This groundbreaking technical paper is informed by and supports the effort by Small Island Developing States (SIDS) to tackle the economic and commercial determinants of health—as set out in the 2023 Bridegtown Declaration. In particular, the paper addresses the challenges and opportunities for SIDS in addressing the economic and commercial determinants of noncommunicable diseases, mental health conditions, injuries and violence.
The technical paper is the first comprehensive analysis examining how commercial determinants specifically impact health outcomes in SIDS, identifying both challenges and opportunities for intervention.
Key findings
The paper reveals several critical common and shared vulnerabilities of SIDS which underpin their economic and commercial determinants of health.:
Power imbalances: Due to small populations and limited human and financial resources, SIDS face disproportionate pressure from multinational commercial actors
Less diversified economies: Many SIDS rely heavily on sectors centered on potentially health-harming products.
Dependence on external supply: Import dependency leaves SIDS susceptible to market fluctuations and disadvantageous trade agreements
Interconnected challenges: Climate change, food insecurity and harmful commercial practices compound leading to health harms.
Recommendations
The paper outlines five key opportunity areas for addressing economic and commercial determinants of health in SIDS:
Creating policy environments that enable health through measures such as taxation of health-harming products as well as regulation of commercial practices such as harmful marketing
Safeguarding against conflicts of interest through transparent and coordinated governance mechanisms
Empowering community participation in governance for health
Strengthening governance for commercial determinants in development approaches
Investing in SIDS-SIDS and triangular cooperation
As Dr Etienne Krug, Director of WHO’s Social Determinants of Health Department, notes in the paper’s foreword: “Tackling the commercial determinants of health in SIDS includes action to support shifting businesses from health-harming to health-promoting practices, addressing power imbalances between public sectors and commercial actors, regulating harmful commercial practices, and improving underlying systems.”
Building on momentum
The paper builds on the 2023 Bridgetown Declaration on NCDs and Mental Health, providing a technical foundation for implementing the roadmap established at the SIDS Ministerial Conference in Barbados.
This paper comes as the Bridgetown Declaration’s importance moves beyond SIDS: it provides the momentum and path forward as the world approaches the Fourth High-Level Meeting. In the same way that the 2007 Declaration of Port-of-Spain on Uniting to Stop the Epidemic of Chronic NCDs is credited with building momentum for the first UN high-level meeting on NCDs in 2011 and its transformation of the NCD response, the 2023 Bridgetown Declaration promises to be a catalyst for the rebirth of the response to NCDs and mental health.
“The time for action is now,” the technical paper concludes, calling for collaborative efforts between SIDS governments, communities, and international partners to develop integrated approaches that prioritize well-being, embrace Indigenous knowledge, and support health-aligned local businesses.
WHO will continue supporting SIDS and all countries through technical assistance, capacity-building and fostering a global community of practice on commercial determinants of health to protect health, promote wellbeing and save lives.
Source: Federal Bureau of Investigation (FBI) State Crime Alerts (c)
BUFFALO, N.Y. – U.S. Attorney Michael DiGiacomo announced today that Waleed Abughanem, 33, of Lackawanna, NY, who was convicted of misprision of felony, was sentenced to serve 36 months in prison by U.S. District Judge John L. Sinatra, Jr.
Assistant U.S. Attorneys Charles M. Kruly and Maeve E. Huggins, who handled the case, stated that Abughanem is the son of Khaled Abughanem and the brother of Adham Abughanem. On September 8, 2021, Khaled and Adham Abughanem flew from Buffalo, NY, to Guadalajara, Mexico to kidnap Victim 1, who is the daughter of Khaled and the sister of Adham and Waleed. Between September 10, 2021, and April 6, 2023, Waleed, Khaled and Adham Abughanem conspired to transport Victim 1 from the Western District of New York to Cairo, Egypt, and then to Sanaa, Yemen, where they confined Victim 1 for approximately 16 months with the purpose of marrying her to a man not of her choosing.
Waleed Abughanem knew Victim 1 was being held involuntarily, and during some of this period, he was present in Yemen. When he was not present in Yemen, Waleed Abughanem instructed his wife to monitor and supervise Victim 1. In December 2022, Waleed Abughanem traveled from Yemen to the United States. When questioned by U.S. Customs and Border Protection as to the whereabouts of his siblings, Waleed Abughanem told the CBP Officer that the Victim was in the United States. By making a false statement, Waleed Abughanem concealed that Victim 1 had been kidnapped and was being involuntarily held in Yemen.
Khaled and Adham Abughanem were previously convicted by a federal jury at trial and are awaiting sentencing.
Waleed Abughanem’s sentencing is the result of an investigation by the Federal Bureau of Investigation, under the direction of Special Agent-in-Charge Matthew Miraglia, and the U.S. Department of State’s Diplomatic Security Service, under the direction of Diplomatic Security Director Carlos Matus and Deputy Assistant Secretary Paul Houston. Additional assistance was provided by the Lackawanna Police Department, under the direction of Chief Mark Packard, Customs and Border Protection, under the direction of Director of Field Operations Rose Brophy, and CPB in Boston, Massachusetts.
DEL RIO, Texas – A federal grand jury in Del Rio returned an indictment charging a Mexican national with four counts related to methamphetamine trafficking.
According to court documents, Veronica Sanchez-Pineda, 46, of Piedras Negras, Coahuila, Mexico, approached the Eagle Pass Port of Entry in a pickup truck on April 20, allegedly giving Customs and Border Protection officers a negative declaration for contraband including narcotics. A secondary inspection allegedly resulted in the discovery of a crystal-like substance inside an auxiliary tank in the bed of the truck. The liquid was extracted and resulted in a positive test result for the properties of methamphetamine, a criminal complaint alleges. The total approximate weight of the alleged narcotic was 521.03 kg.
The criminal complaint also alleges that Sanchez-Pineda consented to a search of her cell phone, which contained a text message about a “job” in Eagle Pass as well as screenshots of money transfers between the defendant and another individual. Sanchez-Pineda allegedly admitted to being involved in illegal activity regarding the contents of the auxiliary tank and that she was being compensated in Mexican Pesos.
Sanchez-Pineda is charged with one count of conspiracy to possess with intent to distribute methamphetamine; one count of possession of methamphetamine with intent to distribute; one count of conspiracy to import methamphetamine; and one count of importation of methamphetamine. She was arrested and made her initial court appearance April 24 before U.S. Magistrate Judge Matthew H. Watters of the U.S. District Court for the Western District of Texas. If convicted, Sanchez-Pineda faces 10 years to life in prison and up to a $10 million fine. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
Acting U.S. Attorney Margaret Leachman for the Western District of Texas made the announcement.
Homeland Security Investigations is investigating the case.
Assistant U.S. Attorney Warsame Galaydh is prosecuting the case.
This case is part of Operation Take Back America, a nationwide initiative that marshals the full resources of the Department of Justice to repel the invasion of illegal immigration, achieve the total elimination of cartels and transnational criminal organizations (TCOs), and protect our communities from the perpetrators of violent crime. Operation Take Back America streamlines efforts and resources from the Department’s Organized Crime Drug Enforcement Task Forces (OCDETFs) and Project Safe Neighborhood (PSN).
An indictment is merely an allegation and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
CONCORD – A Dover man plead guilty yesterday in federal court for stalking three women he was in romantic relationships with by using anonymous phone numbers and email accounts to create a fictious stalker, Acting U.S. Attorney Jay McCormack announces.
Jason Subirana, age 48, pleaded guilty in federal court in Concord to three counts of Stalking. U.S. District Court Judge Steven J. McAuliffe scheduled sentencing for August 27, 2025.
According to the charging documents and statements made in court, between November 2016 – December 2021, the defendant stalked three women he was in romantic relationships with. He used more than 50 anonymous phone numbers, provided by TextNow, and anonymous email accounts to send over 650 harassing messages to the three victims from a fictious stalker. He attempted to manipulate his victims, catch them in lies, and cause emotional distress. For example, he sent one victim a text message that read:
“How can you b*tch to everyone about your birthday? You should be grateful he’s put up with all your lies and shit for so long. Stop trying to make him look like a bad guy, he’s the best thing you have and lucky he hasn’t put you to the curb like the trash bag that you are. Own your shit and stop lying to everyone. You want more? Be honest to EVERYONE around you. Stop thinking you are smarter than everyone.”
In addition to sending harassing communications to the victims, the defendant also sent himself harassing messages from the fictious stalker using anonymous accounts. For example, the defendant texted himself from an anonymous TextNow number, “Do you really think you’re the only one she’s banging? You really should get yourself tested. Put something in the mail for you keep an eye out for it.” On February 10, 2021, the defendant texted himself from an anonymous TextNow number, “How many times do you think she’s going to take it this afternoon before coming to give you sloppy seconds?”
The defendant also collected compromising information about the victims and then sent the compromising information to himself under the guise that he received it from “the stalker”. For example, the defendant gained access to Victim 2’s email account and forwarded himself an email exchange from 2015 where Victim 2 mentioned a potential romance with an acquaintance of hers. The defendant orchestrated a series of email forwards through anonymous accounts before making its way back to Victim 2. This email controversy led to Victim 2 admitting to the defendant a prior romantic relationship with that acquaintance, with the defendant responding, “You’re only telling me this now because of the email you got. What else are you hiding from me?” and “What wlse [sic] is out there? Has this all been based on lies???”
The defendant actively distanced himself from “the stalker” by accusing innocent individuals of being his victim’s “stalker.” For example, the defendant sent numerous harassing messages to a male colleague of Victim 3. Between April 22, 2018, and August 15, 2018, the defendant sent 52 harassing text messages to the victim’s colleague from at least five anonymous TextNow numbers. The defendant also sent the victim’s colleague numerous explicit photos of a woman’s body that resembled Victim 3 but was not in fact Victim 3. When Victim 3 described this to the defendant in messages, he then sent himself multiple messages from “the stalker,” including two of the explicit photos that he had sent to the victim’s colleague and suggested to Victim 3 that her colleague was in fact her stalker.
The charging statute provides for a sentence of a maximum penalty of 5 years in prison. Sentences are imposed by a federal district court judge based upon the U.S. Sentencing Guidelines and statutes which govern the determination of a sentence in a criminal case.
The Federal Bureau of Investigation led the investigation. Assistant U.S Attorney John Kennedy is prosecuting the case.
The defendant sold undercover agents more than 2,000 grams of drugs.
Baltimore, Maryland – Derrick Nutter, 40, of Baltimore, Maryland, pled guilty to conspiracy to commit drug trafficking in federal court.
Kelly O. Hayes, U.S. Attorney for the District of Maryland, announced the plea with Special Agent in Charge Toni M. Crosby, Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF).
According to the guilty plea, Nutter unknowingly met with undercover agents on multiple occasions to sell methamphetamine, fentanyl, cocaine, and a loaded AR-style pistol.
On June 12, 2024, Nutter sold an undercover agent approximately 109 grams of cocaine for $3,600, approximately seven grams of methamphetamine for $100, and a free sample of fentanyl. Then on June 20, 2024, Nutter sold the undercover agent approximately 85 grams of suspected fentanyl for $3,300, and approximately 79 grams of cocaine for $2,700.
Additionally, on the same date, Nutter sold the undercover agent a 5.56 caliber AR-style privately made pistol with no serial number. It was equipped with an Axeon optic and loaded with 12 rounds of ammunition. The substance Nutter described as fentanyl was actually Schedule I ortho-Methylfentanyl – a fentanyl analogue.
Nutter sold cocaine and MDMA to a second undercover on June 25, 2024, and August 22, 2024. He also explained that his “girl” was receiving a package of drugs in the mail. Investigators identified Nutter’s “girl” as co-conspirator Khristina Williams.
On September 3, 2024, Nutter was at Williams’ residence and then he drove to a planned meeting location to sell the second undercover agent drugs. Nutter met the undercover agent and sold approximately 223 grams of methamphetamine in exchange for $4,000. He returned to his vehicle where authorities observed Williams seated in the front passenger seat.
Then on September 10, 2024, Nutter met with two undercover agents and sold them approximately 525 grams of methamphetamine in exchange for $6,100. He also provided a free sample of fentanyl. Nutter agreed to sell the undercover agents additional fentanyl if they came to his home.
While in route to his home, Nutter called Williams multiple times. After arriving at his residence, Nutter sold the undercover agents several hundred fentanyl pills. Eventually, Nutter and the undercover agents walked outside and met with Williams, who had arrived in her vehicle. Nutter retrieved several hundred additional fentanyl pills from Williams and handed them to the undercovers. The undercover agents paid Nutter $3,900 in exchange for the drugs, including nearly 800 fentanyl pills.
On October 3, 2024, the two undercover agents met Nutter in a public parking lot. After Nutter sold them approximately 830 grams of methamphetamine, authorities arrested him. During the undercover operation, Nutter sold agents approximately 1,595 grams of methamphetamine, 298 grams of cocaine, 90 grams of fentanyl, 85 grams of fentanyl analogue, and the loaded AR-style pistol.
Nutter faces a maximum sentence of 20 years in prison. Sentencing is scheduled for Wednesday, September 17, at 11 a.m.
This case is part of Project Safe Neighborhoods (PSN), a program bringing together all levels of law enforcement and the communities they serve to reduce violent crime and gun violence, and to make our neighborhoods safer for everyone. On May 26, 2021, the Department launched a violent crime reduction strategy strengthening PSN based on these core principles: fostering trust and legitimacy in our communities, supporting community-based organizations that help prevent violence from occurring in the first place, setting focused and strategic enforcement priorities, and measuring the results.
U.S. Attorney Hayes commended the ATF for their work in the investigation. Ms. Hayes also thanked Assistant U.S. Attorney James O’Donohue who is prosecuting the case.
Greenbelt, Maryland – Chase William Mulligan, 28, of Silver Spring, Maryland, pled guilty to two counts of producing child sexual abuse material in federal court. The charges are in connection with a scheme in which he met young girls through social media and internet chat rooms and eventually “sextorted” them.
Specifically, through the scheme, Mulligan coerced at least 108 girls — ranging from ages 5-17 — to send him sexually explicit photographs and videos of themselves. When the girls told him they no longer wanted to send him sexually graphic images, Mulligan threatened to post the images online or come to their house.
