Search dyami insights

Date: 06/03/2026 Context At approximately 11:30  on 5 March 2026 , Azerbaijani authorities reported that four drones entered Azerbaijani airspace and struck locations inside the Nakhichevan exclave , damaging parts of the Nakhchivan International Airport  terminal building and a field near a school; two injuries  were reported. Azerbaijan’s Ministry of Foreign Affairs issued a formal statement condemning the attacks and demanding an explanation from the Iranian Government, an investigation, and measures to prevent a recurrence. Iran’s Foreign Minister denied that any projectiles were launched from Iranian territory  towards Azerbaijan, instead referring to the role of Israel in “diverting public opinion and undermining Iran’s good relations with its neighbours”. This constitutes the first attack of its kind on Azerbaijan’s Nakhichevan exclave and expands the areas affected by the ongoing Iran–US/Israeli conflict. Azerbaijan’s Baku FIR issued two NOTAMs temporarily restricting airspace on 5 March 2026, citing reduced ATC capacity and modified routing. These measures may cause reroutes and delays, especially for traffic transiting southern Azerbaijan and at FIR boundary crossings, although typical air traffic through the area is generally low. ATC sector closure:  Baku FIR ACC Sector South is closed for operational reasons from 07:39 to 19:39 UTC. Expect ATC rerouting/holding and potential flow restrictions through the southern portion of Azerbaijani airspace. Waypoint outages and reroute guidance:  Waypoints ULDUS, BATEV, LALDA, PARSU are temporarily unavailable from 15:00 UTC (5 Mar) to 03:00 UTC (6 Mar). Flights to/from Yerevan FIR should use MATAL as the boundary entry/exit point; flights to/from Turkmenbashi FIR should use MARAL/METKA/RODAR/LARGI. Analysis: airspace risks Aviation risk reporting indicates that the immediate operational impact was driven less by confirmed runway damage and more by airspace risk controls: a NOTAM temporarily closed the southern sector of the UBBA (Baku FIR) around Nakhchivan (UBBN), while noting that the initial visible damage appeared concentrated on the terminal area (with no confirmed runway impact at the time of writing). Flight-tracking sources showed at least one civilian airliner diverting back to Baku, and local media cited the airport/press service as saying that flights were temporarily suspended, supporting the assessment that connectivity to the exclave was disrupted immediately after the incident. Nakhchivan’s airport is a dual-use (civil/military) facility with few international routes. The airport is known to have housed Turkish-acquired (or Turkish-operated) Bayraktar TB2 combat drones as of 2024, kept in hangars near the airport, as well as Mi-35-type gunship helicopters based at the same site. This dual-use role may increase the airport’s exposure to risk in the event of further attacks. Hangers housing military helicopters and TB2 Bayraktar UAVs Source: Google, Airbus, image date 05 March 2024 Despite perceptions of cordial relations, there are signs that Azerbaijan and Iran remain wary of one another. Iran’s mistrust largely stems from Azerbaijan’s strategic partnership with Israel, through which Baku has purchased billions of dollars’ worth of advanced weaponry and supported joint production with Israeli defence firms inside Azerbaijan. Azerbaijan, meanwhile, is primarily concerned about Iran’s influence—however limited—within its society, particularly among religious communities, as well as Tehran’s broader efforts to expand its regional footprint in the South Caucasus. In response, Baku has sought closer ties with Turkey, partly out of concern that Iranian influence could grow. Bayraktar TB2 UAVs in a hangar at Nakhchivan International Airport Looking ahead Azerbaijan is likely to treat the incident as justification for a tighter air-defence and security posture around Nakhichevan, including stricter local airspace controls, sharper attribution messaging, and potentially more restrictive border management—especially given that Azerbaijan’s land borders remain closed to routine passenger movement under the “special quarantine regime”. Further incidents, whether attributable to Iran, a third party, or non-state actors operating from within Iran, would raise the risk of escalation and more frequent NOTAM-driven constraints, such as sector closures, waypoint suspensions and enforced reroutes. If the northern Caucasus air corridor becomes unreliable or closes, there are few comparable alternatives in the region, and a much larger share of long-haul traffic would be forced to concentrate on the Saudi/Red Sea corridor, intensifying congestion, delays and capacity strain in airspace that is already heavily burdened by rerouted flights.

Date:   06/03/2026 Executive Summary Ecuador is entering an active phase of US-supported military operations against domestic criminal groups designated as foreign terrorist organisations (FTOSs) by the United States government. On 3 March 2026, US Southern Command announced joint operations with Ecuadorian forces targeting “terrorist groups.” The US has designated Los Choneros and Los Lobos, the two principal armed criminal networks controlling the country's drug trafficking infrastructure, as FTOs. However, the first action was aimed at Comandos de la Frontera, a Colombian drug trafficking group also operating in northern Ecuador. The same day, a coordinated US-Ecuador-Europol operation dismantled a Los Lobos trafficking network operating into Belgium and the Netherlands. Ecuador's President Noboa has imposed nightly curfews across four provinces, including Guayas, home to Guayaquil's José Joaquín de Olmedo International Airport, effective 15–31 March 2026. Interior Minister John Reimberg also told  people in these provinces on March 3 to “stay at home. We are at war.” On March 4, Ecuador revealed US assets had helped plan the operation against Comandos de la Frontera, a heavily armed Colombian drug trafficking group which also operates in Ecuador. While the full extent of US involvement was not revealed, Ecuador’s Joint Command said the US provided logistical and operational support. For aviation operators, the immediate operational consideration is a NOTAM issued in January 2026 covering the Eastern Pacific, citing military activities and GPS interference, valid through 17 March 2026. This reflects active US maritime interdiction operations against narco-trafficking vessels, a campaign that has intensified significantly since late 2025. Ground operations and curfew enforcement in the Guayas province present secondary considerations for crew movements and ground handling. This is assessed as an elevated but stable risk environment. Scheduled commercial operations at GYE are not currently disrupted. The situation is developing, with military engagement expected to deepen through March 2026 and potentially beyond. Details Who US Southern Command (SOUTHCOM), Homeland Security Investigations (HSI), and Ecuadorian armed forces and National Police joint operations against Comandos de la Frontera, as well as Ecuador's Los Choneros and Los Lobos, both designated FTOs by the US. What Ecuador is simultaneously the subject of overlapping but distinct operations. At sea, US forces are conducting maritime interdiction in the Eastern Pacific targeting narco-trafficking vessels. On the ground, Ecuador is operating under a national state of emergency declared in January 2026, with nightly upcoming curfews imposed across four provinces, including Guayas, home to Guayaquil's international airport, set to run 15–31 March 2026. Since March 3, US assets supported Ecuadorean troops against drug trafficking interests, a situation which may ramp up through March. These lines of operation are coordinated: the maritime campaign disrupts outbound shipments, the ground operations target the domestic infrastructure of the organisations moving them, and international takedowns close off the European end of the supply chain. The result is the most significant security mobilisation Ecuador has seen since President Noboa declared an internal armed conflict in January 2024. Where The Eastern Pacific is the maritime theatre, where US forces are conducting interdiction operations against narco-trafficking vessels in international waters. On the ground, the operational focus is set to be concentrated in the four provinces placed under nightly curfew from March 15:  Guayas, which contains the Port of Guayaquil, the primary exit point for Ecuadorian cocaine; Los Ríos, the inland transit corridor connecting the Colombian border to the coast, dotted with stash houses and clandestine airstrips;  El Oro, the southern gateway bordering Peru and home to the Port of Machala;  and Santo Domingo de los Tsáchilas, the logistics junction linking the Pacific coast to the Andean interior.  