supply chain risks remain as Beijing and The Hague have yet to hammer out a final deal to decide the chip firm’s fate and US-China tensions continue to linger in the background.

Why new model of China’s Moonshot AI stirs ‘DeepSeek moment’ debate

South China Morning Post

Ben Jiang

A new reasoning model developed by a Chinese artificial intelligence start-up – with its performance exceeding OpenAI’s GPT-5 and Anthropic’s Claude Sonnet 4.5 in a number of metrics – has fanned fresh debate about another DeepSeek moment and the trajectory of America’s AI supremacy. Beijing-based Moonshot AI, a start-up valued at US$3.3 billion and backed by Chinese tech giants like Alibaba Group Holding and Tencent Holdings, has presented another David-vs-Goliath story after creating an open-source model that “set new records across benchmarks.

USA

CISA acknowledges known exploitation of Samsung Mobile vulnerability

CyberDaily

David Hollingworth

A vulnerability in Samsung Mobile devices disclosed more than a year ago has just been added to the United States Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog. CVE-2025-21042 is an out-of-bounds write vulnerability in libimagecodec.quram.so in devices prior to SMR Apr-2025 Release 1. The vulnerability could allow an attacker to run arbitrary code. The vulnerability was first reported in September 2024 and addressed over six months later, in Samsung’s monthly Security Maintenance Release process, in April 2025.

Ethereum, Solana ETFs get green light for staking via US treasury, IRS crypto fund guidance

Decrypt

Sander Lutz

The U.S. Treasury Department and the IRS issued new guidance Monday that paves the way for Wall Street-traded crypto products to generate staking yield for investors, in a move industry leaders said could significantly increase mainstream adoption of proof-of-stake blockchains like Ethereum and Solana. The guidance creates a safe harbor for investment trusts to stake digital assets without risking running afoul of existing tax and regulatory guidelines.

Appellate court panel sides with striking Post-Gazette workers; PG will appeal decision

TribLIVE

Megan Swift

A federal appeals court panel on Monday ruled in favor of striking journalists at the Pittsburgh Post-Gazette, possibly heralding an end to a long and bitter labor dispute that led newspaper staffers to walk the picket line for more than three years. The decision by three judges on the U.S. 3rd Circuit Court of Appeals stated that the Post-Gazette bargained in bad faith while trying to agree on a new contract. The ruling marks a major victory for the diminished Newspaper Guild of Pittsburgh.

Short-term renewal of cyber information sharing law appears in bill to end shutdown

The Record by Recorded Future

Martin Matishak

A deal to reopen the U.S. government would also renew an expired cybersecurity information sharing law until the end of January. The Senate on Sunday advanced legislation to end a weeks-long shutdown stalemate that includes a provision to reauthorize the 2015 Cybersecurity Information Sharing Act through January 30. The law, which incentivizes private entities to share threat data with the federal government with antitrust and liability safeguards, expired at the end of September.

The political left Is dialing up scrutiny of data centers

The Wall Street Journal

David Uberti

Sen. Bernie Sanders and a group of Democratic senators are demanding the White House answer for higher electric bills they blamed in part on the artificial-intelligence boom driving one of the most expensive infrastructure build-outs in U.S. history. Sanders, Sen. Richard Blumenthal and others on Monday called on the administration to share how it plans to mitigate price impacts and more from data centers needed to train and run AI applications.

Data privacy whistleblowers would get expanded protections under California proposal

The Record by Recorded Future

Suzanne Smalley

California privacy authorities are pushing legislation that would give corporate whistleblowers better protections for reporting data privacy violations, broaden residents’ personal data deletion rights and make it easier for individuals to submit privacy requests. The California Privacy Protection Agency, which has a track record of successfully advocating for proposals in the state legislature, approved the three draft bills on Friday. The agency recently scored a victory when Gov. Gavin Newsom signed a bill requiring web browsers to make it easier for consumers to opt out of data sharing.

North Asia

South Korea delays decision on Google’s request for map data transfer, says ministry

Reuters

South Korea said on Tuesday it has delayed a decision on Google’s request for permission to export map data, saying it will make a final ruling once the company submits additional documents. South Korea’s Ministry of Land, Infrastructure and Transport said in a statement that it would give Google, 60 days to submit the additional material. Seoul has previously rejected requests from Google, whose parent is Alphabet, for permission to use map data on servers outside the country, in 2016 and 2007, citing security concerns.