Kelly O. Hayes, U.S. Attorney for the District of Maryland, announced the guilty plea with Special Agent in Charge William J. DelBagno of the Federal Bureau of Investigation (FBI) – Baltimore Field Office.
“Mulligan used manipulation, fear, and intimidation to exploit over 100 young victims. Now we must ensure that we send a clear message to Mulligan, and others, that those who abuse the most vulnerable members of our communities will pay a steep price,” Hayes said. “We’re committed to working with our law-enforcement partners to relentlessly pursue, prosecute, and bring to justice those who engage in these deplorable acts.”
“Chase Mulligan is a depraved and dangerous predator. He used social media to target, viciously threaten, and horribly abuse more than 100 minor victims – one as young as five years old,” DelBagno said. “His abhorrent behavior is not diminished by the fact he was thousands of miles away and never met his victims, rather, it’s the opposite. Despite his distance, he presents a serious threat to any child he can access through the internet. The FBI works diligently every day to find and arrest predators like Mulligan so they can no longer prey on innocent children.”
As detailed in the plea agreement, between at least 2019 and December 2023, Mulligan used numerous Snapchat, Discord, Roblox, Skype, Omegle, and Instagram accounts to target young girls. He convinced minors living in the United States, Canada, Denmark, Spain, Philippines, Australia, and United Kingdom to produce and send him sexually explicit images.
Mulligan also directed minors to expose their genital areas and engage in sexual conduct. Additionally, Mulligan coerced multiple girls to urinate on camera, insert objects into their genitalia, and participate in sexual acts with dogs.
After some victims informed Mulligan that they no longer wished to send him sexually explicit images, he threatened to publicly post the images or come to their homes. Mulligan wanted the victims to send more images depicting increasingly graphic sexual conduct.
As part of his plea agreement, Mulligan must register as a sex offender in places where he resides, is an employee, and is a student, under the Sex Offender Registration and Notification Act.
Mulligan is facing a mandatory minimum of 15 years and a statutory maximum of 60 years in federal prison. U.S. District Judge Theodore C. Chuang scheduled sentencing for Wednesday, August 27, at 2:30 p.m.
This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorney’s Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, visit www.justice.gov/psc. Click the “Resources” tab on the left side of the page to learn about Internet safety education.
U.S. Attorney Hayes commended the FBI for its work in the investigation. Ms. Hayes also thanked Assistant U.S. Attorneys Megan S. McKoy and Elizabeth Wright who are prosecuting the case.
In recent years, the term “eldest daughter syndrome” has gained traction on social media, as many firstborn daughters share how they had to grow up faster. They often took on caregiving and supportive roles in their families.
In high-income countries, research shows that these responsibilities often bring long-term benefits. Firstborn daughters – and sons – tend to have higher educational attainment and stronger cognitive skills. They also enjoy better job prospects and salaries.
Some studies in low- and middle-income countries have found similar positive effects of being the eldest. But others have found the opposite.
In low-income contexts, economic constraints, cultural practices – such as the involvement of extended families in child-rearing – and inheritance norms may produce very different effects.
Our research brings new insights by examining these dynamics in Madagascar. It is one of the world’s poorest countries. Birth order there strongly shapes the transition to adulthood, especially for firstborn children.
Progress in understanding birth order effects in low-income countries is held back by the lack of detailed, sibling-level data. Our study used a dataset that followed individuals from the ages of 10 to 22, capturing their transition from adolescence to adulthood. It collected detailed information on education, work, health, marriage, and migration. The dataset also captured key demographic and educational details for all living full siblings of each respondent.
We found that firstborns in Madagascar transition into adulthood earlier than their younger siblings. They are more likely to leave school early. They enter the workforce sooner and marry at younger ages. For example, fourth-born children are 1.5 percentage points less likely than firstborns to have never attended school, and 1.1 percentage points more likely to complete post-secondary education.
Or, third-borns are 23% less likely to marry at age 19 than firstborns.
Our findings suggest that later-born children benefit from greater parental investment in education. This leads to better schooling outcomes and delayed entry into the labour market.
Birth order and the transition to adulthood
In Madagascar, early marriage can be a way for families to ease financial pressure. This is especially true since daughters typically join their husband’s household.
When it comes to marriage, we find that later-born children are less likely to marry early than their firstborn siblings – especially after age 17. This trend holds for both boys and girls. The difference appears earlier for girls, which aligns with their younger average age at marriage.
Interestingly, second-born girls are not significantly less likely to marry than their older sisters. This suggests that the eldest daughter does not always bear the full brunt of early marriage risk.
Firstborn daughters often take on caregiving and household roles. These responsibilities may delay their marriage slightly, as families rely on them for day-to-day support.
What explains these birth order effects?
We did not observe significant differences in cognitive skills (like reasoning) or non-cognitive traits (like personality) between firstborns and their younger siblings. Cognitive abilities were assessed through oral and written math and French tests administered at home. These findings contrast with evidence from wealthier countries, where firstborns often outperform their siblings in both cognitive and non-cognitive domains. This may result from greater early parental investment.
In Madagascar, child development may rely less on direct parental input and more on interactions within the extended family. This is consistent with the concept of fihavanana, a cultural principle that emphasises solidarity and mutual support within the extended family.
Rather than benefiting mostly from parental quality time, children – especially later-borns – may develop their cognitive and non-cognitive skills through broader social networks. These include relatives and older siblings.
We also explored whether gender preferences might help explain the differences in outcomes. For instance, if later-born children were disproportionately boys, it could suggest that parents continued having children in hopes of having a son. This could lead to more resources being allocated to that later-born boy. However, our data show an even distribution of boys and girls among later-born children. This suggests that gender-based stopping rules are unlikely to explain the patterns we observe.
Instead, our findings point to economic constraints as the main driver for firstborns transitioning into adulthood earlier than their younger siblings.
In poorer households, particularly in rural areas, firstborn children are often asked to help out financially. This often comes at the cost of their own education. Later-born children, by contrast, receive more investment in their schooling. This may compensate for their limited access to other resources, such as land.
We find no birth order advantage in wealthier households or among families where parents have some education. This again highlights poverty as a key factor shaping these patterns.
The double burden of being firstborn
To sum up, our research shows that, in Madagascar, both male and female firstborns face an earlier transition into adulthood. They leave school and enter the labour market sooner. They marry earlier, although firstborn girls may be at slightly lower risk of early marriage than their younger sisters.
This suggests that, in poor countries, the eldest daughter syndrome is not just about emotional and care-giving responsibilities. It may also come with fewer educational opportunities, greater economic pressure, and an earlier end to childhood. A true double burden for disadvantaged girls. Economic constraints within households largely explain this pattern.
But the story is not only one of constraint. The absence of differences in cognitive and non-cognitive skills suggests that broader community ties, rooted in fihavanana and extended kinship networks, help cushion the impact of early responsibility. These collective structures may not erase inequality, but they offer a vital source of resilience.
As policymakers and practitioners look for ways to promote educational equity, it’s worth remembering that some of the most overlooked trade-offs happen within households. Reducing the weight of those trade-offs – through financial support, community-based programmes, or school retention efforts – could help ensure that the future of one child doesn’t come at the expense of another.
Claire Ricard receives funding from the program “Investissements d’avenir” (ANR-10-LABX-14-01). She’s affiliated to Université Clermont Auvergne, CNRS, IRD, CERDI, F-63000, Clermont-Ferrand and works as an Economist at IDinsight, Rabat, Morocco.
Francesca Marchetta receives funding from the program “Investissements d’avenir” (ANR-10-LABX-14-01).
She’s affiliated to Université Clermont Auvergne, CNRS, IRD, CERDI, F-63000, Clermont-Ferrand and with PEP (Partnership for Economic Policy).
Source: United States Senator Alex Padilla (D-Calif.)
ICYMI: Padilla, Colleagues Highlight Consequences of Senate Republicans’ Attempt to Abuse the CRA and Revoke California’s Clean Air Act Waivers
WASHINGTON, D.C. — Today, U.S. Senator Alex Padilla (D-Calif.), Ranking Member of the Senate Committee on Rules and Administration and a member of the Senate Environment and Public Works Committee, highlighted the growing opposition to Republicans’ shortsighted attempts to rescind California’s clean air waivers by going nuclear on the rules and overruling the nonpartisan Senate Parliamentarian’s decision. Senator Padilla, U.S. Senate Democratic Leader Chuck Schumer (D-N.Y.), and U.S. Senator Sheldon Whitehouse (D-R.I.), Ranking Member of the Senate Committee on Environment and Public Works, held the floor yesterday after Majority Leader John Thune (R-S.D.) said that he would move forward this week with a cynical attempt to rescind California’s Clean Air Act waivers with a 50-vote threshold under the Congressional Review Act (CRA), bypassing the filibuster and its 60-vote requirement by overruling the Senate Parliamentarian.
Senators Padilla, Schumer, Whitehouse, Martin Heinrich (D-N.M.), Ron Wyden (D-Ore.), Adam Schiff (D-Calif.), and Edward J. Markey (D-Mass.) all came out strongly against this reckless effort.
In a joint statement, Padilla, Schumer, and Whitehouse condemned the attacks on California’s Clean Air Act waivers:
Padilla, Schumer, Whitehouse Joint Statement Warning Senate Republicans Against Overruling Parliamentarian On Clean Air Act Waivers
“Let us be abundantly clear: if Republicans throw away the rulebook and overrule the Parliamentarian, that would be going nuclear — plain and simple. This move will harm public health and deteriorate air quality for millions of children and people across the country.
“Republicans are overruling a thirty-year tradition of state policies that bolstered a new sector of the economy, helped domestic automakers fend off China’s manufacturing dominance, improved the quality of the air we breathe, reduced planet-warming carbon pollution, and protected the health of American families. Instead of negotiating changes with the states involved, the fossil fuel industry deployed its political operatives in Congress to go nuclear for them.
“If the Trump Administration’s scheme to weaponize the CRA goes forward, the executive branch will control the Senate Floor. Senate Republicans are doing an about face on the filibuster — throwing it aside the first moment it’s convenient and the Senate Floor will not be the same.”
Last night, Padilla, Schumer, and Whitehouse took to the Senate Floor to ask a series of parliamentary inquiries on Senate Republicans’ intention to go nuclear on the California waiver CRAs. Senate Democrats confirmed — on the congressional record — that the Republicans’ plan to move forward would be against the Parliamentarian’s guidance, and thus, the very definition of eliminating the filibuster and going nuclear. The Senators’ remarks and the Presiding Officer’s responses on behalf of the Senate Parliamentarian can be viewed here, and a transcript of the remarks is available here.
Senator Martin Heinrich, Ranking Member of the Senate Energy and Natural Resources Committee, issued a statement emphasizing that once Republicans embrace this significant reversal of precedent and attempt to overturn California’s Clean Air Act waivers, a future Democratic Administration could try to reverse Republicans’ oil and gas priorities, including liquified natural gas (LNG) export terminals.
Heinrich Statement Blasting Senate Republicans’ Plans to Defy the Senate Parliamentarian & Force a Vote to Overturn California’s Clean Energy Air Act Waivers
“If Senate Republicans force a vote on the California Clean Air Act Waivers, they set a precedent that will allow Congress to overturn nearly any agency decision nationwide. I urge my colleagues to reject this gross overreach. If they don’t, Congressional Review Act resolutions will quickly hijack the Senate floor to retroactively invalidate agency permits, adjudications, and licensing decisions – actions that were never previously considered ‘rules.’
“We need a reliable energy permitting and approval system if we are going to meet our growing energy needs. But under Republicans’ proposal, Congress could invalidate permits for new oil and gas wells, established rights of way for transmission lines, and approvals of new LNG export terminals. That includes the Department of Energy’s recent approval of Commonwealth LNG’s application to export liquified natural gas. If not challenged immediately, a future administration could also submit Commonwealth’s authorization as a rule retroactively and halt the project years after it has begun construction.
“By opening this door, Republicans threaten to destroy our permitting and regulatory system, leading to higher energy costs for Americans and making it impossible for new developments to come online. Indeed, nearly every major and minor project the federal government touches could be stalled, creating significant uncertainty if not complete chaos. That is not what the American people want, and it cannot be what Senate Republicans want, either.”
Senator Wyden, Ranking Member of the Senate Finance Committee, warned Republicans against overruling the Senate Parliamentarian and abusing the Congressional Review Act to meddle with California’s clean air policies. He said the Republican plan would backfire if they follow through.
Wyden Warns Republicans that Overruling Parliamentarian to Nix California Clean Air Waiver Will Backfire
“Republicans should think twice before moving ahead with this unprecedented overreach. If they invoke this nuclear option now, they should expect that a future Democratic government will have to revisit decades worth of paltry corporate settlements, deferred prosecution agreements, and tax rulings that were overly favorable to multinationals and ultra-wealthy individuals. That would only be the beginning. These partisan actions cut both ways.”
Senator Schiff delivered remarks on the Senate floor urging Senate Republicans to consider the implications their decision to throw out the Senate Parliamentarian’s ruling will have on their states if they use the CRA against California’s waivers.
WATCH: Sen. Schiff Slams Senate Republicans’ Attempts to Go Nuclear on California’s Clean Air Waivers on the Senate Floor
“I urge my colleagues, and the American people, not be distracted by suggestions that nothing is going on here, nothing new is going on here, no precedent is being set here. Because it is.”
“This week’s vote is short-sighted because it’s going to have devastating impacts for our nation’s health, but it’s more than that. And it should send a chill down the spine of legislators in every state and communities across the country, regardless of their political affiliation because the Senate is now setting a new standard, and one that will haunt us in the future. And it will haunt those states whose Senators vote to go down this path. Make no mistake. Today, it is California and our ability to set our own air quality standards.
“But tomorrow, it can be your own state’s priorities made into a target by this vote to open the Pandora’s Box of the Congressional Review Act.”
Senator Markey criticized Republicans’ attempt to change the Senate rules to overturn California’s waivers, both because it reverses California’s clean air progress and because it violates longstanding Senate rules.
As Senate Republicans Consider Procedural Power Grab, Markey Highlights Seriousness of the Moment
“At a moment when Donald Trump is actively undermining the checks and balances enshrined in our Constitution, Senate Republicans are moving ahead with a dangerous change to Senate rules while rolling back clean air regulations.