These four provinces map almost exactly onto the cocaine supply chain from border crossing to container ship.  When 2024 - Ecuador receives hundreds of millions of dollars in US security assistance across Navy and Air Force modernisation, elite vetted police units, and direct operational support. November 2024 - Ecuador adopts the US DARTTS AI/ML customs profiling system, integrating port screening into American intelligence infrastructure. September 2025 -  US State Department designates Los Choneros and Los Lobos as FTOs. December 2025 - The US deployed military personnel and equipment to a former U.S. base in Manta, Ecuador for a “temporary operation” focused on anti-narcotics and intelligence gathering. This move followed a November 2025 referendum where Ecuadorian voters rejected a proposal to allow foreign military bases in the country.  January 2026:  NOTAM issued over the Eastern Pacific citing military activities and GPS interference, signalling activation of US maritime interdiction operations. March 3, 2026:  SOUTHCOM publicly announces joint operations against designated terrorist organisations. Ecuador imposes nightly curfews across four provinces to run from March 15-31. Why Ecuador sits between Colombia and Peru, the world's two largest coca producers, and handles an estimated 70% of global cocaine exports, the bulk of it leaving through the Port of Guayaquil. The money and weapons received over the past decade have turned gangs like the Choneros and Lobos into transnational criminal enterprises with the resources to challenge the state directly. Faced with an Ecuadorian state both incapable of dismantling these groups alone and an administration willing to cooperate closely with Washington, the US administration views Ecuador as the next step in militarizing the Latin American drug war after strikes on drug boats in the Caribbean, seizing President Nicolas Maduro of Venezuela, and assisting in the killing of Mexican drug trafficker and CJNG boss, El Mencho. How The precise nature and extent of US military involvement as of 3 March 2026 is not fully established. SOUTHCOM's announcement of joint operations against designated terrorist organisations was deliberately unspecific, and Ecuador's Ministry of Defense declaration of a "new phase against narco-terrorism" offered no operational detail. But the convergence of simultaneous developments on 3 March, the SOUTHCOM announcement, the curfew decree, Interior Minister Reimberg's declaration that "we are at war," and the Europol takedown, alongside an active Eastern Pacific NOTAM citing military activities and GPS interference, suggests a coordinated operational activation rather than an incremental policy step.  Analysis Los Choneros and Los Lobos are not conventional criminal targets. Over the past 7-10 years, sustained income has transformed them from street gangs into groups with the financial resources, territorial control, and institutional penetration of a parallel state. Their prison infrastructure alone illustrates the problem: Ecuador's penitentiary system, the site of more than 450 inmate deaths in gang massacres since 2021, functions as an operational headquarters from which leadership communicates, coordinates, and commands. The corruption penetration runs deeper still. The December 2025 arrest of Ecuador's former national police chief on charges of collaboration with Los Lobos confirmed that the institutions being deployed against these organisations, including in collaboration with the U.S., have been systematically compromised by them. Vetted units and HSI-trained TCIUs partially address this problem, but they operate within a broader institutional environment that these organisations have spent years corrupting at every level, from beat officers to the head of the national police. Territorial entrenchment compounds the problem further. In significant parts of Guayas and Los Ríos, Los Choneros, Los Lobos, and other gangs are a form of government. They provide jobs, collect revenue, enforce orders, and even deliver basic services the state does not. Displacing an structure with that degree of community embeddedness requires not just military pressure but sustained state presence and service delivery afterward. Ecuador has demonstrated neither the capacity nor the resources to provide that at scale. All four curfew provinces matter, Guayas is where sustained operations carry the heaviest economic consequences. The Port of Guayaquil is Ecuador's primary trade gateway, the exit point for the bulk of the country's agricultural exports, including bananas, shrimp, and cut flowers, and the entry point for a significant proportion of its imports. José Joaquín de Olmedo International Airport handles the majority of Ecuador's international passenger and cargo air traffic. Both operate within a province soon to be under nightly curfew, elevated military presence, and active security operations of uncertain duration. In the short term, curfew hours create manageable but real friction: crew transport, ground handling schedules, and cargo movement require coordination with local operators who are themselves operating under constrained conditions. The more significant risk is duration.  Curfews imposed in environments where the underlying security problem is structurally resistant to rapid resolution tend to get extended.

As governments and airlines fail to come to a consensus about evacuation protocols from countries affected by the Iran conflict, it is Dyami’s strong recommendation that travelers based in Gulf States (UAE, Qatar, Bahrain, Oman) should stay put.  There are three main reasons. 1.  The threat to Gulf residents is lower than it looks. Despite highly visible and disruptive strikes on infrastructure such as Dubai Airport or the Crowne Plaza in Bahrain, Iran’s ability to cause widespread casualties in Gulf States is low. Over the four days of the conflict so far, it has expended thousands of missiles and drones, with a strike rate of less than 10 percent. Excluding Israel and US military personnel, which have borne the brunt of the loss of life on the coalition side, fatalities in Gulf States have remained in single-digits.  2. The airport is a worse place to be than your hotel. As the war continues, even assuming Iran retains deep missile stocks and Gulf interceptor reserves are under pressure, Tehran's ability to materially shift the conflict through conventional strikes diminishes over time. Sustained random attacks on Gulf States would likely trigger Saudi Arabia or the UAE as active belligerents long before they achieved meaningful strategic effect. Thousands of foreign citizens crammed into an airport waiting for evacuation flights makes a far more coherent and appealing target. Furthermore, analysis that the IRGC may have decentralised launch authority to regional commanders, meaning individual strikes may not require central approval, only adds to this fear. 3. Evacuation capacity is finite.  Evacuations are finite resources, especially since only Emirates and Etihad, the UAE’s home airlines, are currently planning any whatsoever. Thousands of people trying to force an early exit creates a logistical "bottleneck" that hampers the movement of high-priority personnel, including essential medical staff, technical recovery teams, and diplomatic security details, whose presence is required to maintain the very infrastructure residents rely on for safety. A premature rush to the gates by non-essential personnel compromises the duty of care for those most at risk. Until a stable air corridor is established and verified by multiple intelligence sources, staying put ensures that these channels remain clear for those whose extraction is a matter of immediate life or death.

