The EU hones in on Central Asia in race for raw materials.
The EU has raised billions for the region to diversify supply chains and reduce dependence on China.
Experts say the idea is to offer competitive deals and build local industry while encouraging sustainable mining.
Bloomberg alerts sent on this:
*CANADA, MEXICO NOT SUBJECT TO RECIPROCAL TARIFFS FOR NOW
*US CONTINUES USMCA EXEMPTION FOR CANADA, MEXICO TARIFFS
BREAKING: Canada gets an exemption from Trump's baseline 10% tariffs, Bloomberg reports. At least for now, the existing tariff exemption for USMCA compliant goods will continue. (It's not immediately clear to me if Canadian autos will still get hit with the 25% tariff on foreign cars)
The list of tarifs announced today, for each country
Canada not listed, so likely 10%.
EDIT: Canada is exempted entirely beside what was announced already in the last few weeks
Unclear if it is the new baseline tariff or the extra on top of what exists already.
(No Alt text on the photos yet)
Average person will be 40% poorer if world warms by 4C
Experts say previous #economic models underestimated impact of #globalheating – as well as likely ‘cascading #supplychain disruptions’
Australian scientists study suggests average per person #GDP across the globe will be reduced by 16% even if warming is kept to 2C above pre-industrial levels. This is a much greater reduction than previous estimates, which found the reduction would be 1.4%.
https://www.theguardian.com/environment/2025/apr/01/average-person-will-be-40-poorer-if-world-warms-by-4c-new-research-shows #climate #climatechange
What The Ship (Ep 121)
Mar 31, 2025
Update: #Solong, #StenaImmaculate & #MSCBalticIII
US Tariffs and US Trade Representative Section 301 Port Fees
Oil and #Russia Dark Fleet
CK Hutchinson and #Panama
#Icebreakers
#SupplyChain
#Shipping
youtu.be/bLovD-gsarg
What the Ship (Ep 121) | UPDAT...
We're #hiring!
Two(!) full #professorships open in our department at WU Vienna (Vienna University of Economics and Business) under two complementary focus topics:
1) #Foundations of contemporary #InformationSystems, where we look for candidates who complement and strengthen the existing research at our department in areas such as:
· #ArtificialIntelligence: #AI Systems and Architectures
· #DataMining and #MachineLearning
· #DistributedSystems and #Decentralization
· #DistributedLedgers
· #Cloud and #Virtualisation
· #IoT and #EdgeComputing
· #DataGovernance for AI
2) #OperationsManagement with a focus on #DigitalTransformation, where the candidate’s expertise falls within one of the following research areas:
· #behavioural #operations
· AI application to #process improvements
· integrated #supplymanagement and #demandmanagement
· #ProductionPlanning and control
· #SupplyChain planning and control
· circular supply chains and sustainable supply chain management
· #tokenization in supply chains and new product development
Details at the link below... Please get in touch, if you want to know more!
Inside Kimsuky’s Latest Cyberattack: Analyzing Malicious Scripts and Payloads
Kimsuky, also known as “Black Banshee,” a North Korean APT group active at least from 2012, is believed to be state-sponsored. Their cyber espionage targets countries like South Korea, Japan, and the U.S. Their tactics include phishing, malware infections (RATs, backdoors, wiper malware), supply chain attacks, lateral movement within networks and data exfiltration.
Pulse ID: 67e5c75c2569365ec3ecae21
Pulse Link: https://otx.alienvault.com/pulse/67e5c75c2569365ec3ecae21
Pulse Author: AlienVault
Created: 2025-03-27 21:47:08
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#security vulnerability on #npm packages
https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell
Malware found on npm infecting local package with reverse shell
A sophisticated malware campaign targeting npm packages has been discovered, involving two malicious packages: ethers-provider2 and ethers-providerz. These packages act as downloaders, hiding their malicious payload cleverly. Upon installation, they patch the legitimate locally-installed npm package 'ethers' with a new file containing malicious code. This patched file ultimately serves a reverse shell, connecting to the threat actor's server. The malware employs evasive techniques, maintaining persistence even after removal of the original malicious package. This approach demonstrates a high level of sophistication and poses a significant threat to software supply chain security. The campaign also includes other related packages, highlighting the growing scope of risks for both software producers and end-user organizations.