“It’s not enough for Republicans to promote chaos and conflict in our economy for the sake of billionaires, they now want to create chaos and conflict in Congress by intentionally trashing guardrails and decisions that protect all members. They don’t care about the rule of law, and they don’t seem to care about the rule of Congress. With this action, Senate Republicans are opening the door for future votes on the countless unlawful and unethical actions carried out by the Trump administration. There will be no putting the genie back in the bottle.”
Senator Padilla has been outspoken in pushing back against Republican attacks on California’s Clean Air Act waivers. Yesterday, Padilla placed a hold on the four pending EPA nominees until Republicans stop their reckless attempts to overrule the Senate Parliamentarian. Earlier this month, Senators Padilla, Schiff, and Whitehouse took to the Senate floor to sound the alarm on Senate Republicans’ consideration of moving forward with their plan to revoke California’s Clean Air Act waivers. Padilla, Whitehouse, and Schumer also led Democratic Ranking Members in strongly warning Majority Leader Thune and Majority Whip John Barrasso (R-Wyo.) of the dangerous and irreparable consequences if Senate Republicans overrule the Senate Parliamentarian’s decision on California’s waivers.
Last month, Senators Padilla, Whitehouse, and Schiff welcomed the Senate Parliamentarian’s decision that the waivers are not subject to the CRA. Padilla also joined Whitehouse and Schiff in blasting Trump and EPA Administrator Lee Zeldin’s weaponization of the EPA after the Government Accountability Office’s (GAO) similar finding. Padilla and Schiff previously slammed the Trump Administration’s intent to roll back dozens of the EPA’s regulations that protect California’s air and water.
Source: Federal Bureau of Investigation FBI Crime News (b)
KANSAS CITY, Mo. – A Kansas City, Mo., man was indicted by a federal grand jury on charges related to child pornography.
According to an indictment returned this week, Jeffrey Lynn Petrie, 40, of Kansas City, Mo., was charged with one count of distributing child pornography over the internet in May 2024, and one count of receiving child pornography from Dec. 9, 2024, to Dec. 10, 2024.
The indictment replaces a complaint originally filed on Friday, April 25, 2025. According to an affidavit filed in support of the criminal complaint, law enforcement officers received a Cybertip reporting that a user, “kinkypopper69,” was uploading video files depicting child sexual abuse materials. Petrie was later identified as the user “kinkypopper69.”
On April 24, 2025, the FBI conducted a search at Petrie’s residence and seized a cell phone and other electronic devices.
Petrie is a registered sex offender in Missouri based on prior convictions for child molestation in the 2nd degree.
The charges contained in this indictment are simply accusations, and not evidence of guilt. Evidence supporting the charges must be presented to a federal trial jury, whose duty is to determine guilt or innocence.
Under federal statutes, if convicted of distribution and receipt of child pornography, a prison sentence of not less than 15 years and not more than 40 years and a fine of up to $250,000 is authorized on each count. The maximum statutory sentence is prescribed by Congress and is provided here for informational purposes, as the sentencing of the defendant will be determined by the court based on the advisory sentencing guidelines and other statutory factors. A sentencing hearing will be scheduled after the completion of a presentence investigation by the United States Probation Office.
This case is being prosecuted by Assistant U.S. Attorney Teresa A. Moore. This case was investigated by the Federal Bureau of Investigation, and the Franklin County, Missouri Sheriff’s Office.
Project Safe Childhood
This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, please visit www.usdoj.gov/psc. For more information about Internet safety education, please visit www.usdoj.gov/psc and click on the tab “resources.”
Source: Federal Bureau of Investigation FBI Crime News (b)
ALBUQUERQUE – A Shiprock man has been charged with assault with a dangerous weapon following a shooting incident outside a restaurant.
According to court documents, Navajo Nation Police responded to a 911 call reporting that an individual was shot in the hand in front of the Little Caesars Restaurant in Shiprock. Officers located the suspect, identified as TerroldTyler, 35, an enrolled member of the Navajo Nation, near the scene carrying a black backpack that contained a homemade firearm and five live shotgun shells. Tyler was detained without incident.
Investigators determined that Tyler and the victim were involved in an argument behind the restaurant prior to the shooting. Tyler allegedly produced the homemade shotgun and shot the victim in the left hand. Paramedics responded to the scene, but the victim declined medical treatment. A social media video depicting Tyler with the firearm was also recovered as evidence.
Tyler is charged with assault with a dangerous weapon and will remain in custody pending trial, which has not yet been scheduled. If convicted of the current charges, Tyler faces up to 10 years in prison.
U.S. Attorney Ryan Ellison and Philip Russell, Acting Special Agent in Charge of the Federal Bureau of Investigation’s Albuquerque Field Office made the announcement today.
The Farmington Resident Agency of the Federal Bureau of Investigation’s Albuquerque Field Office investigated this case with assistance from the Navajo Nation Police Department and Navajo Department of Criminal Investigations. Assistant U.S. Attorney Amy Mondragon is prosecuting the case.
A criminal complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
For the first time in three years, government has proposed an inflation-linked increase to the general fuel levy.
“For the 2025/26 fiscal year, this is the only new tax proposal that I am announcing. It means from 4 June this year, the general fuel levy will increase by 16 cents per litre for petrol, and by 15 cents per litre for diesel,” Minister of Finance Enoch Godongwana said on Wednesday, in Parliament.
The general fuel levy has remained unchanged for the past three years to provide consumers with relief from high fuel price inflation.
Re-tabling the 2025 Budget Review, Godongwana said unfortunately, this tax measure alone will not close the fiscal gap over the medium term.
“The 2026 Budget will therefore need to propose new tax measures, aimed at raising R20 billion. We have allocated an additional R7.5 billion over the medium-term expenditure framework (MTEF), to increase the effectiveness of the South African Revenue Service (SARS) in collecting more revenue.
“Part of this allocation will be used to increase collections from debts owed to the fiscus. SARS has indicated that this could raise between R20 billion to R50 billion in additional revenue per year,” the Minister said.
Another part of the additional allocation to SARS will be used to improve modernisation.
This will include targeting illicit trade in tobacco and other areas, which should boost revenue over the medium term.
“As SARS utilises this investment to raise additional revenue, which I believe can be at least R35 billion, the R20 billion to close the current revenue gap will not have to be raised through taxes.
“Madam Speaker, let me call on every South African, be they individuals, small business operators or large corporates, to honour their tax obligations and contribute to building a better and more equitable nation,” the Minister said.
He thanked all the taxpayers that continue to pay their taxes while emphasising that government does not take taxpayers for granted.
“As a government, we know that we must earn the taxpayer’s trust every day, by spending public money with care and ensuring that every rand collected is spent on its intended purpose.
“We recognise the urgent need to do more to achieve this goal. We are not deaf to the public’s concern about wasteful and inefficient expenditure.
“Our commitment to collect taxes must be matched by better efficiency in how that money is spent. It must be matched by much stricter oversight that quickly identifies problems and provides timely solutions when things go wrong,” the Minister explained.
Expansion of the zero-rated basket withdrawn
Meanwhile, as a result of the withdrawal of the proposed increases in the VAT rate, the expansion of the zero-rated basket, which was included to cushion poorer households from the VAT rate increase, falls away.
Last month, the Minister requested the Speaker of the National Assembly to maintain the Value-Added Tax (VAT) rate at its current level of 15% , reversing the previously proposed 0.5 percentage point increase presented in the 12 March budget.
“Madam Speaker, compared to the March estimates, tax revenue projections have been revised down by R61.9 billion over the three years. This reflects the reversal of the VAT increase and the much weaker economic outlook.
“In this difficult environment, it remains vital that we still take actions to increase revenue to protect and bolster frontline services, while expanding infrastructure investments to drive economic activity,” the Minister said. –SAnews.gov.za
In an ongoing effort to grow the economy, government will continue to implement growth enhancing structural reforms as part of Operation Vulindlela.
“Madam Speaker, a bigger, faster-growing economy, and the larger fiscal resources that come with it, are the key to building up the fiscal room we need to meet more of our developmental goals,” Minister of Finance, Enoch Godongwana, said on Wednesday during the re-tabling of the 2025 Budget Review, in Parliament.
Through the first phase of Operation Vulindlela, bold and far-reaching reforms were implemented in the network sectors and the visa regime.
“As a result, numerous economic bottlenecks have eased, new investments unlocked, and the growth potential of the economy enabled. Yet the economy still faces constraints,” the Minister said.
Operation Vulindlela is a joint initiative of the Presidency and the National Treasury to accelerate the implementation of structural reforms and support economic recovery.
The unit monitors progress and actively supports implementation. Its aim is to fast-track the implementation of high impact reforms, addressing obstacles or delays to ensure execution on policy commitments.
The first phase of Operation Vulindlela aimed to reduce power cuts, fix the transport system, lower data costs, increase water supply, attract skills and support tourism.
The second phase of Operation Vulindlela, launched by President Cyril Ramaphosa earlier this month, will not only prioritise new areas for implementation but will also deepen the implementation of current reforms.
Upcoming reforms will focus on making it easier to find work and hire people – particularly by addressing spatial inequalities, using cities to drive economic activity and improve municipal service delivery.
The second phase will therefore focus on the following areas:
Seeing-through existing reforms in energy, water, logistics and in the visa regime.
Improving the performance of local government. This includes professionalising utilities, appointing suitably qualified people to senior positions, and reviewing the local government fiscal framework.
Harnessing digital transformation, in order to drive the adoption of digital technologies in government and build digital public infrastructure for use by all South Africans.
Addressing the apartheid legacy of spatial inequality. Reforms will include changes to housing policy and accelerating the release of publicly owned land and buildings. This will also entail clearing the backlog of title deeds for affordable housing, and a comprehensive regulatory review aimed at removing barriers to the development of low-cost housing.
Work is underway to enhance government’s budget process after expenditure reviews identified tens of billions of rands in potential savings from poorly performing or inefficient programmes that can be redirected in future budgets.
“Going forward, underperforming programmes will be closed as the 2026 Medium-Term Expenditure Framework (MTEF) budget process undergoes redesign,” Finance Minister Enoch Godongwana said on Wednesday, during the re-tabling of the 2025 Budget Review in Parliament.
In its Budget Overview, National Treasury said if government achieves significant savings from implementing the recommendations of these reviews, it may mitigate the need for additional tax measures in the 2026 Budget.
Changes to improve the budget process will be implemented over time.
These reforms will be designed to strengthen government and institutional commitment to fiscal sustainability, refine budget prioritisation and the functioning of budget structures, and improve data systems and capital budgeting, monitoring and reporting.
“When an economy underperforms, as ours has over the last decade, it generates less tax revenue, while requiring increased social spending, widening budget deficits and accelerating debt accumulation.
“To be successful, our strategy of maintaining fiscal discipline, while investing in growth, demands that we prioritise high-impact expenditures. These are expenditures that deliver economic returns, while eliminating inefficiencies, wastage and leakage that too often plague government’s spending,” the Minister said.
To tackle this, National Treasury has undertaken expenditure reviews, looking at more than R300 billion in government spending since 2013, with the aim of identifying duplications, waste and inefficiencies.
“We found potential savings of R37.5 billion over time through improved oversight and operational changes through these reviews.
“New reforms will target infrastructure planning and implementation across provinces and municipalities. A data-driven approach to detect payroll irregularities will replace the more costly method of using censuses,” the Minister said.
This initiative will cross-reference administrative datasets to identify ghost workers and other anomalies across government departments.
“Part of the goal of these initiatives is to also remove the regulatory burden on business. To be successful, not just technical solutions are required. Sustained political backing, at the highest levels, is needed to overcome departmental resistance and to protect whistleblowers who expose irregularities and wastage.
“I am happy to say that this political backing has already come from President Cyril Ramaphosa, Deputy President Paul Mashatile, as well as my Cabinet colleagues.
“The President has also undertaken to establish a committee between the Presidency and Treasury to identify wasteful, inefficient and underperforming programmes.
“I call on Ministers, MECs, DGs, HoDs and every official responsible for public funds to embrace these efforts and play their part,” Godongwana said. – SAnews.gov.za
Global economic developments, including raised tariffs and trade wars, have lowered South Africa’s 2025 economic growth prospects from a predicted 1.9% Gross Domestic Product (GDP) growth in March down to a revised 1.4% in May.
This is according to Finance Minister Enoch Godongwana who delivered the Budget Speech in Parliament on Wednesday.
“[Much] has changed since our last appearance in this House. The most troubling changes are the global economic developments which have, in the short space of two months, already had a significant impact on the domestic economic outlook. The global economy is facing heightened trade tensions and elevated policy uncertainty with worrying economic consequences.
“As a small, open economy, South Africa is dependent on global trade and financial inflows. This makes us particularly exposed to the global economic developments that I have just outlined.
“As a result, we now estimate real GDP to grow at 1.4% in 2025. This is lower than the 1.9% we projected in March. Over the next two years, we project real GDP growth to rise moderately to 1.6% in 2026 and 1.8% in 2027,” Godongwana said.
Risks to South Africa’s economic outlook also remain elevated going into the future.
“These include the worsening global outlook, weaker-than-expected growth in the fourth quarter of 2024, the persistence of logistics constraints and higher borrowing costs.
“These developments are a vivid reminder that we must urgently turn the tide on our economic prospects and get our fiscal affairs in order,” he said.
South Africa’s downward revision is not unique with the global economy also reacting to trade tensions.
“The International Monetary Fund now projects global growth at 2.8% in 2025. This is 0.5 percentage points lower than the January estimate.
“Similarly, global trade is projected at 1.7% in 2025, which is also much lower than the January estimate. At the same time, inflation expectations are now above central bank targets in many advanced and emerging market economies. And new trade barriers may raise inflation and prolong the cycle of higher interest rates,” he noted.
With these challenges arising, government’s vision of fostering faster inclusive growth remains anchored on four pillars:
Maintaining macroeconomic stability,
Implementing structural reforms,
Improving state capability, and
Accelerating infrastructure investment.
“Faster, inclusive growth that creates jobs is the only path towards a more prosperous South Africa.
“Attaining this growth must be our national obsession. We all have a stake and a responsibility to work towards this goal,” Godongawana asserted. – SAnews.gov.za
Finance Minister Enoch Godongwana has told Parliament that addressing spending pressures to restore “critical frontline services and invest in infrastructure” is key to improving access to services such as health and education.