Date: 11/02/2026 Summary The New START Treaty has long been a cornerstone of strategic stability between the United States and Russia, placing firm limits on deployed nuclear weapons while providing verification measures that reduced uncertainty and mistrust. With the treaty now expired after its final extension, the world enters a new phase where legally binding constraints on the two largest nuclear arsenals are no longer in place. This article explores what New START achieved, why its expiration matters, and how its absence could reshape geopolitical relations and global security in the years ahead. New Strategic Arms Reduction Treaty (New START) The New Strategic Arms Reduction Treaty (New START) is a landmark arms control agreement between the United States and the Russian Federation that was designed to limit and bring transparency to the two largest nuclear arsenals in the world. Originally signed in 2010 and entering into force in February 2011, the treaty placed concrete limits on each side’s deployed strategic nuclear forces, including caps on 1,550 deployed strategic warheads, 700 deployed intercontinental ballistic missiles, submarine-launched ballistic missiles, and heavy bombers, and a total of 800 deployed and non-deployed launchers, along with comprehensive verification measures such as data exchanges and on-site inspections to reduce the risk of misunderstanding or miscalculation. New START was structured to remain in force for 10 years with an option for a single five-year extension, and in 2021 the United States and Russia agreed to exercise that extension, keeping the treaty legally in force through February 4, 2026. This extension preserved the treaty’s limits and monitoring mechanisms at a time when broader nuclear arms control efforts were under strain, and it reflected a shared interest -despite political tension- in maintaining some structure around strategic nuclear forces. As of February 5, 2026, however, the extension period has officially expired, meaning the New START Treaty is no longer legally binding. Its lapse marks the first time in more than five decades that there are no formal, legally enforceable limits on the strategic nuclear arsenals of the United States and Russia. The expiration has sparked concern among diplomats, arms control experts, and international organizations, who warn that without a replacement framework the absence of binding limits could lead to a renewed arms race and decline in transparency between the world’s two principal nuclear powers. In September 2025, Russian leadership publicly offered to continue observing the established New START limits for an additional year after the treaty’s expiration, provided the United States agreed to reciprocal action, but no formal extension was agreed. Proposals for new arms control arrangements that might include other nuclear states such as China remain under discussion. This integration of the extension into the New START story shows both the historic role of the treaty in stabilizing nuclear competition and the uncertainty now emerging as it lapses without a direct successor in place.   Looking ahead Looking ahead, the expiration of New START removes one of the last remaining formal guardrails in US–Russia relations and risks accelerating a return to strategic uncertainty. Without binding limits and verification mechanisms, both sides may feel increased pressure to modernize and expand nuclear capabilities, not necessarily because of immediate intent to strike, but because reduced transparency fuels worst-case assumptions. This dynamic could further harden geopolitical relations, deepen mistrust, and increase the risk of miscalculation during periods of crisis, especially as conventional conflicts and cyber operations increasingly overlap with nuclear signaling. At the same time, the absence of a successor treaty may push global arms control into a more fragmented era, where nuclear stability depends less on bilateral agreements and more on shifting alliances, deterrence postures, and emerging technologies such as hypersonic weapons. In this context, nuclear arms control is likely to remain a key strategic issue—not only between Washington and Moscow, but also in broader debates involving China and other nuclear states, potentially reshaping diplomatic leverage and global security priorities for the coming decade.   Conclusion The expiration of New START may look like a dramatic geopolitical rupture, but it does not automatically trigger a new nuclear arms race. The treaty’s end removes legally binding limits on deployed US and Russian strategic nuclear weapons and eliminates formal inspection and transparency mechanisms. That weakens predictability and reduces mutual confidence. At the same time, expanding nuclear forces is not a switch that can simply be flipped. Uploading additional warheads or increasing deployments requires available delivery systems, industrial capacity, trained crews, and time. Russia’s defense industry is heavily burdened by the war in Ukraine, and the United States also faces procurement timelines and budget realities. Structural constraints still shape what is realistically possible. The greater risk is therefore not an immediate surge in warhead numbers, but a gradual erosion of transparency and stability. Without agreed limits and verification, both sides may increasingly plan for worst-case scenarios, slowly intensifying strategic competition over the long term rather than overnight.

Date: 04/02/2026 Who’s involved : United States, Iran What happened? On 04/02/2026,  an F-35C launched from the aircraft carrier USS Abraham Lincoln in the Arabian sea shot down an Iranian Shahed-129 drone . The drone "aggressively approached” the aircraft carrier with “unclear intent” according to US Central Command.  The shootdown took place just hours before Islamic Revolutionary Guard Corps forces  attempted to board the US flagged merchant vessel Stena Imperative , but were driven off by US destroyer USS McFaul with air support from the US Air Force.  US forces in the region responded. The USS McFaul, an Arleigh Burke-class (Flight II) Aegis guided missile destroyer, escorted the tanker away from the area  as the US Air Force provided defensive air support. There are no reports of shots fired as the Iranian vessels withdrew.  Several hours after the shoot down of the Shahed drone two Iranian gunboats approached the MV Stenna Imperative, a chemical tanker operating under a US flag and crewed by Americans, as it was transiting the strait of Hormuz. The gunboats reportedly passed the ship three times at high speeds as an Iranian Moh ajer   r econnaissance drone flew overhead. It is alleged that the Iranians threatened to board and seize the vessel, even though it was operating in International waters. The Shahed-129 is an older variant of the Shahed-139 and can be used for both reconnaissance and strike purposes. It is currently unclear if this specific drone was carrying any ordnance. Iranian state owned TASM news agency indicated that the drone was on its usual and legal mission in international waters engaged in reconnaissance, monitoring, and filming , which are considered normal and legal actions. Analysis : These escalatory measures took place during a tense stand-off between Iran and US led military forces . The US has been building up its forces in the region for possible action against Iran while it demands complete denuclearisation  - a move Iran is unwilling to make.  These actions of Iran are likely aimed at signalling a willingness to risk an engagement to strengthen its perceived position in possible negotiations with the US.   This is the first Iranian shoot down since the 12 day war. It does not however constitute a fundamental change of the situation  as President Trump indicated that negotiations will continue. A single drone, whether armed or not, poses no threat to the carrier strike group it was surveilling. Its intelligence however can possibly be used to more accurately target the carrier  in the future. Conclusion: These events take place as tensions are high between longtime adversaries Iran and the USA. They began to rise again as Iran’s government spent weeks violently quelling protests that began in late December against growing economic instability before broadening into a challenge to Islamic Republic leadership. President Donald Trump had promised in early January to “rescue” Iranians from their government’s bloody crackdown on protesters, which later morphed into a pressure campaign to get Tehran to make a deal over its nuclear program. The U.S. shot down the drone hours after Iran’s president said Tuesday that he instructed the country’s foreign minister to “pursue fair and equitable negotiations” with the U.S., marking one of the first clear signs from Tehran it wants to try to negotiate with Washington despite a breakdown of talks last summer.