Pulse ID: 67e43187834511a9e1562b6e
Pulse Link: https://otx.alienvault.com/pulse/67e43187834511a9e1562b6e
Pulse Author: AlienVault
Created: 2025-03-26 16:55:35
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Nerd question about the Port of Los Angeles: anyone have insight into what the contents of "recyclable plastics (293,218 TEUs)" imported in 2024 are? Is it nurdles? Is it just consumer goods made of plastic that are being labeled recyclable? ??
Major tech companies like Apple, Qualcomm, and Siemens are doubling down on their Chinese operations despite geopolitical challenges, adapting strategies to navigate regulatory complexities.As geopolitical tensions escalate, global tech giants continue to prioritize the Chinese market. 
#Apple #China #foreigninvestment #geopolitics #Qualcomm #Siemens #SupplyChain #technology #redrobot
Jensen Huang announces Nvidia’s plan to invest hundreds of billions in US-made chips & electronics over the next 4 years, shifting supply chains amid Trump's tariff threats. 
#Nvidia #TechNews #Semiconductors #SupplyChain #USManufacturing #TechIndustry #Chips
Via #LLRX #AI in #Finance and #Banking, 03/18/25 Semi-monthly column by Sabrina I. Pacifici 5 highlights - The #Finance Sector Is Hitting an Inflection Point With #AI; #ArtificialIntelligence and the #Labor Market; #China #centralbank vows to promote applications of AI #largelanguagemodels; AI and the Extended Workday: Productivity, #Contracting Efficiency, and Distribution of Rents; and The AI #supplychain
https://llrx.com/2025/03/ai-in-finance-and-banking-march-18-2025/ #banking #economy
StepSecurity has posted another entry on this topic:
https://www.stepsecurity.io/blog/reviewdog-github-actions-are-compromised
The security incident involves a malicious payload in reviewdog GitHub Actions that targets the Runner.Worker process to extract secrets. The exploit uses a Python script that reads the process memory of the GitHub Actions runner to access stored secrets. The malicious code was found in commit SHA f0d342d24037bb11d26b9bd8496e0808ba32e9ec of reviewdog/action-setup. The script works by identifying the Runner.Worker process, mapping its memory regions, and reading the contents, which are then printed to stdout, effectively exposing secrets in build logs. This technique is similar to the previously reported tj-actions/changed-files incident.
China sends a brand new offshore wind service vessel to the US, but what will it do when it gets here?
https://cleantechnica.com/2025/03/16/dont-worry-china-will-help-build-us-offshore-wind-farms/
It would appear as if Wiz may have discovered another supply-chain compromise:
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
The attack involved compromising the v1 tag of reviewdog/action-setup between March 11th 18:42 and 20:31 UTC. Unlike the tj-actions attack that used curl to retrieve a payload, this attack directly inserted a base64-encoded malicious payload into the install.sh file. When executed, the code dumped CI runner memory containing workflow secrets, which were then visible in logs as double-encoded base64 strings. The attack chain appears to have started with the compromise of reviewdog/action-setup, which was then used to compromise the tj-actions-bot Personal Access Token (PAT), ultimately leading to the compromise of tj-actions/changed-files. Organizations are advised to check for affected repositories using GitHub queries, examine workflow logs for evidence of compromise, rotate any leaked secrets, and implement preventive measures like pinning actions to specific commit hashes rather than version tags.
Alert! 
The GitHub Action 'tj-actions/changed-files' was compromised, potentially leaking CI/CD secrets from repos. Update to v46.0.1 ASAP & check logs from March 14-15 for unusual output. Supply chain risk strikes again! More info: https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html #cybersecurity #github #supplychain #newz
#TradeWars Defense
Diversify Your #Investments Embrace Import Substitution Strengthen Local #SupplyChain Stay Informed on #GlobalPolicy Leverage #Digital #Platform Optimize #Financial #portfolio Prepare for #Economic Fluctuations
Get Smart or Stay...
UK Government Report Calls for Stronger Open Source Supply Chain Security Practices
https://www.securityweek.com/uk-government-report-calls-for-stronger-open-source-supply-chain-security-practices/
#SupplyChain is now trending across Mastodon