It is for this reason, Godongwana revealed, that over the medium term, government spending, excluding interest, will reach at least R6.69 trillion.
“The provincial education sector baseline over the 2025 MTEF [Medium-Term Expenditure Framework] is R1.04 trillion, and R9.5 billion will be added over the medium term to keep teachers in classrooms and hire more staff. An additional R10 billion has been added to the baseline as announced during the March 12 budget to expand access to early education is kept unchanged.
“This will increase the ECD [early childhood development] subsidy from R17 per child per day to R24. The extra funding will also support increased access to ECD for 700,000 more children, up to the age of five years,” the Minister said on Wednesday.
The budget for the provincial health sector will reach some R845 billion over the medium term to facilitate in part, the employment of hundreds of doctors who have already completed their in-service training.
“This budget will be increased by R20.8 billion over three years to employ 800 post-community service doctors and essential goods and services and reduction of accruals. This increase will also assist the sector in addressing personnel budget pressures,” he said.
Withdrawal of troops
Godongwana said funding for the deployment of South African National Defence Force (SANDF) troops in the Democratic Republic of the Congo will be reconfigured.
This in light of the announcement that the troops – who were there as part of the Southern African Development Community Mission in the Democratic Republic of Congo – will be withdrawing from the East African country.
“[The] R5 billion we had proposed to allocate to the Department of Defence for its participation in the SADC mission in the DRC is reduced. But the allocation for 2025/26 has been increased from R1.8 billion to R3 billion.
“This will cover the immediate costs of an orderly and safe withdrawal of our troops and mission equipment,” he said.
The spending allocations for early retirement, allocations for the Passenger Rail Agency of South Africa (PRASA) and the municipal trading entity reforms announced earlier this year remain “but at a slightly lower level than anticipated in the March 12 budget”.
“The spending choices we are proposing today demonstrate the government’s determination to bolster the state capability needed to deliver quality, reliable and sustainable core services,” Godongwana said. – SAnews.gov.za
Increases to all social grants, barring the Social Relief of Distress (SRD) grant, will not be affected by the re-tabled budget.
This according to National Treasury’s 2025 Budget Overview released on Wednesday.
The number of social grant beneficiaries – excluding those receiving the SRD grant – is expected to rise to 19.3 million people by March 2028.
The grant increases for 2025/26 are as follows:
Old age grant will increase from R2185 to R2315
War veterans grant will increase from R2205 to R2335
Disability grant will go up from R2185 to R2315
Foster care grant rises from R1180 to R1250
Care dependency grant will increase from R2185 to R2315
Child support grant will go up from R530 to R560
The grant-in-aid will increase from R530 to R560
“The increase in the social grants budget of R1.6 billion in 2025/26 remains. The temporary COVID-19 Social Relief of Distress grant will be extended until 31 March 2026, with R35.2 billion allocated to maintain the current R370 per month per beneficiary, including administration costs,” National Treasury said.
While delivering the Budget Speech in Parliament on Wednesday, Finance Minister Enoch Godongwana said government is “actively exploring various options to better integrate” the SRD grant with employment opportunities.
“This includes considering a job-seeker allowance and other measures, as part of the review of Active Labour Market Programmes.
“Our goal is to not only provide immediate relief. It is also to create pathways to employment, empowering our citizens to build better futures for themselves and their families,” Godongwana said. – SAnews.gov.za
Infrastructure investment remains a key component in driving economic growth and government has maintained its R1 trillion allocation for infrastructure investment over the medium term to support this growth.
This according to Finance Minister Enoch Godongwana, who delivered the Budget Speech in Parliament on Wednesday.
“[Quality] infrastructure investment expands the productive capacity of the economy and responds to the diverse needs of the citizens. Infrastructure is also a rich source of jobs in construction, engineering, and related industries across a range of skill levels.
“It is for these reasons that infrastructure is the fourth pillar of the growth strategy, and this budget demonstrates our resolve to change the composition of spending from consumption to investment. Allocations towards capital payments remain the fastest-growing area of spending by economic classification. Public infrastructure spending over three years will exceed the R1 trillion mark,” Godongwana said.
Spending will focus on “maintaining and repairing existing infrastructure, building new infrastructure, and acquiring equipment and machinery” primarily in transport and logistics, energy and water and sanitation.
“Of the R402 billion for transport and logistics, R93.1 billion is for the South African National Roads Agency to keep the 24 000-kilometer national road network in active maintenance and rehabilitation. R53.1 billion is for the maintenance and refurbishment of provincial roads.
“R66.3 billion is allocated to PRASA, out of which R18.2 billion is for the rolling stock fleet renewal programme and R12.3 billion is provisionally allocated for the renewal of the signalling system. The spending will sustain progress in rebuilding the infrastructure to provide affordable commuter rail services. This will enable PRASA to increase passenger trips from 60 million in 2024/25 to 186 million by the end of the MTEF [Medium Term Expenditure Framework] period.
“The energy sector will invest R219.2 billion on strengthening the electricity supply network, from generation to transmission and distribution. The water and sanitation sector will spend R156.3 billion on expanding our water resource and service infrastructure, including dams, bulk infrastructure to service mines, factories and farms,” Godongwana explained.
Reforms for private sector participation
The Minister announced that new regulations for public-private partnerships (PPPs), which were gazetted earlier this year, are expected to take effect next month.
“These will reduce the procedural complexity of undertaking PPPs, increasing the deal flow and allowing government to leverage its limited resources to fast-track infrastructure provision. The National Treasury has developed enabling guidelines and frameworks to support the new regulations.
“Specifically, the unsolicited proposals framework will create clear rules for managing proposals from the private sector. And the framework for fiscal commitments and contingent liabilities will strengthen fiscal risk governance. These guidelines and frameworks will be published in the next few weeks,” he said.
Furthermore, the process of issuing the first infrastructure bonds in 2025/26 remains in place.
“We are also exploring alternative financing instruments to allow pension funds, commercial banks, development banks and international financial institutions to participate in financing our infrastructure plans.
“These reforms are how we plan to leverage infrastructure investment to ease supply side constraints to the economy and improve access to social services the people get,” Godongwana said.
Employment boost
Meanwhile, in the 2025 Budget Overview, National Treasury said additional funding of some R8.8 billion has been allocated to public employment programmes (PEPs).
“Although the number of people employed was 16.8 million in the first quarter of 2025, South Africa’s unemployment rate remained very high at 32.9%.
“Public employment programmes are crucial to address persistently high unemployment,” National Treasury noted.
Key beneficiaries for the additional funding include:
The Department of Basic Education: R5.8 billion for the basic education schools employment initiative.
The Department of Sport, Arts and Culture: R350 000 000 for the creative industry stimulus.
The Department of Trade, Industry and Competition: R1.3 billion for the Social Employment Fund.
“In addition, National Treasury and the Presidency, working with other state institutions, have begun a comprehensive review of active labour market programmes, PEPs and the social support system to improve efficiency and effectiveness.
“With these efforts, government hopes to make significant strides in reducing unemployment,” the overview read. – SAnews.gov.za
Minister of Finance, Enoch Godongwana, will this afternoon, return to Parliament to re-table the 2025 Budget Review.
This decision follows the Minister’s recent announcement and subsequent request to the Speaker of the National Assembly to maintain the Value-Added Tax rate at its current level of 15 percent, reversing the previously proposed 0.5 percentage point increase presented in the 12 March budget.
“The revised budget will adhere to all established technical processes and consultations as set out in the Money Bills and Related Matters Act. This includes formal consultations with the Financial and Fiscal Commission, thorough consultations with all political parties within the Government of National Unity as well as Cabinet approval before presentation to Parliament,” National Treasury said.
Godongwana will deliver the 2025 Budget Speech during the National Assembly plenary at the Cape Town International Convention Centre at 2pm.
The National Treasury has worked on a new fiscal framework that will maintain the trajectory toward debt stabilisation, a crucial element in strengthening our public finances.
This process included:
Revising economic assumptions using the latest available data.
Generating a updated fiscal projects.
Recalculating revenue projections and tax implications.
Determining appropriate borrowing strategies.
Consolidating these elements into a coherent and sustainable fiscal framework.
This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.
This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.
The following authors and co-sealers are releasing this CSA:
United States National Security Agency (NSA)
United States Federal Bureau of Investigation (FBI)
United Kingdom National Cyber Security Centre (NCSC-UK)
Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
Czech Republic Military Intelligence (VZ) Vojenské zpravodajství
Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
United States Cybersecurity and Infrastructure Security Agency (CISA)
United States Department of Defense Cyber Crime Center (DC3)
United States Cyber Command (USCYBERCOM)
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
Canadian Centre for Cyber Security (CCCS)
Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
Estonian Foreign Intelligence Service (EFIS) Välisluureamet
Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst
For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions. In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence—with unit 26165 predominately involved in espionage. [1] As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid. These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments. Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 17. See Appendix A: MITRE ATT&CK tactics and techniques for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. This advisory uses the MITRE D3FEND® framework, version 1.0.
Description of Targets
The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail. These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organizations:
Defense Industry
Transportation and Transportation Hubs (ports, airports, etc.)
Maritime
Air Traffic Management
IT Services
In the course of the targeting lifecycle, unit 26165 actors identified and conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access [T1199].
The actors also conducted reconnaissance on at least one entity involved in the production of industrial control system (ICS) components for railway management, though a successful compromise was not confirmed [TA0043].
The countries with targeted entities include the following, as illustrated in Figure 1:
Bulgaria
Czech Republic
France
Germany
Greece
Italy
Moldova
Netherlands
Poland
Romania
Slovakia
Ukraine
United States
Figure 1: Countries with Targeted Entities
Initial Access TTPs
To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):
The actors abused vulnerabilities associated with a range of brands and models of small office/home office (SOHO) devices to facilitate covert cyber operations, as well as proxy malicious activity via devices with geolocation in proximity to the target [T1665]. [2]
Credential Guessing/Brute Force
Unit 26165 actors’ credential guessing [T1110.001] operations in this campaign exhibit some similar characteristics to those disclosed in the previous CSA “Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.” [3] Based on victim network investigations, the current iteration of this TTP employs a similar blend of anonymization infrastructure, including the use of Tor and commercial VPNs [T1090.003]. The actors frequently rotated the IP addresses used to further hamper detection. All observed connections were made via encrypted TLS [T1573].
Spearphishing
GRU unit 26165 actors’ spearphishing emails included links [T1566.002] leading to fake login pages impersonating a variety of government entities and Western cloud email providers’ webpages. These webpages were typically hosted on free third-party services or compromised SOHO devices and often used legitimate documents associated with thematically similar entities as lures. The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts [T1586.002, T1586.003]. The emails were typically written in the target’s native language and sent to a single targeted recipient.
Some campaigns employed multi-stage redirectors [T1104] verifying IP-geolocation [T1627.001] and browser fingerprints [T1627] to protect credential harvesting infrastructure or provide multifactor authentication (MFA) [T1111] and CAPTCHA relaying capabilities [T1056]. Connecting endpoints failing the location checks were redirected to a benign URL [T1627], such as msn.com. Redirector services used include:
Webhook[.]site
FrgeIO
InfinityFree
Dynu
Mocky
Pipedream
Mockbin[.]org
The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executables [T1204.002] delivered via third-party services and redirectors [T1566.002], scripts in a mix of languages [T1059] (including BAT [T1059.003] and VBScript [T1059.005]) and links to hosted shortcuts [T1204.001].
CVE Usage
Throughout this campaign, GRU unit 26165 weaponized an Outlook NTLM vulnerability (CVE-2023-23397) to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations [T1187]. [4],[5] These actors also used a series of Roundcube CVEs (CVE-2020-12641, CVE-2020-35730, and CVE-2021-44026) to execute arbitrary shell commands [T1059], gain access to victim email accounts, and retrieve sensitive data from email servers [T1114].
Since at least fall 2023, the actors leveraged a WinRAR vulnerability (CVE-2023-38831) allowing for the execution of arbitrary code embedded in an archive as a means of initial access [T1659]. The actors sent emails with malicious attachments [T1566.001] or embedded hyperlinks [T1566.002] that downloaded a malicious archive prepared using this CVE.
Post-Compromise TTPs
After an initial compromise using one of the above techniques, unit 26165 actors conducted contact information reconnaissance to identify additional targets in key positions [T1589.002]. The actors also conducted reconnaissance of the cybersecurity department [T1591], individuals responsible for coordinating transport [T1591.004], and other companies cooperating with the victim entity [T1591.002].
The actors used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment [TA0008]. Multiple Impacket scripts were used as .exe files, in addition to the python versions, depending on the victim environment. The actors also moved laterally within the network using Remote Desktop Protocol (RDP) [T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command:
C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit
Figure 2: Example Active Directory Domain Services command
Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. The actors installed python [T1059.006] on infected machines to enable the execution of Certipy. Accessed files were archived in .zip files prior to exfiltration [T1560]. The actors attempted to exfiltrate archived data via a previously dropped OpenSSH binary [T1048].
Incident response investigations revealed that the actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection. The actors used manipulation of mailbox permissions [T1098.002] to establish sustained email collection at compromised logistics entities, as detailed in a Polish Cybercommand blog. [6]
After initial authentication, unit 26165 actors would change accounts’ folder permissions and enroll compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access [T1556.006]. The actors leveraged python scripts to retrieve plaintext passwords via Group Policy Preferences [T1552.006] using Get-GPPPassword.py and a modified ldap-dump.py to enumerate the Windows environment [T1087.002] and conduct a brute force password spray [T1110.003] via Lightweight Directory Access Protocol (LDAP). The actors would additionally delete event logs through the wevtutil utility [T1070.001].
After gaining initial access to the network, the actors pursued further access to accounts with access to sensitive information on shipments, such as train schedules and shipping manifests. These accounts contained information on aid shipments to Ukraine, including:
sender,
recipient,
train/plane/ship numbers,
point of departure,
destination,
container registration numbers,
travel route, and
cargo contents.
In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.
Malware
Unit 26165’s use of malware in this campaign ranged from gaining initial access to establishing persistence and exfiltrating data. In some cases, the attack chain resulted in multiple pieces of malware being deployed in succession. The actors used dynamic link library (DLL) search order hijacking [T1574.001] to facilitate malware execution. There were a number of known malware variants tied to this campaign against logistics sector victims, including:
While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise.