Date:   13/01/2026 (12:30 UTC+1) Where?  Iran Who’s involved? Iran, Israel, the United States What happened? Since 28/12/2025  protests have taken place throughout Iran. The protests originated largely due to a continuously deteriorating economic situation in the country, where high inflation and subsequently higher exchange rates have risen to unprecedented levels in recent years. As an example, on 01/10/2022  —during Iran’s last large-scale protests following the death of 22-year-old Mahsa Amini while in police custody— the USD/IRR (Iranian Rial, RI/RIs) exchange rate stood at an already high $1=336.000 Rls. Three years later, at the beginning of June 2025, just before the Israel-Iran War, the exchange rate stood at $1=822.000 RIs, in the following months, the exchange rate continued to climb and is now at around $1=1.400.000 RIs.  The government quickly pivoted to lethal force to suppress protests, and the funerals of the first deceased protesters on 02/01/2026  increased unrest, with the protests having increasingly grown in size and spread throughout the rest of the country. Reports now suggest the protests have spread to all 31 ostānha (provinces). On 05/01/2025 , reports surfaced alleging that Ayatollah Ali Khamenei had prepared a contingency plan to leave the country should the situation escalate to a point where it is deemed necessary. Rising numbers of fatalities have been reported on both sides, including among protesters and security personnel. As demonstrations have become increasingly aggressive and volatile, with protesters setting fire to regime properties, the security forces’ crackdown has also intensified. On 12/01/2026 , Foreign Minister Abbas Araghchi referred to the protesters as “terrorists”, also accusing armed groups having infiltrated the protests and reiterating claims of US and Israel involvement. Iranian regime officials also referred to the protests as the next phase of the Israel-Iran War, highlighting concerns on external interference. Since 08/01/2026, the Iranian government blocked internet access nation-wide, likely aiming to hinder protestor’s communication and thus coordination and organization, as well as decreasing the ability for citizens to share images and videos of violent, repressive behavior from security forces. Nonetheless, a small amount of videos and limited communication continued, thanks to some citizen-owned Starlink (satellite internet service) routers. Since 11/01/2026, the regime has jammed this service too, effectively imposing a country-wide internet blackout. US President Trump indicated he might contact Elon Musk to request assistance in restoring internet access using Musk's Starlink satellite service, though no further comments have yet been made on this by Musk or Trump. As of 12/01/2026, the large majority of media about the protests comes from official Iranian state media channels, which are the only ones remaining continuously online and broadcasting.  Since 01/01/2026 , President Trump’s rhetoric with regards to Iran has become more aggressive. Trump has stated his readiness and openness to intervene ‘in favour of the protesters’. At the same time, Israel has regularly held security cabinet meetings over the past weeks discussing the situation in Iran and the country’s options, with former IDF Intelligence chief, Tamir Hayman, stating Israel “nearly struck Iran twice in recent weeks”. On 11/01/2025  Iran warned Israel and the US that if attacks were to be carried out by the US its military and shipping centers would be targeted. On 12/01/2026 , US President Trump announced that the US will impose 25% tariffs with all the countries that do business with Iran, “effective immediately.” Since 09/01/2025 , several airlines, such as Turkish Airlines, Emirates, and FlyDubai among others, have cancelled flights to and from Iran, highlighting the severity of the situation. Temporary airspace closures in certain parts of the OIIX/Tehran FIR have been issued over the past days. On 12/01/2025 , the US also issued a notice advising its citizens to leave the country. On 11/01/2025 , President Trump stated that Iran had reached out to propose nuclear talks, prompting subsequent diplomatic engagement between US envoy Steve Witkoff and Iranian officials. The following day, on 12/01/2025 , the White House reaffirmed President Trump’s willingness to use military force, while emphasizing that diplomatic channels remained open. Unconfirmed reports indicate that Trump reportedly set out conditions aimed at preventing US intervention and including demands related to the protests, uranium enrichment, and long-range missile development. However, they are unlikely to be accepted by Iran. On 12/01/2025 , pro-government protests took place in Tehran, joined by Iranian President Massoud Pezeshkian, underscoring the ongoing attempts by the Iranian regime to calm the protests, in this case by creating a parallel, seemingly citizen-led pro-government movement that could aim to confuse still swayable citizens into thinking that Iranians support the government. As per Aragchi’s comments, the government-led counter-protests likely aim to confirm Tehran’s statement that protestors are a “terrorist”-like minority.  Analysis The current wave of protests in Iran represents a significant escalation of internal instability, driven primarily by a severe economic crisis and awaited by Israeli PM Netanyahu, who explicitly referenced this outcome during its war with Iran in June last year. While the immediate trigger pointed towards national crisis and economic hardship, the regime's lethal crackdown, followed by a government-imposed national internet blackout has intensified the situation. This internal volatility is further complicated by an aggressive stance from the US and Israel, including President Trump's declared openness to intervention, raising the likelihood of external interference. The timing and imminence of this potential military threat however is unsure, given that the US currently does not have the assets available in the region to execute certain military actions, and US assets movements in the region have not increased. The question that needs to be asked is what Trump aims are and what he is able to achieve. Whether the objective is regime change through civil unrest or a coup, or the pursuit of a nuclear agreement, reliance on military force alone risks producing chaos rather than a favorable outcome. Though the perspective exists that certain scenarios of major military action are less likely at this stage, because it might undermine the protests, this does not exclude action from the US against Iran. Cooperation with Israel, whether directly or through joint operations, remains a possibility. Furthermore, potential actions following up on the recently imposed sanctions such as cyberattacks, information campaigns, and assassination attempts of regime officials/leaders cannot be ruled out. Reports state Trump is expected to hold a meeting with his national security team on  13/01/2025  to discuss options for supporting the protests and weakening the Iranian regime. However, what can be stated with confidence is Iran’s heightened alertness, driven by fears and expectations of imminent external action amid ongoing internal unrest. Implications for aviation and maritime security Over the past few days several NOTAMs for the OIIX/Tehran FIR have already been issued, with more airspace restrictions, temporary closures, and disruptions to civil aviation expected to follow. Particularly in the event of US and/or Israeli military intervention, sudden airspace closures across other Middle Eastern countries are likely, mirroring the disruptions observed during the Israel–Iran War last June. Iran’s recent threats of retaliatory targeting of US military and maritime assets further highlight the risk of disruptions to maritime operations. Additionally, an escalation of conflict, particularly if it continues over an extended period, could cause major disruptions at strategic maritime chokepoints such as the Strait of Hormuz and the Strait of Bab al-Mandab (connecting the Red Sea to the Gulf of Aden and the Indian Ocean). Sustained instability in these areas could have severe consequences for maritime operations and logistics, given that these routes are critical for maritime trade. Conclusion The economy-driven protests that began on 28/12/2025 have since expanded to an extent that poses a credible threat to the Iranian government. The Iranian government is walking a tightrope and its attempts to suppress the demonstrations, with censored media coverage, internet blackouts, and the use of violent suppression, have so far achieved limited results. The Iranian government has expressed openness to resume nuclear negotiations with the US in an effort to ease rising tensions and concerns over potential strikes. This however leaves key questions unresolved on the timing, scope and specific means of a potential US or Israeli intervention. Primarily due to the limited prospects for success in these ongoing diplomatic efforts, particularly in light of the demands the US has allegedly presented to Iran. Therefore, the situation remains highly volatile and poised for further escalation, with a likely continuation and increase in popular protests and a looming threat of external intervention.