Ukraine – Russia

Russian missile barrage disrupts internet, customs databases in Ukraine

The Record by Recorded Future

Daryna Antoniuk

Kyiv and several other Ukrainian cities were plunged into near-total darkness over the weekend after Russia launched one of the largest missile and drone strikes on Ukraine’s energy infrastructure since the start of the war, knocking out power and disrupting critical services nationwide. Emergency blackouts lasting up to 12 hours were introduced following the attack, with Kyiv and other regions facing widespread internet and communication outages, according to internet watchdog NetBlocks.

Russian hacker to plead guilty to aiding Yanluowang ransomware group

The Record by Recorded Future

Jonathan Greig

A Russian national is set to plead guilty to several charges at the end of the month for his role as a participant in multiple Yanluowang ransomware attacks. Last week, federal prosecutors unsealed court documents for Aleksey Olegovich Volkov, a 25-year-old who was arrested in Rome two years ago. Court documents show evidence proving Volkov served as an initial access broker for the ransomware gang — breaking into the network of victims and then offering his access for a percentage of the ransom.

Europe

EU eyes Huawei ban in mobile networks of member countries

Bloomberg

Gian Volpicelli and Jillian Deutsch

The European Commission is exploring ways to force European Union member states to phase out Huawei Technologies Co. and ZTE Corp. from their telecommunications networks, according to people familiar with the matter. Commission Vice President Henna Virkkunen wants to convert the European Commission’s 2020 recommendation to stop using high-risk vendors in mobile networks into a legal requirement, according to the people, who asked not to be identified because the negotiations are private.

Backlash over proposed changes to EU privacy law

InnovationAus

Foo Yun Chee

Privacy activists say proposed changes to Europe’s landmark privacy law, including making it easier for Big Tech to harvest Europeans’ personal data for AI training, would flout EU case law and gut the legislation. The changes proposed by the European Commission are part of a drive to simplify a slew of laws adopted in recent years on technology, environmental and financial issues which have in turn faced pushback from companies and the US government.

OpenAI used song lyrics in violation of copyright laws, German court says

Reuters

Jörn Poltz and Friederike Heine

OpenAI’s chatbot ChatGPT violated German copyright laws by reproducing lyrics from songs by best-selling musician Herbert Groenemeyer and others, a court ruled on Tuesday, in a closely watched case against the U.S. firm over its use of lyrics to train its language models. The regional court in Munich found that the company trained its AI on protected content from nine German songs, including Groenemeyer’s hits “Maenner” and “Bochum”.

Redditor convicted for sharing nude scenes in landmark ‘moral rights’ copyright case

TorrentFreak

Ernesto Van der Sar

A Danish court has handed down a historic verdict, convicting a Reddit moderator in the country’s first-ever criminal case for violating copyright’s “right of respect”. The now 40-year-old man was given a 7-month suspended prison term for sharing 347 nude scenes featuring actresses from Danish films and TV shows on the “SeDetForPlottet” subreddit. The man also shared over 25 terabytes of pirated content on private torrent tracker Superbits.org.

UK

BBC chair apologises for Trump speech edit but defends corporation against bias claims

The Guardian

Eleni Courea, Jessica Elgot and Kevin Rawlinson

The BBC’s chair has apologised for an “error of judgment” in the way a Panorama documentary portrayed a speech by Donald Trump, after criticism of the edit forced the resignation of two of its most senior executives. Samir Shah said the BBC had mishandled an internal review of the matter but defended the corporation against claims it had buried stories or done nothing to address claims of bias, which he said were “simply not true”.

AI chatbots could help stop prisoner release errors, says justice minister

The Guardian

Rajeev Syal

Artificial intelligence chatbots could be used to stop prisoners from being mistakenly released from jail, a justice minister told the House of Lords on Monday. James Timpson said HMP Wandsworth had been given the green light to use AI after a specialised team was sent in to find “some quick fixes”. A double manhunt was launched last week after the incorrect release of a sex offender and a fraudster from the prison in south-west London.

Events & Podcasts

The Sydney Dialogue 2025

The Australian Strategic Policy Institute is pleased to announce the Sydney Dialogue, the world’s premier policy summit for critical, emerging and cyber technologies, will return on 4-5 December. Now in its fourth year, the dialogue attracts the world’s top thinkers, innovators and policymakers, and focusses on the most pressing issues at the intersection of technology and security. TSD has become the place where new partnerships are built among governments, industry and civil society, and where existing partnerships are deepened.