Persistence
In addition to the abovementioned mailbox permissions abuse, unit 26165 actors also used scheduled tasks [T1053.005], run keys [T1547.001], and placed malicious shortcuts [T1547.009] in the startup folder to establish persistence.
Exfiltration
GRU unit 26165 actors used a variety of methods for data exfiltration that varied based on the victim environment, including both malware and living off the land binaries. PowerShell commands [T1059.001] were often used to prepare data for exfiltration; for example, the actors prepared zip archives [T1560.001] for upload to their own infrastructure.
The actors also used server data exchange protocols and Application Programming Interfaces (APIs) such as Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) [T1114.002] to exfiltrate data from email servers. In multiple instances, the actors used periodic EWS queries [T1119] to collect new emails sent and received since the last data exfiltration [T1029]. The actors typically used infrastructure in close geographic proximity to the victim. Long gaps between exfiltration, the use of trusted and legitimate protocols, and the use of local infrastructure allowed for long-term collection of sensitive data to go undetected.
Connections to Targeting of IP Cameras
In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors also used legitimate municipal services, such as traffic cams.
The actors targeted Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices [T1592] and gain access to the cameras’ feeds [T1125]. Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers, primarily hosting IP cameras [T1090.002]. The DESCRIBE requests were crafted to obtain access to IP cameras located on logically distinct networks from that of the routers that received the request. The requests included Base64-encoded credentials for the RTSP server, which included publicly documented default credentials and likely generic attempts to brute force access to the devices [T1110]. An example of an RTSP request is shown in Figure 3.
Successful RTSP 200 OK responses contained a snapshot of the IP camera’s image and IP camera metadata such as video codec, resolution, and other properties depending on the IP camera’s configuration.
From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1:
Table 1: Geographic distribution of targeted IP cameras
Country
Percentage of Total Attempts
Ukraine
81.0%
Romania
9.9%
Poland
4.0%
Hungary
2.8%
Slovakia
1.7%
Others
0.6%
Mitigation Actions
General Security Mitigations
Architecture and Configuration
Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.
Many organizations may not need to allow outgoing traffic to hosting and API mocking services, which are frequently used by GRU unit 26165. Organizations should consider alerting on or blocking the following services, with exceptions allowlisted for legitimate activity [D3-DNSDL].
*.000[.]pe
*.1cooldns[.]com
*.42web[.]io
*.4cloud[.]click
*.accesscan[.]org
*.bumbleshrimp[.]com
*.camdvr[.]org
*.casacam[.]net
*.ddnsfree[.]com
*.ddnsgeek[.]com
*.ddnsguru[.]com
*.dynuddns[.]com
*.dynuddns[.]net
*.free[.]nf
*.freeddns[.]org
*.frge[.]io
*.glize[.]com
*.great-site[.]net
*.infinityfreeapp[.]com
*.kesug[.]com
*.loseyourip[.]com
*.lovestoblog[.]com
*.mockbin[.]io
*.mockbin[.]org
*.mocky[.]io
*.mybiolink[.]io
*.mysynology[.]net
*.mywire[.]org
*.ngrok[.]io
*.ooguy[.]com
*.pipedream[.]net
*.rf[.]gd
*.urlbae[.]com
*.webhook[.]site
*.webhookapp[.]com
*.webredirect[.]org
*.wuaze[.]com
Heuristic detections for web requests to new subdomains, including of the above providers, may uncover malicious phishing activity [D3-DNRA]. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Identity and Access Management
Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques:
Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
Use account throttling or account lockout [D3-ANET]:
Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]
IP Camera Mitigations
The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:
Ensure IP cameras are currently supported. Replace devices that are out of support.
Apply security patches and firmware updates to all IP cameras [D3-SU].
Disable remote access to the IP camera, if unnecessary [D3-ITF].
Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
If supported, enable authenticated RTSP access only [D3-AA].
Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
Configure, tune, and monitor logging—if available—on the IP camera.
Indicators of Compromise (IOCs)
Note: Specific IoCs may no longer be actor controlled, may themselves be compromised infrastructure or email accounts, or may be shared infrastructure such as public VPN or Tor exit nodes. Care should be taken when basing triaging logs or developing detection rules on these indicators. GRU unit 26165 almost certainly uses extensive further infrastructure and TTPs not specifically listed in this report.
Utilities and scripts
Legitimate utilities
Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:
ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
wevtutil – A legitimate Windows executable used by threat actors to delete event logs
vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
OpenSSH – The Windows version of a legitimate open source SSH client
schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
whoami – A legitimate Windows executable used to retrieve the name of the current user
tasklist – A legitimate Windows executable used to retrieve the list of running processes
hostname – A legitimate Windows executable used to retrieve the device name
arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
net – A legitimate Windows executable used to retrieve detailed user information
wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
cacls – A legitimate Windows executable used to modify permissions on files
icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
ssh – A legitimate Windows executable used to establish network shell connections
reg – A legitimate Windows executable used to add to or modify the system registry
Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. See the joint guide, Identifying and Mitigating Living Off the Land Techniques, for guidance on developing a multifaceted cybersecurity strategy that enables behavior analytics, anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating cyber threats that employ LOTL techniques.
Malicious scripts
Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
Hikvision backdoor string: “YWRtaW46MTEK”
Suspicious command lines
While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise:
edge.exe “-headless-new -disable-gpu”
ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.
June 2024
July 2024
August 2024
192[.]162[.]174[.]94
207[.]244[.]71[.]84
31[.]135[.]199[.]145
79[.]184[.]25[.]198
91[.]149[.]253[.]204
103[.]97[.]203[.]29
162[.]210[.]194[.]2
31[.]42[.]4[.]138
79[.]185[.]5[.]142
91[.]149[.]254[.]75
209[.]14[.]71[.]127
46[.]112[.]70[.]252
83[.]10[.]46[.]174
91[.]149[.]255[.]122
109[.]95[.]151[.]207
46[.]248[.]185[.]236
83[.]168[.]66[.]145
91[.]149[.]255[.]19
64[.]176[.]67[.]117
83[.]168[.]78[.]27
91[.]149[.]255[.]195
64[.]176[.]69[.]196
83[.]168[.]78[.]31
91[.]221[.]88[.]76
64[.]176[.]70[.]18
83[.]168[.]78[.]55
93[.]105[.]185[.]139
64[.]176[.]70[.]238
83[.]23[.]130[.]49
95[.]215[.]76[.]209
64[.]176[.]71[.]201
83[.]29[.]138[.]115
138[.]199[.]59[.]43
70[.]34[.]242[.]220
89[.]64[.]70[.]69
147[.]135[.]209[.]245
70[.]34[.]243[.]226
90[.]156[.]4[.]204
178[.]235[.]191[.]182
70[.]34[.]244[.]100
91[.]149[.]202[.]215
178[.]37[.]97[.]243
70[.]34[.]245[.]215
91[.]149[.]203[.]73
185[.]234[.]235[.]69
70[.]34[.]252[.]168
91[.]149[.]219[.]158
192[.]162[.]174[.]67
70[.]34[.]252[.]186
91[.]149[.]219[.]23
194[.]187[.]180[.]20
70[.]34[.]252[.]222
91[.]149[.]223[.]130
212[.]127[.]78[.]170
70[.]34[.]253[.]13
91[.]149[.]253[.]118
213[.]134[.]184[.]167
70[.]34[.]253[.]247
91[.]149[.]253[.]198
70[.]34[.]254[.]245
91[.]149[.]253[.]20
Detections
Customized NTLM listener
rule APT28_NTLM_LISTENER {
meta:
description = "Detects NTLM listeners including APT28's custom one"
( any of ($sysinternals_*) and any of ($psexec_*) )
or
( 2 of ($network_*) and 2 of ($psexec_*))
)
}
The cybersecurity industry provides overlapping cyber threat intelligence, IOCs, and mitigation recommendations related to GRU unit 26165 cyber actors. While not all encompassing, the following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community:
Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. government’s understanding for all activity related to these groupings.
Further Reference
To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc.
The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Purpose
This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
Contact
United States organizations
National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
Department of Defense Cyber Crime Center (DC3)
United Kingdom organizations
Germany organizations
Czech Republic organizations
Poland organizations
Australian organizations
Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.
Canadian organizations
Estonia organizations
French organizations
French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18.
See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.
Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices.
Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target.
External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim.
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php.
Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php.
Appendix C: MITRE D3FEND Countermeasures
Table 16: MITRE D3FEND countermeasures
Countermeasure Title
ID
Details
Network Isolation
Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers.
Access Mediation
Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access.
Inbound Traffic Filtering
Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement.
Resource Access Pattern Analysis
Use automated tools to audit access logs for security concerns and identify anomalous access requests.
Outbound Traffic Filtering
Block NTLM/SMB requests to external infrastructure.
Platform Monitoring
Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers.
System File Analysis
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly.
Application Hardening
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques.
Application-based Process Isolation
Enable attack surface reduction rules to prevent executable content from email.
Executable Allowlisting
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%.
Execution Isolation
Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts.
Application Configuration Hardening
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.).
Process Spawn Analysis
Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters.
URL Reputation Analysis
Use services that provide enhanced browsing services and safe link checking.
Network Access Mediation
Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible.
Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors.
Domain Name Reputation Analysis
Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Multi-factor Authentication
Use MFA with strong factors and require regular re-authentication, especially for management accounts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts.
User Account Permissions
Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected.
Token-based Authentication
Reduce reliance on passwords; instead, consider using services like single sign-on.
Credential Hardening
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts.
Authentication Event Threshholding
Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout.
Strong Password Policy
Use a service to check for compromised passwords before using them.
Credential Rotation
Change all default credentials.
Encrypted Tunnels
Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices.
Software Update
Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life.
Agent Authentication
Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only.
User Behavior Analysis
Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity.
SINGAPORE, May 21, 2025 (GLOBE NEWSWIRE) — Bitcoin has officially shattered the long-anticipated $100,000 barrier, marking a historic milestone for the crypto market. As shown in the latest TradingView chart, BTC continues to push higher, riding the upper edge of the Bollinger Bands with no signs of slowing down.
While the bull run creates exciting opportunities, traders are now facing a critical question: Which platform is best positioned to help them capitalize on this volatility?
Introducing BexBack — A Streamlined Futures Trading Platform Built for This Moment
In a sea of exchanges that are often overloaded, overcomplicated, or overregulated, BexBack stands out with its fast, frictionless, and fully non-KYC approach to crypto derivatives trading.
Whether you’re a seasoned leverage trader or just getting started, BexBack delivers a powerful yet simple experience, offering:
No KYC Required — Trade anonymously with just an email
100% Deposit Bonus+ $100 Trading Bonus — Double your capital and get a head start
Up to 100x Leverage — Maximize your position in times of volatility
Free Demo Account — Practice with 10 BTC and 1,000,000 USDT risk-free
50+ Perpetual Contracts — Including BTC, ETH, XRP, ADA, SOL and more
Zero Spread, No Slippage — What you see is what you get
Security and Speed in One Package
BexBack isn’t just fast — it’s secure. With cold wallet fund storage, multi-signature withdrawal approvals, and real-time risk monitoring, the platform ensures your assets and trades are well protected.
Global Access, Real Freedom
BexBack proudly serves a global user base. With no mandatory KYC, even traders from regions with limited access to traditional exchanges can participate freely and instantly.
About BexBack?
BexBack is a leading cryptocurrency derivatives platform offering up to 100x leverage on futures contracts for BTC, ETH, ADA, SOL, XRP, and over 50 other digital assets. Headquartered in Singapore, the platform also operates offices in Hong Kong, Japan, the United States, the United Kingdom, and Argentina. Like many top-tier exchanges, BexBack holds a U.S. MSB (Money Services Business) license and is trusted by more than 500,000 traders worldwide. The platform accepts users from the United States, Canada, and Europe, with zero deposit fees and 24/7 multilingual customer support, delivering a secure, efficient, and user-friendly trading experience.
As Bitcoin Enters Price Discovery, Don’t Get Left Behind
Markets like this don’t come around often. Whether you’re aiming to ride short-term price swings or position for long-term growth, BexBack provides the tools, leverage, and freedom you need to trade your way.
Create your account, claim your bonuses, and trade with confidence — all on BexBack.
Disclaimer: This content is provided by BexBackThe statements, views, and opinions expressed in this content are solely those of the content provider and do not necessarily reflect the views of this media platform or its publisher. We do not endorse, verify, or guarantee the accuracy, completeness, or reliability of any information presented. We do not guarantee any claims, statements, or promises made in this article. This content is for informational purposes only and should not be considered financial, investment, or trading advice. Investing in crypto and mining-related opportunities involves significant risks, including the potential loss of capital. It is possible to lose all your capital. These products may not be suitable for everyone, and you should ensure that you understand the risks involved. Seek independent advice if necessary. Speculate only with funds that you can afford to lose. Readers are strongly encouraged to conduct their own research and consult with a qualified financial advisor before making any investment decisions. However, due to the inherently speculative nature of the blockchain sector—including cryptocurrency, NFTs, and mining—complete accuracy cannot always be guaranteed. Neither the media platform nor the publisher shall be held responsible for any fraudulent activities, misrepresentations, or financial losses arising from the content of this press release. In the event of any legal claims or charges against this article, we accept no liability or responsibility. Globenewswire does not endorse any content on this page.
Legal Disclaimer: This media platform provides the content of this article on an “as-is” basis, without any warranties or representations of any kind, express or implied. We assume no responsibility for any inaccuracies, errors, or omissions. We do not assume any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information presented herein. Any concerns, complaints, or copyright issues related to this article should be directed to the content provider mentioned above.
Photos accompanying this announcement are available at
VICTORIA, Seychelles, May 21, 2025 (GLOBE NEWSWIRE) — MEXC, a leading global cryptocurrency exchange, today announced an industry-disrupting partnership with The Open Network (TON) that introduces a $1 million reward pool campaign and fundamentally challenges established exchange revenue models. Launching today and running through June 20, the “TON Triumph” campaign eliminates all trading fees on TON pairs while offering staking returns that dwarf typical yields by up to 100 times.