Date: 05/12/2025 Executive Summary During 2025, reports have been made indicating the presence of uniformed, armed personnel (likely Russian-associated) aboard civilian vessels thought to be part of the vast Russian ‘shadow fleet’ comprising ageing, uninsured oil tankers and cargo vessels registered under flags of convenience and with deliberately confusing ownership structures. These uniformed personnel serve intelligence, surveillance, and command-and-control functions aboard vessels operating in the North Sea, Baltic Sea, and in proximity to critical energy and telecommunications infrastructure.  This development represents an escalation in Russia's hybrid warfare operations, transforming the shadow fleet from a sanctions-evasion mechanism into an active military intelligence platform with direct implications for North Sea-dependent economies. For North Sea littoral states, this poses an immediate and evolving threat to critical undersea cable infrastructure, offshore energy operations, port security, and maritime commerce. The presence of armed military personnel aboard civilian vessels in European waters, combined with documented drone operations taking place throughout European territory and the use of shadow fleet vessels to damage undersea cables, indicates Russia is preparing for potentially coordinated hybrid attacks on critical European infrastructure. Details Who Highly likely Russian military personnel (reportedly identified as wearing Russian Navy camouflage uniforms); embedded on civilian shadow fleet oil tankers registered under flags of convenience (Panama, Gabon, Comoros, Liberia, etc.); protected by Russian military air assets. What Armed personnel installed aboard civilian merchant vessels; observed photographing bridge passages and critical infrastructure during transits; exercising authority over international crews; intimidating maritime pilots and foreign crew members; gathering intelligence on European maritime infrastructure and critical facilities. Where Baltic Sea (primary focus). North Sea, especially critical infrastructure choke/crossing points.  Danish waters (routes transiting through Øresund Strait and Great Belt). Approaches to German, Polish, Lithuanian, Latvian, and Estonian ports. European Exclusive Economic Zones (EEZs). Approaches to critical oil transfer facilities, LNG terminals, undersea cable landing stations, and port infrastructure. When July 2025 – DanPilot reports uniformed personnel observations. August 2025 – Swedish Herald reports of spying on Danish critical infrastructure by shadow fleet personnel. September–November 2025  – Further Danwatch investigations. November 2025  – DanPilot confirms pattern of uniformed personnel sightings; ongoing through December 2025. Why Intelligence gathering : Russia deploying military observers to map port infrastructure, piloting procedures, security gaps, critical facility locations, NATO military response Tactics Techniques Procedures (TTPs). Crew control : Maintaining operational security and preventing crew defections or reporting of irregular activities. Intimidation : Demonstrating Russian state control and deterring pilot cooperation with European authorities. Diversifying of recent hybrid warfare : Extending Russia's intelligence collection and sabotage preparation into European waters. Political messaging : Signalling Russian willingness to violate international maritime law with near-total impunity. How Insertion of Russian military/state security personnel on board civilian ships as ‘ship's officers’ (particularly ‘second mate’ positions with de facto command authority, mirroring Soviet-era political commissar roles). Use of false credentials and opaque crew manifests. Operation under flag-of-convenience vessels with minimal transparency. Coordination with Russian naval and air assets providing protective cover. Exploitation of international crew diversity to conceal Russian personnel among mixed-nationality crews . What happened? Throughout 2025, several reports have documented an escalating pattern of almost certain Russian military personnel aboard Russian ‘shadow fleet’ vessels transiting European waters. Beginning in mid-2025 and intensifying through November, Danish investigative outlet Danwatch, in coordination with internal reports from DanPilot (Danish state pilotage service), identified seemingly uniformed Russian military or state security personnel embedded aboard civilian oil tankers operating under flags of convenience. These uniformed personnel have been observed conducting apparent surveillance activities, namely photographing bridge passages and critical infrastructure during transits, and exercising command authority over international crews. Pilot reports and internal maritime authority communications indicated that this practice has become increasingly common, with multiple shadow fleet vessels now following similar patterns of embedding uniformed Russian personnel, particularly in senior crew positions such as "second mate" with actual command-level authority over the vessel and crew. These personnel conduct reconnaissance by taking photographs of areas of interest and are likely also able to conduct aerial reconnaissance through the deployment of small drones for surveillance. These tactics, refined during the war in Ukraine, are now being deployed throughout Europe to undermine European societal resilience against potential attacks on infrastructure.   Analysis: Why does this matter for government and businesses? For North Sea Littoral State Governments Direct Escalation of Russian Hybrid Warfare in Sovereign and EEZ Waters The placement of armed Russian military personnel aboard civilian vessels operating in North Sea waters represents an escalation beyond Russia's previous hybrid warfare tactics. This is no longer simple sanctions evasion or passive intelligence collection; it is an active Russian military presence conducting surveillance, infrastructure reconnaissance, and sabotage preparation in European waters, frequently within nations' Exclusive Economic Zones where legal ambiguity complicates response. The concurrent deployment of Russian military aircraft to protect shadow fleet operations and systematic drone reconnaissance across German, Norwegian, Belgian, and Dutch territory indicates Russia has integrated the shadow fleet into a comprehensive European-wide hybrid warfare campaign combining maritime, aerial, and land-based intelligence collection and potential sabotage platforms. Challenge to Maritime Sovereignty and Legal Framework Russia has demonstrated it can: Insert armed military personnel aboard vessels in European waters with near-total impunity. Conduct surveillance and intelligence gathering on European critical infrastructure. Intimidate European maritime officials (pilots) without facing enforcement consequences. Maintain operational security despite NATO monitoring. Operate under flag-of-convenience vessels that complicate jurisdictional response. Coordinate with Russian military assets (aircraft, naval vessels) providing direct protective cover. This signals that North Sea littoral states lack coherent legal, operational, and political mechanisms to enforce maritime sovereignty against Russian hybrid operations. Convergence of Multiple Threat Vectors The shadow fleet armed personnel operations are not isolated, rather, they operate in coordination with: Systematic drone reconnaissance of military installations and critical infrastructure across European territory. increasingly using proxy actors and online recruitment of third-country nationals to carry out sabotage and intelligence gathering in European nations. Several cases of fibre optic cable sabotage throughout Europe since 2022. Russian fighter jet operations in European airspace (Su-35 fly-pasts of Estonian naval vessels attempting to interdict the vessel, JAGUAR, Lithuanian airspace violation October 2025, several Russian drone incursions in Romanian and Polish airspace since 2022). Several incidents since February 2022 are believed to have involved Russian shadow fleet vessels, or those of Russia’s allies, in undersea cable sabotage operations, with such activity necessitating the launch of NATO mission, OPERATION BALTIC SENTRY. The YANTAR (IMO: 7524419) laser-dazzling incident targeting Royal Air Force (RAF, UK) aircraft over critical North Sea cable infrastructure in November 2025.  This convergence suggests Russia is preparing for coordinated hybrid attacks combining maritime, aerial, cyber, and undersea elements to disrupt European critical infrastructure simultaneously. Threat to Critical North Sea Infrastructure Interdependencies The North Sea contains: Approximately 20+ critical undersea fibre optic cables carrying ~90% of North Sea region communications and transatlantic traffic. Multiple energy interconnections and power transmission cables. LNG terminal approaches and offshore oil/gas platforms. Port facilities housing energy transfer terminals. Maritime chokepoints (Øresund Strait, Great Belt) where all Baltic maritime traffic must transit. These infrastructure systems are critically interdependent: disruption to one cascades across multiple sectors. A coordinated attack on cable landing stations in the Netherlands, Belgium, and UK combined with drone strikes on power distribution and port facilities could simultaneously disrupt communications, energy supply, and maritime commerce across the entire North Sea region and UK-Europe trade. Financing Russia's War and Intelligence Operations The shadow fleet finances Russia's war effort to a significant degree. Russian military personnel embedded aboard shadow fleet vessels serve to: Ensure operational security and optimize sanctions evasion efficiency. Gather intelligence on European enforcement capabilities. Pre-position personnel for future sabotage or attack operations. Coordinate with other Russian intelligence and military assets. This means allowing shadow fleet operations with impunity directly finances Russia's continued military operations in Ukraine and preparations for potential NATO conflicts. For Critical Energy and Telecommunications Infrastructure Operators Intelligence Collection Targeting Facilitie s Russian military personnel aboard shadow fleet vessels have been systematically photographing: Port infrastructure and facility layouts at critical energy terminals. Pilot procedures and maritime traffic management systems. Security protocols and vulnerability gaps. Undersea cable landing station approaches and infrastructure. This intelligence will directly inform Russia's sabotage and target development planning. Given Russia's demonstrated interest in undersea cable targeting (YANTAR operations, GUGI capabilities, Baltic Sea cable incidents, etc.), the collection of North Sea port and cable facility intelligence suggests preparation for future attacks. Operational Vulnerability from Drone and Maritime Coordination The documented pattern of: Armed personnel aboard vessels gathering infrastructure intelligence. Concurrent drone sightings near military and critical facilities across European territory. Demonstrated Russian capability to launch drone operations from European-based recruits (via Telegram) or maritime platforms. Russian military protection of shadow fleet vessels via fighter jets and naval assets. These identified indicators can act as advanced warnings for several stakeholders. This activity suggests Russia is preparing for coordinated attacks combining maritime-based sabotage with drone strikes on land-based infrastructure. For North Sea operators, this means a single infrastructure disruption event could be accompanied by drone attacks on backup systems, power distribution, or personnel. Threat from Amphibious Drone Operations Originating from Shadow Fleet Vessels The legal ambiguity surrounding vessels' freedom of navigation in EEZs creates an operational vulnerability: shadow fleet vessels can position themselves near critical infrastructure, disable AIS beacons, and launch drone operations into European territory with minimal risk of immediate interception. Key factors enabling this threat: Drone range: Commercial and military-grade drones have varying ranges, with many being able to fly over 12Nm (22km), allowing launch from offshore vessels to target facilities kilometres inland. Unverified cargo: Many ships' cargoes are not checked when transiting from Russian ports through European waters, meaning vessels could carry drone systems, explosives, other materiel without detection. Vessel ID/ownership opacity: Opaque ownership and management structures make assignment of responsibility extremely difficult. AIS spoofing/shutdown: Shadow fleet vessels often disable tracking systems (AIS; Automatic Identification System) and operate more covertly while positioning for operations. The vessel can also have its position artificially altered, showing it in a location where it currently is not. Legal ambiguity: Foreign vessels enjoy freedom of navigation in EEZs, making it difficult to legally challenge their presence even when armed personnel are visible. Coordination with Land-Based Russian Recruitment Networks Russia maintains networks across European territory of individuals motivated by financial needs ("useful idiots") recruited via social media and messaging platforms (Telegram) to conduct drone reconnaissance of sensitive sites. The October 2025 timing, when Putin laughingly stated he would not send drones into Europe, immediately followed by drone sightings over German military installations, suggests deliberate coordination between: Maritime-based personnel and platforms (shadow fleet vessels). Land-based reconnaissance networks (recruited European operatives). Russian intelligence services coordinating operations. This means attacks on North Sea critical infrastructure could be preceded by drone reconnaissance conducted by European-based operatives, with targeting data shared with Russian military and maritime assets, enabling coordinated strike planning. Cascading Failure Risk in North Sea Region The interdependence of North Sea critical infrastructure means: Disruption to undersea cables affects communications, energy control systems, and financial networks simultaneously. Power system disruption affects port operations, LNG terminals, and offshore platform operations. Port disruption affects energy exports, maritime commerce, and supply chains. Coordinated disruption combining maritime sabotage with drone strikes could cascade across multiple interdependent systems. A single well-planned, coordinated attack could simultaneously disrupt energy supply, communications, maritime commerce, and financial systems across the entire North Sea region. Moreover, if these events happened on the borders of littoral nations’ EEZs, significant delay could be seen whilst nations identify who is responsible for reacting to the incident and repairing damaged assets. Conclusion Incidents taking place throughout Europe such as arson, sabotage, and cyberattacks will almost certainly continue albeit at a slower pace given that European intelligence and security agencies are becoming more aware of these tactics. However, more attention is highly likely to be placed on exploiting the power the Russian state has over a vast and murky maritime fleet that allows it to navigate and evade the rigidity and slow bureaucratic nature of Western authorities’ responses. The documented presence of armed Russian military personnel aboard shadow fleet vessels transiting North Sea waters represents an immediate and evolving threat to the security, sovereignty, and critical infrastructure of North Sea littoral states. This threat operates in coordination with drone reconnaissance operations across European territory, Russian military escort of shadow fleet vessels, and preparation for potential coordinated hybrid attacks on critical energy and telecommunications infrastructure. The North Sea region is uniquely vulnerable due to: Concentration of critical undersea cables and energy infrastructure. Geographic interdependence creates cascading failure risks. Legal ambiguity surrounding military activity in EEZs. Fragmented European response mechanisms. Russia's demonstrated operational skill and willingness to escalate. However, North Sea littoral states possess legal, operational, and strategic tools to respond decisively if political will exists. UNCLOS (United Nations Convention on the Law of the Sea), MARPOL (The International Convention for the Prevention of Pollution from Ships), SOLAS (The International Convention for the Safety of Life at Sea), and national maritime laws provide authority to board, inspect, detain, and exclude shadow fleet vessels. NATO coordination enables unified threat response. Critical infrastructure operator participation enables security hardening and redundancy. The narrow window of opportunity to establish effective enforcement and deterrence will close if Russia successfully integrates the shadow fleet as a routine presence in European waters. Acting decisively now is essential to defend North Sea sovereignty and critical infrastructure. Failure to act decisively can signal to Russia that shadow fleet armed personnel operations can continue with impunity, likely encouraging further escalation and increasing the risk of major incidents affecting European energy security, communications infrastructure, and maritime commerce.

Date:  02/12/2025  (11:30 UTC+01:00) Where?  Tanzania: Dar es Salaam, Arusha, Mwanza, Dodoma (and possibly more cities) What happened?  Recently, it was announced that Tanzania will cancel its celebration for its 64th Independence Day, held on  09/12/2025 . The official reason is that the money for the festivities is needed to rebuild infrastructure damaged during the post-election protests that swept the nation in early November. The decision appears to have deeper political motivations beyond the stated budgetary concerns. Significant national anniversaries often serve as catalysts for political activism and civil resistance movements. This pattern was evident during Kenya's Saba Saba  (July 7th) protests  earlier this year, during which a historic commemoration date became a focal point for mass demonstrations.   A similar scenario is plausible in Tanzania, which continues to grapple with the aftermath of severe post-election violence . Following widespread protests against President Samia Suluhu Hassan's electoral victory - widely viewed as fraudulent - security forces responded with lethal force. According to some estimates, hundreds of people were killed during the unrest. A trusted internal source indicates that the government plans to impose a new curfew beginning on 5 December,  lasting for roughly five days, coinciding with a planned internet shutdown aimed at inhibiting coordination of Independence Day demonstrations. Given the government’s demonstrated willingness to use force to pre-empt political mobilization and its extensive reliance on internet disruption and curfews during the post-election unrest, such measures should be considered a credible scenario. Building on that,  authorities are also likely to deploy significant security forces to key arteries, junctions, and protest hotspots , including Morogoro Road, city-centre districts, and approaches to Julius Nyerere International Airport (DAR/HTDA) beginning several days before 9 December. Due to the expected heavy security presence, large-scale protests in Tanzania’s cities are considered unlikely, as the police will move quickly to disperse crowds and use force if necessary. The possibility of widespread unrest across multiple districts, accompanied by multi-day communication disruptions, is less likely but remains a credible scenario given the intensity of public anger and the government’s sensitivity to international scrutiny. For staff residing in Dar es Salaam, Arusha, Mwanza, and Dodoma, the most significant risks between 5–10 December will stem from transit disruptions, disproportionate security responses, short-notice curfews, and loss of communication capability . Keep into account that stocks in supermarkets and other shops might run out; keep an emergency supply  of food and water available. Don't save photos or videos of the recent violence in Tanzania, as it may be considered a criminal offence For more information, contact Dyami at info@dyami.services