In an unprecedented move that signals a significant shift in exchange competition strategies, MEXC will offer new users access to staking opportunities with up to 400% APR on TON tokens—creating what analysts describe as the most aggressive user acquisition campaign in the cryptocurrency exchange sector this year.
“This partnership represents a strategic inflection point for both the TON ecosystem and the broader exchange landscape,” said Tracy Jin, COO of MEXC. “By eliminating all typical entry costs into TON trading for a full month while simultaneously offering returns that outpace all competitors, we’re not simply running a promotion—we’re fundamentally changing how users engage with emerging Layer-1 ecosystems.”
Campaign Transforms Market Access and Investment Returns
The 30-day campaign introduces multiple disruptive elements that directly challenge other exchanges’ TON market dominance:
Zero-Fee Trading Structure: Complete elimination of fees on TON/USDT, TON/USDC, and TON/EUR spot pairs, TONUSDT futures, and all TON/USDE network withdrawals—removing traditional revenue mechanisms that have defined exchange business models.
Industry-Leading APR: New users can stake TON tokens to earn up to 400% APR, positioning the offering at 100 times higher than typical cryptocurrency staking returns and several hundred times above traditional banking products.
Democratized Trading Access: Zero-fee structure gives retail traders access to the same economics previously available only to professional and institutional traders, significantly leveling the playing field.
Limited-Time, First-Come Allocation: High-yield staking pools operate on a first-come, first-served basis with participants limited to 250 TON tokens per user, creating immediate urgency for early participation.
The campaign also includes passive rewards of up to 8% daily APR for USDE holders, spot trading rewards from a pool of 32,500 TON, and a futures trading competition with 100,000 USDT in bonuses.
TON Ecosystem Expansion and Infrastructure Advancement
This partnership is pivotal for The Open Network, which continues to gain momentum through its connection to Telegram’s 900+ million users and growing developer ecosystem.
The collaboration represents a significant leap forward in TON’s accessibility and adoption curve. By drastically reducing barriers to entry while providing exceptional incentives, the campaign accelerates the integration of new participants into the TON ecosystem, coinciding precisely with the network’s rapidly expanding technical capabilities and use cases.
The campaign also showcases MEXC’s platform capabilities, demonstrating advanced infrastructure that can handle zero-fee trading across multiple markets simultaneously while managing high-volume staking operations with variable APR structures.
Time-Sensitive Opportunity with Global Access
The $1 million in rewards is available exclusively during the 30-day window, with certain high-value components like the 400% APR staking pool starting on May 21th and operating on a capped allocation basis. MEXC has created a streamlined onboarding process that allows new users to complete registration and KYC verification in minutes, with the campaign accessible to eligible participants globally through both web and mobile interfaces.
About MEXC Founded in 2018, MEXC is committed to being “Your Easiest Way to Crypto.” Serving over 40 million users across 170+ countries, MEXC is known for its broad selection of trending tokens, everyday airdrop opportunities, and low trading fees. Our user-friendly platform is designed to support both new traders and experienced investors, offering secure and efficient access to digital assets. MEXC prioritizes simplicity and innovation, making crypto trading more accessible and rewarding. MEXC Official Website| X | Telegram |How to Sign Up on MEXC
About TON The Open Network (TON) is a fully decentralized layer-1 blockchain designed for mass adoption. Originally conceived by Telegram and now developed by the open TON Community, the network offers exceptional scalability, accessibility, and ease of use.
Risk Disclaimer: The information provided in this article regarding cryptocurrencies does not constitute investment advice. Given the highly volatile nature of the cryptocurrency market, investors are encouraged to carefully assess market fluctuations, the fundamentals of projects, and potential financial risks before making any trading decisions.
Disclaimer: This is a paid post and is provided by MEXC. The statements, views, and opinions expressed in this content are solely those of the content provider and do not necessarily reflect the views of this media platform or its publisher. We do not endorse, verify, or guarantee the accuracy, completeness, or reliability of any information presented. We do not guarantee any claims, statements, or promises made in this article. This content is for informational purposes only and should not be considered financial, investment, or trading advice. Investing in crypto and mining-related opportunities involves significant risks, including the potential loss of capital. It is possible to lose all your capital. These products may not be suitable for everyone, and you should ensure that you understand the risks involved. Seek independent advice if necessary. Speculate only with funds that you can afford to lose. Readers are strongly encouraged to conduct their own research and consult with a qualified financial advisor before making any investment decisions. However, due to the inherently speculative nature of the blockchain sector—including cryptocurrency, NFTs, and mining—complete accuracy cannot always be guaranteed. Neither the media platform nor the publisher shall be held responsible for any fraudulent activities, misrepresentations, or financial losses arising from the content of this press release. In the event of any legal claims or charges against this article, we accept no liability or responsibility. Globenewswire does not endorse any content on this page.
Legal Disclaimer: This media platform provides the content of this article on an “as-is” basis, without any warranties or representations of any kind, express or implied. We assume no responsibility for any inaccuracies, errors, or omissions. We do not assume any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information presented herein. Any concerns, complaints, or copyright issues related to this article should be directed to the content provider mentioned above.
KUALA LUMPUR, MALAYSIA, May 21, 2025 (GLOBE NEWSWIRE) — TMD Energy Limited (the “Company” or “TMDEL”) (NYSE American: TMDE), together with its subsidiaries is a Malaysia and Singapore based services provider engaged in integrated bunkering services which involves ship-to-ship transfer of marine fuels, ship management services and vessel chartering services, today announced a strategic expansion into oil waste collection, marking a significant enhancement of its Environmental, Social, and Governance (ESG) commitments. This initiative aims to collect sludge oil and used cooking oil and sell to third-party partners for processing into biodiesel, which also helps diversify the Company’s revenue streams.
Following a successful Initial Public Offering, the Company is poised to leverage its extensive logistics network and industry expertise to meet the increasing demand for sustainable waste disposal. It plans to collect residual oils from maritime operators and the food industry, facilitating their conversion into cleaner biodiesel. This circular economy approach not only mitigates greenhouse gas emissions but also supports Malaysia’s national commitment to renewable energy adoption.
Leadership in Sustainable Innovation
The biodiesel market in Malaysia, supported by government incentives, presents substantial growth opportunities. TMDEL’s entry into this sector aligns with evolving regulatory frameworks and the corporate demand for eco-conscious partnerships. “Our expansion signifies a strategic shift toward long-term environmental stewardship,” stated Dato’ Sri Kam Choy Ho, Chairman and CEO of the Company. “By collaborating with businesses, agencies and environmental organizations, we aim to redefine waste as a valuable resource—transforming sustainability commitments into actionable and scalable solutions.”
“This initiative reinforces TMDEL’s dual commitment to operational excellence and ecological responsibility. The Company’s established infrastructure ensures efficient collection, and we target to engage in processing and distribution of biodiesel in the near future, so as to position the Company as a key player in Southeast Asia’s green energy transition.”
“Furthermore, this milestone underscores our vision to lead the bio-green industry while upholding our commitment to exceptional service standards,” added Dato’ Sri Kam Choy Ho. “Every step forward is a step toward a future where economic growth and environmental responsibility coexist.”
About TMD Energy Limited
TMD Energy Limited and its subsidiaries (“TMDEL Group”) are principally involved in marine fuel bunkering services specializing in the supply and marketing of marine gas oil and marine fuel oil of which include high sulfur fuel oil, low sulfur fuel oil and very low sulfur fuel oil, to ships and vessels at sea. TMDEL Group is also involved in the provision of ship management services for in-house and external vessels, as well as vessel chartering. As of today, TMDEL Group operates in 19 ports across Malaysia with a fleet of 15 bunkering vessels. For more information, please visit the Company’s website at: www.tmdel.com.
Forward-Looking Statements
Certain statements in this announcement are forward-looking statements, including but not limited to, the Company’s Offering. These forward-looking statements involve known and unknown risks and uncertainties and are based on the Company’s current expectations and projections about future events that the Company believes may affect its financial condition, results of operations, business strategy and financial needs. Investors can identify these forward-looking statements by words or phrases such as “may”, “could”, “will”, “should”, “would”, “expect”, “plan”, “intend”, “anticipate”, “believe”, “estimate”, “predict”, “potential”, “project” or “continue” or the negative of these terms or other comparable terminology. The Company undertakes no obligation to update or revise publicly any forward-looking statements to reflect subsequent occurring events or circumstances, or changes in its expectations, except as may be required by law. Although the Company believes that the expectations expressed in these forward-looking statements are reasonable, it cannot assure you that such expectations will turn out to be correct, and the Company cautions investors that actual results may differ materially from the anticipated results and encourages investors to review other factors that may affect its future results in the Company’s financial results filings with the SEC.
For investor and media inquiries, please contact: TMD ENERGY LIMITED e-Mail : corporate@tmdel.com
Source: People’s Republic of China – State Council News
BEIJING, May 21 — China will further step up financing support for small and micro enterprises by increasing financing supply, lowering financing costs, and enhancing the precision of supportive measures, according to a guideline issued Wednesday by eight departments.
The document — jointly issued by the National Financial Regulatory Administration, the People’s Bank of China, the National Development and Reform Commission and other authorities, proposes 23 concrete measures to boost financing for small and micro firms.
To increase financing supply for these companies, the country will strengthen the issuance of first-time loans, credit loans, medium- to long-term loans, corporate loans and loans to private enterprises, the guideline revealed.
Financing support for small and micro firms in the agricultural sector will be strengthened by leveraging structural monetary tools including re-lending, the document said.
China will also support small and micro enterprises in pursuing equity financing, the guideline stated.
To reduce the financing costs of small and micro companies, the country will guide banks to determine their lending rates for such enterprises reasonably while lowering additional loan-related fees.
China will also guide banks to improve their financing efficiency, streamline application materials and optimize approval procedures, said the document, while adding that more support will be channeled to science and technology-oriented, innovation-driven small and micro firms as well as those engaged in new business models regarding foreign trade.
TORONTO, May 21, 2025 (GLOBE NEWSWIRE) — New Commerce Split (The “Company”) declares a monthly distribution of $0.05000 per share for Capital shareholders (YCM), and its regular monthly distribution of $0.02500 per share ($0.30 annually) for Class I Preferred shareholders (YCM.PR.A), and $0.03125 per share ($0.375 annually) for Class II Preferred shareholders (YCM.PR.B). The Class I Preferreds are paid at an annual rate of 6.00% based on their $5 repayment amount. Class II Preferreds are paid at an annual rate of 7.50% based on their $5 repayment amount. Distributions are payable June 10, 2025 to shareholders on record as at May 30, 2025.
The Company invests in common shares of Canadian Imperial Bank of Commerce, a Canadian financial institution.
Automated payment innovation fuels accelerated adoption of Flywire’s Third-Party Invoicing and 529 Disbursement solutions
BOSTON, May 21, 2025 (GLOBE NEWSWIRE) — Flywire Corporation (Flywire) (Nasdaq: FLYW) – a global payments enablement and software company – announced today that more than 100 colleges and universities in the United States that use Flywire’s Student Financial Software (SFS) collected more than $320 million in past-due tuition to keep more than 161,000 at-risk students enrolled. These results are part of the ongoing commitment that Flywire is making to its higher education clients in the U.S. to help them accelerate revenue, while optimizing for student success.
Faced with mounting pressure to create more sustainable revenue streams, U.S. higher education institutions have adopted Flywire’s SFS solution to better streamline the student journey and address education affordability by providing more dynamic payment plans and accelerating past-due collections to help retain students. The return on investment from Flywire’s Collection Management offering of SFS is particularly strong, as it helps institutions avoid the costly process of sending students to collections, which typically charges on average 20% to collect past-due tuition owed. As one example, Purdue University – a Flywire client for cross-border tuition payments and digital 529 disbursements since 2021 – went live with Flywire’s Collection Management offering of SFS in March of 2024 to automate communications and payment plans to collect more past-due tuition faster. Within months, Purdue saved more than 300 students from going to collections, and recovered more than $1 million in revenue that would otherwise have been written off.
“I can’t imagine how much extra work we’d have to be doing if we were still doing collections the old way. It’s kind of a lifesaver. Our write-offs will go down because of Flywire.” – Chad Lester, Associate Bursar, Account Resolution and Loan Administration, Purdue University
Ongoing innovation also solves payment challenges around 529 disbursements and third-party payments
Flywire’s U.S. clients have also begun adopting its third-party invoicing solution, which streamlines the payment experience for third-party sponsors paying a student’s tuition and fees, as well as its 529 disbursements, which digitizes the otherwise manual process of 529 plan payment checks. Since the inception of its 529 solution, Flywire has digitized over $2 billion in tuition payments by eliminating the manual processing of more than 502,000 checks for institutions in the U.S., with more than 750 institutions in the U.S. signed on for the solution. This expansion of these payment capabilities demonstrates Flywire’s commitment to addressing every aspect of the student payment journey, extending its expertise beyond cross-border transactions to deliver comprehensive payment solutions that help clients work smarter.
“When I first started with Flywire, they were just payments. Now they’ve put 529 solutions in, again a big problem in our university, all the checks. They’ve put in collections and now third-party invoicing. Everything they do makes our jobs easier.” – Janet Hicks, Associate Controller, Student Accounting Services, University of South Florida
Strengthening partnerships to enhance capabilities for clients and embed deeper within broader education ecosystem
Flywire directly integrates with a number of leading technology providers, from large ERPs like Ellucian, to Admission and Enrollment Providers like CommonApp, and other software systems. Through these integrations, Flywire is helping institutions improve operational efficiency to ultimately provide better staff and student experiences.
To strengthen its footprint in the U.S., Flywire has recently partnered with some of the largest and most recognized education technology providers to provide:
Tuition insurance throughGradGuard to provide Flywire’s higher education clients in the U.S. access to an integrated policy disclosure process that assures greater financial literacy of students and their families
Streamlined payment experience throughBlackBaud to provide international students enables a seamless payment experience, and help independent schools streamline incoming payments, including tuition and enrollment fees
Digital delivery of student loan payments funded and managed by some of the largest banks and loan providers in India, including Credila and State Bank of India
Strengthened international recruitment network of more than 20,000 key recruitment counselors such as IDP, KC Overseas and more to help institutes diversify their recruitment efforts and streamline enrollment from international students.
Resources
Meet with Flywire at NAFSA 2025, May 26 – May 30, Booth #626 and join Flywire’s sessions with NYU, IDP, ICEF, AIRC, INTO and GeNEOus to learn more about how Flywire is powering the global education ecosystem.
To learn more about Flywire’s solutions for the U.S. higher education industry, visit here
The Flywire Fusion U.S. Education Client Conference & Awards Ceremony is taking place October 20-22 at the Lansdowne Resort in historic Leesburg, Virginia. Save your spot here.
About Flywire
Flywire is a global payments enablement and software company. We combine our proprietary global payments network, next-gen payments platform and vertical-specific software to deliver the most important and complex payments for our clients and their customers.
Flywire leverages its vertical-specific software and payments technology to deeply embed within the existing A/R workflows for its clients across the education, healthcare and travel vertical markets, as well as in key B2B industries. Flywire also integrates with leading ERP systems, such as NetSuite, so organizations can optimize the payment experience for their customers while eliminating operational challenges.
Flywire supports more than 4,600 clients with diverse payment methods in more than 140 currencies across more than 240 countries and territories around the world. The company is headquartered in Boston, MA, USA with global offices. For more information, visit www.flywire.com. Follow Flywire on X , LinkedIn and Facebook.
Forward-Looking Statements
This release contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995, including, but not limited to, statements regarding Flywire’s expectations regarding the benefits of its education clients and business, Flywire’s business strategy and plans, market growth and trends. Flywire intends such forward-looking statements to be covered by the safe harbor provisions for forward-looking statements contained in Section 21E of the Securities Exchange Act of 1934 and the Private Securities Litigation Reform Act of 1995. In some cases, you can identify forward-looking statements by terms such as, but not limited to, “believe,” “may,” “will,” “potentially,” “estimate,” “continue,” “anticipate,” “intend,” “could,” “would,” “project,” “target,” “plan,” “expect,” or the negative of these terms, and similar expressions intended to identify forward-looking statements. Such forward-looking statements are based upon current expectations that involve risks, changes in circumstances, assumptions, and uncertainties. Important factors that could cause actual results to differ materially from those reflected in Flywire’s forward-looking statements include, among others, the factors that are described in the “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” sections of Flywire’s Annual Report on Form 10-K for the year ended December 31, 2024 and Quarterly Report on Form 10-Q for the quarter ended March 31, 2025, which are on file with the Securities and Exchange Commission (SEC) and available on the SEC’s website athttps://www.sec.gov/. The information in this release is provided only as of the date of this release, and Flywire undertakes no obligation to update any forward-looking statements contained in this release on account of new information, future events, or otherwise, except as required by law.
NEW YORK, May 21, 2025 (GLOBE NEWSWIRE) — Krane Funds Advisors, LLC (“KraneShares”), an asset management firm known for its global exchange-traded funds (ETFs), today announced the launch of the KraneShares Strategic Wealth Model Portfolios.
These ETF model portfolios provide a comprehensive, global portfolio solution for financial advisors. They leverage the best of KraneShares’ and their leading asset management partners’ ETFs and market insights, emphasizing liquid alternatives and international exposure.
“Over the years, we have developed a unique set of ETFs at KraneShares. The Strategic Wealth Models can help investors understand how our ETFs fit into a total portfolio solution,” said Jonathan Krane, KraneShares CEO. “Through combining KraneShares’ strategies and expertise with products and inputs from our partners, we are able to create ETF model portfolios across various risk ranges that are unique in the marketplace.”
The KraneShares Strategic Wealth Model Portfolios expand global diversification compared to most model portfolio offerings and include 15-20% exposure to liquid alternatives, helping to protect the portfolio when traditional investments decline.
“We see a shift coming in global markets,” added Jonathan Shelon. “After a decade of US equity outperformance and a dominant US dollar, more globally diversified and alternatives-oriented portfolios will be important for growing and maintaining wealth. We are helping our clients prepare for a shifting macro landscape with our Strategic Wealth Models.”
The models currently include the following ETFs:
KraneShares Value Line Dynamic Dividend Equity ETF (Ticker: KVLE)
KraneShares MSCI Emerging Markets ex China Index ETF (Ticker: KEMX)
KraneShares CSI China Internet ETF (Ticker: KWEB)
KraneShares Hedgeye Hedged Equity Index ETF (Ticker: KSPY)
Krane Funds Advisors, LLC is the investment manager for KraneShares ETFs. Our team is determined to provide industry-leading, differentiated, and high-conviction investment strategies that offer access to key market trends. KraneShares offers innovative investment solutions tailored to three key pillars: China, Climate, and Alternatives. Our mission is to empower investors with the knowledge and tools necessary to capture the importance of these themes as an essential element of a well-designed investment portfolio.
Comprehensive overview of national transaction activity by volume, price, size, and sector
U.S. commercial real estate transactions remained muted in Q1 2025
NEW YORK, May 21, 2025 (GLOBE NEWSWIRE) — Altus Group Limited (“Altus Group”) (TSX: AIF), a leading provider of commercial real estate (“CRE”) intelligence, today released its CRE Investment & Transactions Quarterly Report, covering U.S. transaction activity for Q1 2025.
In Q1 2025, the U.S. commercial real estate market recorded $69.3 billion in dollar value transacted*, compared to $89.2 billion in Q4 2024 and $85.5 billion in Q1 2024. The number of properties transacted was also down, though above the pandemic-era lows for all property types. On an aggregated national basis, transaction activity in Q1 2025 remained muted across the following key metrics:
Key metric
Sequential change over Q4 2024
Year-over-year change over Q1 2024
Count of properties transacted
-11.6%
-8.0%
Dollars transacted
-22.3%
-19.0%
“Despite a generally subdued market, Q1 transaction activity showed areas of strength with prices edging higher and multifamily and office drawing more capital than a year earlier,” said Cole Perry, Associate Director of Research at Altus Group. “Twelve of the fifteen property subsectors posted quarter-over-quarter increases in price per square foot, led by consumer-facing categories such as big box retail, limited-service hotels and full-service hotels.”
Altus Group’s transaction data analysis stands out from other industry reports by covering a broader range of transaction activity and segmenting the data at a very granular level. This quarterly report offers a comprehensive overview of national commercial sale transactions across major property sectors, focusing on transaction volume, pricing, and pacing, with further insights by property subtype and at the metropolitan statistical area (MSA) level. While other reports tend to focus on large transactions, this report takes a more holistic view of the market capturing single-asset transactions exceeding $100,000 in sale value.
To access the full Q1 2025 U.S. Investment & Transactions Quarterly Report, please click here.
*Note: Property and transaction-level data are sourced from Altus Group’s Reonomy product, with data pulled on April 15, 2025 and transactions recorded through March 31, 2025 (the close of Q1 2025). Not all transactions for Q1 2025 were available as of April 15, 2025, so estimates were made to reflect national transaction activity. For information about the data contained in the report and methodology, please see the full report.
About Altus Group
Altus connects data, analytics, applications, and expertise to deliver the intelligence necessary to drive optimal CRE performance. The industry’s top leaders rely on our market-leading solutions and expertise to power performance and mitigate risk. Our global team of ~ 2,000 experts are making a lasting impact on an industry undergoing unprecedented change – helping shape the cities where we live, work, and build thriving communities. For more information about Altus (TSX: AIF) please visit www.altusgroup.com.
SHANGHAI, May 21, 2025 (GLOBE NEWSWIRE) — Bilibili Inc. (“Bilibili” or the “Company”) (Nasdaq: BILI and HKEX: 9626), an iconic brand and a leading video community for young generations in China, today announced the pricing of its upsized offering (the “Notes Offering”) of US$600 million in aggregate principal amount of convertible senior notes due 2030 (the “Notes”). The Notes have been offered to persons reasonably believed to be qualified institutional buyers pursuant to Rule 144A under the Securities Act of 1933, as amended (the “Securities Act”). The Company has granted the initial purchasers in the Notes Offering an option to purchase up to an additional US$90 million principal amount of the Notes, exercisable for settlement within a 30-day period beginning on, and including, the date on which the Notes are first issued.
The Company plans to use the net proceeds from the Notes Offering to enhance its content ecosystem to facilitate user growth, facilitate IP asset creation, and unleash its inherent potential. The Company also plans to use the net proceeds from the Notes Offering to improve its overall monetization efficiency, fund the Concurrent Repurchase (as defined below), fund future repurchases (from time to time) under its share repurchase program, and for other general corporate purposes.
When issued, the Notes will be senior, unsecured obligations of the Company. The Notes will mature on June 1, 2030, unless repurchased, redeemed or converted in accordance with their terms prior to such date. Holders may convert their Notes at their option at any time prior to the close of business on the seventh scheduled trading day immediately preceding the maturity date. The initial conversion rate of the Notes is 42.1747 Class Z ordinary shares per US$1,000 principal amount of Notes (which is equivalent to an initial conversion price of approximately HK$185.63 per Class Z ordinary share and represents a conversion premium of approximately 27.1% above the closing price HK$146.00 per Class Z ordinary share of the Company on the Hong Kong Stock Exchange on May 21, 2025) and a premium of approximately 32.5% to the clearing share price of the Concurrent Delta Offering of HK$140.10 per Class Z ordinary share of the Company, and is subject to adjustment upon the occurrence of certain events described below. Upon conversion, subject to certain procedures and conditions set forth in the terms of the Notes, the Company will cause to be delivered the Company’s Class Z ordinary shares, par value US$0.0001 per share. Holders may elect to receive the Company’s American depositary shares (“ADS”), each representing one Class Z ordinary share, in lieu of Class Z ordinary shares deliverable upon conversion.
The Company may redeem for cash all or any part of the Notes on or after June 6, 2028 if the last reported sale price of the Class Z ordinary shares has been at least 130% of the conversion price for the Notes then in effect for at least 20 trading days, whether or not consecutive, during any 30 consecutive trading day period preceding the date on which the Company provides notice of redemption (including the last trading day of such period) ending on, and including, the trading day immediately preceding the date on which the Company provides notice of redemption (the “Optional Redemption”). In addition, the Company may redeem for cash all but not part of the Notes at any time if less than 10% of the aggregate principal amount of Notes originally issued remains outstanding at such time (the “Cleanup Redemption”). The Company may also redeem the Notes upon the occurrence of certain tax-related events (the “Tax Redemption”). Holders of the Notes may require the Company to repurchase for cash all or part of their Notes in cash on June 1, 2028, or in the event of certain fundamental changes. In connection with certain corporate events or if the Company issues a notice of Optional Redemption, Cleanup Redemption or Tax Redemption, it will, under certain circumstances, increase the conversion rate for holders who elect to convert their Notes in connection with such corporate event or such Optional Redemption, Cleanup Redemption or Tax Redemption.
The Notes will bear interest at a rate of 0.625% per year, payable semiannually in arrears on June 1 and December 1 of each year, beginning on December 1, 2025.
The Company also announced the pricing of the previously announced concurrent offering of its 10,281,240 Class Z ordinary shares that are being borrowed from non-affiliate third parties and offered in a separate underwritten offering by Goldman Sachs (Asia) L.L.C. and Morgan Stanley Asia Limited (the “Underwriters” and the “Concurrent Delta Offering”, respectively), each acting severally on behalf of itself and/or its respective affiliates, at HK$140.10 per Class Z ordinary share. The Underwriters will use the resulting short position to facilitate hedging transactions by certain investors subscribing for the Notes, who employ a convertible arbitrage strategy (the “Convertible Arbitrage Investors”). The Company has been advised that each Underwriter is concurrently entering into off-market privately negotiated derivative transactions relating to the Class Z ordinary shares, enabling Convertible Arbitrage Investors to establish their initial short positions in the Class Z ordinary shares to hedge market risk in the Notes. The number of Class Z ordinary shares subject to the Concurrent Delta Offering generally corresponds to such initial short positions of the Convertible Arbitrage Investors. No new Class Z ordinary shares will be issued in the Concurrent Delta Offering. Any securities sold in the Concurrent Delta Offering are being offered and sold through a concurrent SEC-registered offering pursuant to a separate prospectus supplement and an accompanying base prospectus. The Company will not receive any proceeds from the Concurrent Delta Offering. The Notes Offering and the Concurrent Delta Offering are contingent upon each other.
The Company will use part of the proceeds from the Notes Offering for the Concurrent Repurchase. The Concurrent Repurchase enables investors to establish some of their initial short positions in the Class Z ordinary shares to hedge market risk in the Notes and reflects the Company’s confidence in its long-term strategy and growth. The repurchased shares will be cancelled.
Other Matters
The Notes, the Class Z ordinary shares deliverable upon conversion of the Notes or the ADSs deliverable in lieu thereof have not been registered under the Securities Act, or any state securities laws. They may not be offered or sold within the United States or to U.S. persons, except in reliance on the exemption from registration under the Securities Act.
This press release shall not constitute an offer to sell or a solicitation of an offer to purchase any of these securities, nor shall there be a sale of the securities in any state or jurisdiction in which such an offer, solicitation, or sale would be unlawful.
This press release contains information about the pending Notes Offering, and there can be no assurance that the Notes Offering will be completed.
Safe Harbor Statement
This announcement contains forward-looking statements. These statements are made under the “safe harbor” provisions of the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements can be identified by terminology such as “will,” “expects,” “anticipates,” “aims,” “future,” “intends,” “plans,” “believes,” “estimates,” “confident,” “potential,” “continue,” or other similar expressions. Among other things, the terms of the Notes, whether the Company will complete the Notes Offering, a description of various hedging activities, and statements about Bilibili’s beliefs and expectations, contain forward-looking statements. Bilibili may also make written or oral forward-looking statements in its periodic reports to the U.S. Securities and Exchange Commission, in its interim and annual reports to shareholders, in announcements, circulars or other publications made on the website of The Stock Exchange of Hong Kong Limited (the “Hong Kong Stock Exchange”), in press releases and other written materials and in oral statements made by its officers, directors or employees to third parties. Statements that are not historical facts, including but not limited to statements about Bilibili’s beliefs and expectations, are forward-looking statements. Forward-looking statements involve inherent risks and uncertainties. A number of factors could cause actual results to differ materially from those contained in any forward-looking statement, including but not limited to the following: results of operations, financial condition, and stock price; Bilibili’s strategies; Bilibili’s future business development, financial condition and results of operations; Bilibili’s ability to retain and increase the number of users, members and advertising customers, provide quality content, products and services, and expand its product and service offerings; competition in the online entertainment industry; Bilibili’s ability to maintain its culture and brand image within its addressable user communities; Bilibili’s ability to manage its costs and expenses; PRC governmental policies and regulations relating to the online entertainment industry, general economic and business conditions globally and in China and assumptions underlying or related to any of the foregoing. Further information regarding these and other risks is included in the Company’s filings with the Securities and Exchange Commission and the Hong Kong Stock Exchange. All information provided in this announcement and in the attachments is as of the date of the announcement, and the Company undertakes no duty to update such information, except as required under applicable law.