26 November 2025 Executive Summary Venezuela has evolved into one of the most significant hybrid threat hubs in the Western Hemisphere, where state authority, criminal enterprises, armed groups, and foreign intelligence services converge. The Maduro regime’s alliances with Iran, Russia, and Cuba — combined with deep integration with FARC dissident factions, the ELN, and transnational criminal organizations — have transformed the country into a strategic platform for destabilizing regional activity. A recent US Senate testimony (October 2025) confirms that Hezbollah, facing unprecedented financial strain following heavy battlefield losses and disrupted Iranian funding channels, is now increasingly reliant on Latin American drug-trafficking and money-laundering networks. Venezuela sits at the center of these operations, providing documentation, safe haven, logistical support, and permissive access to free-trade zones that facilitate Hezbollah’s global financial architecture. This places Caracas at the core of a hemispheric network that links narcotics flows, illicit finance, and the survival of a major Iranian proxy. Russia’s footprint in Venezuela has simultaneously expanded from political support to direct military enhancement. Ukrainian Intelligence reports indicate that a Russian general implicated in the Kakhovka Dam attack is now training Venezuelan forces to mark  a shift toward embedding Russian doctrine and hybrid warfare capabilities inside the Venezuelan security apparatus. This development strengthens regime resilience while further entrenching foreign strategic influence. These networks sow instability across the Caribbean and in South America.  Armed groups enjoy sanctuary and operational freedom in Venezuelan territory; illicit maritime corridors into the Caribbean are expanding; and Hezbollah-linked financial and logistical cells continue to surface in Brazil, Argentina, and beyond. The result is a transnational ecosystem in which state actors, criminal syndicates, and foreign proxies reinforce one another. In the foreseeable future, barring a US military intervention, the integration of Iranian, Russian, criminal, and insurgent structures into the Venezuelan state is expected to intensify. This presents growing risks to regional governments, international businesses, and Western security interests, while increasing the likelihood that the hemisphere becomes an active theatre for global hybrid conflict dynamics. Situation Overview: Threat networks Venezuela has developed into a permissive operating environment for insurgent and criminal networks with historical roots in the region. FARC dissidents, the ELN, and a mosaic of armed militias have established parallel structures in border areas and mining regions. Their survival depends on illicit economies — gold, cocaine, fuel smuggling, extortion, and migrant trafficking — which are now increasingly integrated with regime-aligned military and political elites . The Cartel de los Soles , embedded within the Venezuelan armed forces, remains central to this fusion of state authority and organized crime. Cuba’s  entrenched role within Venezuela’s intelligence and security architecture reinforces these dynamics. Cuban advisors shape surveillance, counter-dissent operations, and the internal control mechanisms that protect regime elites . This creates a stable authoritarian backbone that enables the regime to absorb foreign partners and maintain cohesion despite economic collapse. Russia ’ s influence has deepened significantly. Beyond political backing and disinformation support, Russian advisors now play a direct role in shaping Venezuela’s military capabilities. Intelligence from Ukrainian, including head of Ukraine’s Military Intelligence HUR Kyrylo Budanov  and Western sources indicates that a Russian general, Oleg Makarevich, associated with hybrid warfare operations in Ukraine — including the Kakhovka Dam sabotage — is training Venezuelan forces in drone warfare, electronic warfare, reconnaissance, and irregular tactics. This marks a shift from advisory presence to direct force-development support, embedding Russian doctrine within Venezuela’s armed forces and securing Moscow’s foothold in the hemisphere. Iran ’s footprint in Venezuela continues to expand across industrial, energy, intelligence, and logistical channels. This presence has taken on renewed significance as Hezbollah faces an acute financial crisis. According to Sales and Levitt ( US Senate hearing of 20–21 Oct 2025 ), Hezbollah has lost a major portion of its funding pipeline due to: destruction of cash and gold stockpiles in Israeli strikes collapse of Syrian regime support reduced Iranian capacity to subsidize its proxy due to sanctions and internal pressures dismantling of Hezbollah’s shadow banking networks such as al-Qard al-Hassan As a result, Hezbollah is doubling down on drug trafficking and money laundering in Latin America — with evidence showing that Venezuela is a key enabler. Sales identifies Venezuela under Maduro as a key operational safe haven, providing: official documentation (passports, IDs) to Hezbollah operatives logistical support for drug shipments, weapons transfers, cash handling, and contraband permissive ports and airports for trans-shipment freedom for Hezbollah-linked figures to operate with impunity Levitt’s testimony reinforces this, documenting cases where Venezuelan-linked couriers moved drug proceeds to Lebanon, where Hezbollah facilitators used Venezuelan Free Trade Zones or FTZs (notably Margarita Island) for money laundering, and where Venezuelan diplomatic cover supported Hezbollah-connected movement across the hemisphere. The impact The regional impact is broadening. Colombian border provinces suffer spillover from Venezuelan-based armed actors; Ecuador’s institutional collapse shows how quickly hybrid networks can overwhelm state capacity; Brazil and Argentina continue to expose Hezbollah-linked financial and logistics cells ; and Caribbean territories linked to Europe (Aruba, Curaçao, Bonaire, British Virgin Islands, Cayman Islands, Guadeloupe, Martinique) function as transit nodes for Venezuelan-origin cocaine, gold, weapons, and illicit finance. These maritime corridors further anchor Venezuela’s position within global criminal–militant supply chains. Across Latin America, risk indicators suggest accelerating hybridization. Armed groups expand territorial control within Venezuela, Iranian technical deployments increase, Hezbollah’s facilitators deepen their financial networks, and Russia’s military presence grows more explicit. Together, these developments indicate the emergence of a fully integrated hybrid threat ecosystem supported — and in some cases orchestrated — by the Venezuelan state. Looking ahead Baseline Scenario: Consolidation of the Hybrid Threat Hub (Most Likely) Hezbollah escalates its reliance on Latin American drug money to offset declining Iranian subsidies. Venezuela tightens its cooperation with Russia, Iran, and Cuba, embedding foreign operatives and intelligence services within its security architecture. FARC/ELN groups expand their control in border zones. Illicit financial flows through Venezuela, Brazil, and Caribbean jurisdictions continue to rise. Outcome:  Increasing regional instability and expanding exposure for financial institutions and logistics operators. Escalation Scenario: Operational Activation and Geopolitical Friction (Plausible) Hezbollah-linked networks, under financial and strategic pressure, transition from financial functions to operational activities, including surveillance or planned attacks against Western or diplomatic targets in the region. Russia expands military training or deploys additional personnel, heightening US.–Russia tensions in the hemisphere. Debate intensifies over designating Venezuela a State Sponsor of Terrorism. Outcome:  High risk of targeted attacks, maritime disruptions, and destabilizing incidents across Latin America. Stabilization Scenario: Partial Rollback Through Regional Alignment (Least Likely) A limited political opening in Caracas, combined with coordinated regional diplomacy and enhanced intelligence-sharing, leads to partial containment of armed group expansion. Colombia regains control over key frontier zones, while Ecuador stabilizes critical institutions. Tehran focuses its resources elsewhere, slowing its operational tempo in the hemisphere. Illicit economies persist, but the strategic environment stabilizes, reducing the momentum of hybrid operations. Outcome:  Moderate friction for Hezbollah but persistent networks. Conclusion Venezuela’s evolution into a hybrid threat hub is now quite firmly established. The convergence of armed groups, criminal economies, and foreign strategic actors — including Russia’s escalating military role, Iran’s expanding intelligence footprint, and Hezbollah’s increasing dependence on Latin American narcotics revenues — positions Venezuela as a hemispheric and global destabilizer. The 2025 Senate testimonies confirm that Venezuela’s permissive environment is now a central regional node in Hezbollah’s financial architecture and to Iran’s broader proxy ecosystem. Over the coming year, these networks could intensify, reshaping Latin America’s security landscape and complicating Western efforts to counter agile, state-supported hybrid threats.