About Bilibili Inc.
Bilibili is an iconic brand and a leading video community with a mission to enrich the everyday lives of young generations in China. Bilibili offers a wide array of video-based content with All the Videos You Like as its value proposition. Bilibili builds its community around aspiring users, high-quality content, talented content creators and the strong emotional bonds among them. Bilibili pioneered the “bullet chatting” feature, a live comment function that has transformed our users’ viewing experience by displaying the thoughts and feelings of audience members viewing the same video. The Company has now become the welcoming home of diverse interests among young generations in China and the frontier for promoting Chinese culture across the world.
SHANGHAI, May 21, 2025 (GLOBE NEWSWIRE) — Bilibili Inc. (“Bilibili” or the “Company”) (Nasdaq: BILI and HKEX: 9626), an iconic brand and a leading video community for young generations in China, today announced the pricing of the separate SEC-registered underwritten offering of its Class Z ordinary shares, par value US$0.0001 per share (the “Concurrent Delta Offering”).
Concurrently, the Company announced pricing of the upsized offering (the “Notes Offering”) of US$600 million in aggregate principal amount of convertible senior notes due 2030 (the “Notes”) pursuant to Rule 144A under the Securities Act of 1933, as amended. The Company intends to grant the initial purchasers in the Notes Offering a 30-day option to purchase up to an additional US$90 million in principal amount of the Notes.
In connection with the Notes Offering, the Company announced the Concurrent Delta Offering, under which 10,281,240 of the Company’s Class Z ordinary shares, that have been borrowed from non-affiliate third parties are being offered in a separate underwritten offering by Goldman Sachs & Co. LLC and Morgan Stanley Asia Limited (the “Underwriters”), each acting severally on behalf of itself and/or its respective affiliates, at HK$140.10 per Class Z ordinary share. The Underwriters will use the resulting short position to facilitate hedging transactions by certain investors subscribing for the Notes, who employ a convertible arbitrage strategy (the “Convertible Arbitrage Investors”). The Company has been advised that each Underwriter is concurrently entering into off-market privately negotiated derivative transactions relating to the Class Z ordinary shares, enabling Convertible Arbitrage Investors to establish their initial short positions in the Class Z ordinary shares to hedge market risk in the Notes. The number of Class Z ordinary shares subject to the Concurrent Delta Offering generally corresponds to such initial short positions of the Convertible Arbitrage Investors. No new Class Z ordinary shares will be issued in the Concurrent Delta Offering. The Company will not receive any proceeds from the Concurrent Delta Offering. The Notes Offering and the Concurrent Delta Offering are contingent upon each other.
The Company will use part of the proceeds from the Notes Offering for the Concurrent Repurchase. The Concurrent Repurchase enables investors to establish some of their initial short positions in the Class Z ordinary shares to hedge market risk in the Notes and reflects the Company’s confidence in its long-term strategy and growth. The repurchased shares will be cancelled.
The Company has filed an automatic shelf registration statement on Form F-3 (including a prospectus) with the SEC. The Concurrent Delta Offering will be made only by means of a prospectus supplement and the accompanying prospectus. Before you invest, you should read the prospectus supplement and the accompanying prospectus and other documents that the Company has filed with the SEC for more complete information about the Company and the Concurrent Delta Offering. You may obtain these documents by visiting EDGAR on the SEC website at www.sec.gov. Alternatively, a copy of the prospectus supplement and the accompanying prospectus may be obtained from Goldman Sachs & Co. LLC, 200 West Street, New York, New York 10282, Attention: Prospectus Department, Email: Prospectus-ny@ny.email@gs.com, Telephone: 1 (866) 471-2526; or Morgan Stanley Asia Limited, c/o Morgan Stanley & Co. LLC, 180 Varick Street, New York, New York 10014, Attention: Prospectus Department, Email: prospectus@morganstanley.com, Telephone: 1 (866) 718-1649.
Other Matters
This press release shall not constitute an offer to sell or a solicitation of an offer to purchase any of these securities, nor shall there be a sale of the securities in any state or jurisdiction in which such an offer, solicitation, or sale would be unlawful.
This press release contains information about the pending Concurrent Delta Offering and Concurrent Repurchase, and there can be no assurance that the Concurrent Delta Offering and Concurrent Repurchase will be completed.
Safe Harbor Statement
This announcement contains forward-looking statements. These statements are made under the “safe harbor” provisions of the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements can be identified by terminology such as “will,” “expects,” “anticipates,” “aims,” “future,” “intends,” “plans,” “believes,” “estimates,” “confident,” “potential,” “continue,” or other similar expressions. Among other things, the terms of the Notes, whether the Company will complete the Notes Offering, whether the Concurrent Delta Offering and/or Concurrent Repurchase will be completed, a description of various hedging activities, and statements about Bilibili’s beliefs and expectations, contain forward-looking statements. Bilibili may also make written or oral forward-looking statements in its periodic reports to the U.S. Securities and Exchange Commission, in its interim and annual reports to shareholders, in announcements, circulars or other publications made on the website of The Stock Exchange of Hong Kong Limited (the “Hong Kong Stock Exchange”), in press releases and other written materials and in oral statements made by its officers, directors or employees to third parties. Statements that are not historical facts, including but not limited to statements about Bilibili’s beliefs and expectations, are forward-looking statements. Forward-looking statements involve inherent risks and uncertainties. A number of factors could cause actual results to differ materially from those contained in any forward-looking statement, including but not limited to the following: results of operations, financial condition, and stock price; Bilibili’s strategies; Bilibili’s future business development, financial condition and results of operations; Bilibili’s ability to retain and increase the number of users, members and advertising customers, provide quality content, products and services, and expand its product and service offerings; competition in the online entertainment industry; Bilibili’s ability to maintain its culture and brand image within its addressable user communities; Bilibili’s ability to manage its costs and expenses; PRC governmental policies and regulations relating to the online entertainment industry, general economic and business conditions globally and in China and assumptions underlying or related to any of the foregoing. Further information regarding these and other risks is included in the Company’s filings with the Securities and Exchange Commission and the Hong Kong Stock Exchange. All information provided in this announcement and in the attachments is as of the date of the announcement, and the Company undertakes no duty to update such information, except as required under applicable law.
About Bilibili Inc.
Bilibili is an iconic brand and a leading video community with a mission to enrich the everyday lives of young generations in China. Bilibili offers a wide array of video-based content with All the Videos You Like as its value proposition. Bilibili builds its community around aspiring users, high-quality content, talented content creators and the strong emotional bonds among them. Bilibili pioneered the “bullet chatting” feature, a live comment function that has transformed our users’ viewing experience by displaying the thoughts and feelings of audience members viewing the same video. The Company has now become the welcoming home of diverse interests among young generations in China and the frontier for promoting Chinese culture across the world.
SINGAPORE, May 21, 2025 (GLOBE NEWSWIRE) — HTX, a leading global cryptocurrency exchange, unveiled its next-generation “Crypto Loans 2.0” product on May 19. This enhanced version brings a refined structure and superior user experience, featuring multi-asset collateral, a smart dynamic Loan-to-Value (LTV) model, instant fund access, flexible repayment options, and zero fees. To mark this significant launch, HTX has rolled out two exclusive promotions: “Borrow & Earn” #7, where users can share a massive 5,000,000,000 $HTX prize pool, and the “Millions in Rewards Plus Margin Power-up” event, which provides BTC loan interest rates as low as 0.09% and an extra 10% discount on USDT loans.
Unlock Multiple Benefits with HTX Loan Products
To celebrate the grand launch of Crypto Loans 2.0 and commemorate the 15th anniversary of Bitcoin Pizza Day, HTX is simultaneously launching “Borrow & Earn” #7 and an exclusive limited-time margin promotion, delivering substantial rewards to our valued users.
“Borrow & Earn” #7 runs from May 19 at 02:00 (UTC) to June 2 at 15:59 (UTC), featuring a total prize pool of 5,000,000,000 $HTX. Users simply need to borrow USDT using the Crypto Loans Flexible product during the event to earn a share of the $HTX prize pool, based on the interest paid — the more interest paid, the greater the rewards. Rewards will be credited to winners’ Spot accounts within 7 working days after the event ends.
Concurrently, HTX has launched an exclusive margin promotion, “Millions in Rewards Plus Margin Power-up”, active from May 20 at 10:00 (UTC) to June 2 at 10:00 (UTC). For a single USDT loan of $1,000,000 or more, users can enjoy an extra 10% interest rate discount! This brings the annual interest rate down to as low as 3.9% (or 0.01% daily). There is no limit on borrowing frequency and each qualifying loan benefits from this generous discount.
Don’t miss the Pizza Day 15th Anniversary Bonus! During the event, the top 10 users by cumulative loan volume will share 264,000,000 $HTX (worth $500). Register via the provided link to participate. Leverage these ultra-low interest rates to maximize potential returns and aim for substantial gains.
Optimized Borrowing Experience with Multi-Asset Collateral
Loan efficiency and asset liquidity have always been two major user-focused concerns. As a key highlight of this upgrade, HTX’s “Crypto Loans 2.0” introduces a multi-asset collateral mechanism, supporting over 20 mainstream cryptocurrencies as collateral assets, including USDT, BTC, ETH, TRX, DOGE, XRP, SOL, and AVAX. This significantly boosts users’ asset utilization efficiency.
To further enhance the borrowing experience, HTX has expanded its loanable assets to include SOL, TON, and USDC, with USDC also available as a collateral option. Unlike the traditional single-asset collateral model, the multi-asset collateral mechanism allows users to unlock liquidity from their holdings while effectively reducing the risk of forced liquidation due to single-asset volatility.
Another standout feature of this upgrade is HTX’s limited-time offer: an ultra-low 0.09% annual interest rate for BTC Flexible Loans, with borrowing limits up to 100 BTC. This remarkable rate represents a 555-fold reduction from the previous annual rate of over 5.0%, making it an exceptional deal. For example, borrowing BTC equivalent to approximately 1,000,000 USDT would incur a mere 2.37 USDT in daily interest — a truly remarkable saving.
Crypto Loans 2.0 also offers the following advantages:
Smart Dynamic LTV Mechanism: Interest rates adjust in real time based on market conditions, ensuring industry-leading competitiveness. Annualized interest rates for Flexible Loans include 3.9% for USDT, 2.4% for ETH, and as low as 0.09% for BTC.
Flexible Term Options: Supports flexible configuration for both flexible and fixed terms (7/30/45/90 days).
Instant Fund Access & Flexible Repayment: Borrowed funds are delivered instantly, interest accrues every hour, and users enjoy the freedom to repay at any time, ensuring optimal fund efficiency.
Institutional-Grade Risk Control: Supports overcollateralized loans with leverage capped under 1X and tiered liquidation to safeguard accounts. Users retain all remaining collateral assets.
Personalized 1-on-1 VIP Service: Delivers customized loan limits, flexible currency selections, and special discounted interest rates for SVIP users.
Crypto Loans 2.0 is now live! Users can access it via the HTX website by clicking “Loans” > “Crypto Loans”, or through the HTX App by tapping “More” > “Crypto Loans”. Here’s how to get started:
HTX’s Crypto Loans 2.0 leads the industry with its ability to boost capital efficiency, lower liquidation risk, provide flexible investment options, and allow multi-asset collateral. Moving forward, HTX will continue to enhance its lending products, pushing the platform’s financial services toward greater efficiency, lower barriers, and broader diversification. Try Crypto Loans 2.0 now to enjoy seamless borrowing, ultra-low interest rates, and access to massive prize pools. Make every digital asset your strategic liquidity advantage on the road to financial freedom.
About HTX
Founded in 2013, HTX has evolved from a virtual asset exchange into a comprehensive ecosystem of blockchain businesses that span digital asset trading, financial derivatives, research, investments, incubation, and other businesses. As a world-leading gateway to Web3, HTX harbors global capabilities that enable it to provide users with safe and reliable services. Adhering to the growth strategy of “Global Expansion, Thriving Ecosystem, Wealth Effect, Security & Compliance,” HTX is dedicated to providing quality services and values to virtual asset enthusiasts worldwide. To learn more about HTX, please visit HTX Square or https://www.htx.com/, and follow HTX on X, Telegram, and Discord.
Disclaimer: This is a paid post and is provided by HTX. The statements, views, and opinions expressed in this content are solely those of the content provider and do not necessarily reflect the views of this media platform or its publisher. We do not endorse, verify, or guarantee the accuracy, completeness, or reliability of any information presented. We do not guarantee any claims, statements, or promises made in this article. This content is for informational purposes only and should not be considered financial, investment, or trading advice.Investing in crypto and mining-related opportunities involves significant risks, including the potential loss of capital. It is possible to lose all your capital. These products may not be suitable for everyone, and you should ensure that you understand the risks involved. Seek independent advice if necessary. Speculate only with funds that you can afford to lose. Readers are strongly encouraged to conduct their own research and consult with a qualified financial advisor before making any investment decisions. However, due to the inherently speculative nature of the blockchain sector—including cryptocurrency, NFTs, and mining—complete accuracy cannot always be guaranteed.Neither the media platform nor the publisher shall be held responsible for any fraudulent activities, misrepresentations, or financial losses arising from the content of this press release. In the event of any legal claims or charges against this article, we accept no liability or responsibility. Globenewswire does not endorse any content on this page.
Legal Disclaimer: This media platform provides the content of this article on an “as-is” basis, without any warranties or representations of any kind, express or implied. We assume no responsibility for any inaccuracies, errors, or omissions. We do not assume any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information presented herein. Any concerns, complaints, or copyright issues related to this article should be directed to the content provider mentioned above.
Photos accompanying this announcement are available at