Date:  27/11/2025  (12:00 UTC+01:00) Where?  Guinea-Bissau; Bissau What happened?  On 23/11/2025 , the West-African nation Guinea-Bissau held presidential and legislative elections. If the incumbent Umaro Sissoco Embaló would manage to become re-elected, he would be the first president in Guinea-Bissau to do so in about three decades.  Tensions surrounding the elections had been simmering for a while. On 31/10/2025 , a group of senior officers in the country’s army was arrested overnight. They were accused of plotting to undermine the constitutional order, and disrupt the November elections.  Then later, just two days before the elections on 13/11/2025 , the president of the the African Party for the Independence of Guinea and Cape Verde (PAIGC) - the party which led the armed struggle for liberation in 1973 and had been dominant in the country’s politics for decades - was banned from running in the elections. This ban of the most serious opposition party essentially cleared the way for Embaló to win last weekend’s elections. Shortly after the elections on 24/11/2025 , Embaló as well as his main challenger who did manage to run in the elections - Fernando Dias - both claimed victory on Monday ahead of the publication of the official results, each claiming over half the vote.  Then in the morning of 26/11/2025 , gunfire was reported  near the presidential palace in Bissau. Roads to the palace were reportedly closed with checkpoints manned by heavily armed and masked soldiers. Shooting was also heard near the Interior Ministry and National Electoral Commission, which led to hundreds of people fleeing.  That same day around 13:00 UTC, President Embaló was arrested with resistance by a group of soldiers led by his army chief of staff. Nothing was heard  from him for a while until the French magazine Jeune Afrique   got a phone call from Embaló in which he announced that he was deposed by the army.  That same afternoon, several other high-ranking army officers loyal to Embaló were arrested. Also detained were Interior Minister Botche Candé, opposition leader Fernando Dias, PAIGC’s previous electoral candidate Domingos Pereira and the head of the country’s electoral commission.  Later on 26/11/2025 , military officers led by General Denis N’Canha, former head of the presidential guard, appeared on state TV  broadcasting from the army headquarters. They announced that they - the newly announced ‘High Military Command for the Restoration of Order’ had taken “total control” over the country. Additionally, they announced a curfew starting at 19:00 UTC , the suspension of political institutions, media and electoral processes. Guinea-Bissau’s borders were closed too. According to coup leader N’Canha, this was because of a discovered plot by politicians, foreign figures and a ‘drug lord’ to manipulate election results.  International responses followed. Later at night on 26/11/2025,  Portugal’s MFA called “on all those involved to refrain from any act of institutional or civic violence and to resume the regular functioning of institutions, so that the process of counting and proclaiming the election results can be finalized”. West Africa’s ECOWAS and the African Union also expressed concern over the military takeover.  Analysis and conclusion The latest coup in Guinea-Bissau is far from the first in the West-African country, which has seen at least nine coups or coup attempts since gaining independence from Portugal in 1974. No president has been able to secure re-election in three decades, a pattern that reflects the country’s inability to enjoy political stability and perpetuates a cycle of political unrest. Now-deposed former President Embaló said himself that he survived multiple coup attempts upon becoming president of the nation in 2020.  Yet this coup was hardly unexpected. Tensions had been brewing for a while, as President Embaló had increasingly been trying to centralize power in the country. He pushed to expand presidential powers and dissolved the parliament in December 2023  following clashes between several factions of the country’s armed forces, which the president describes as a coup. Elections were then delayed several times for security reasons: initially planned for late 2024 and eventually rescheduled for November 2025. The military, which has been an influential institution in Guinea-Bissau for long, did not take a liking to Embaló’s centralizing tendencies. Embaló's decision to detain several military officials on 31/10/2025  likely only added fuel to this fire. Notwithstanding if the officers implicated actually had coup plans, it only deteriorated the relationship between Guinea-Bissau’s president and the armed forces. Aside from that, last weekend’s elections also undermined Embaló’s power base and popular mandate. The exclusion of the PAIGC from the polls - two days before the elections were set to take place - seriously distorted the political playing field and fuelled widespread distrust. By sidelining the party which was the most serious challenge to his power, and won two legislative elections in 2019  and 2023  he and his government undermined their legitimacy and created a situation in which a positive outcome is practically impossible. Winning this year’s November elections would likely be widely considered as an engineered victory, rather than a genuine popular mandate. Taken together, this week’s coup against President Umaro Sissoco Embaló comes as no surprise. Last weekend's election served less as the cause than as a trigger - a moment of vulnerability during which the military executed plans likely long in development.  Guinea-Bissau now faces several difficulties for the future. The country’s leadership needs to find a way to rebuild trust in its political institutions, which is not as easy as simply switching leadership. The military and civilian branches of government must forge a new working relationship to break this cycle that has plagued the nation since independence. Complicating matters even further, Guinea-Bissau faces serious external challenges. The country is a critical transit point for drug trafficking  between Latin America and Europe, with cocaine shipments regularly passing through its poorly monitored coastline and the Bijagos Archipelago. This fuels corruption at all levels of government and systematically undermines state institutions, making meaningful reform even more difficult to achieve. How the new leadership in Bissau plans to tackle these complex problems remains to be seen. For now, Guinea-Bissau faces a future of uncertainty.

Date:   25/11/2025 (16:30 UTC+01:00) Where?  Europe; Romania, Moldova,  the Netherlands, Lithuania. Belgium, Sweden, Germany What happened?  On 25/11/2025 , six Russian drones crossed Moldovan and Romanian airspace during a large strike on Ukraine. One crashed near the village of Etulia, with at least one drone tracked heading toward the Romanian border. Romanian air defence remained on alert after previous incursions. The Romanian MoD reported two drone incursions from Ukraine, triggering warnings and scrambles of German Typhoons (from Romanian Air Force 57th Mihail Kogălniceanu air base) and Romanian F‑16s (from Romanian Air Force 86th Borcea Air Base). The type of drones has not been disclosed, but almost certainly entails a long‑range, military‑grade Russian attack/loitering munitions such as Shahed‑type (Geran‑2) or similar UAVs used in mass strikes on Ukraine. One drone was later found crashed in a backyard in Vaslui country , a region bordering Moldova. It had likely run out of fuel. According to Romanian authorities, the drone was not carrying an explosive load. This was the deepest drone breach yet into Romania; the 13th since the start of the Russo-Ukrainian war in 2022. Another drone was found on the roof of a building in Cuhureștii de Jos, Florești district, Moldova (see photo below). This incident was just the latest of a recent string of airspace incursions all over Europe which had been going on for weeks. On the night of 23/11/2025  to 24/11/2025, Lithuania’s Vilnius Airport had to close for a short time twice because unidentified balloons were moving towards its airspace, diverting some incoming flights to other cities. This followed earlier incidents in October, when other unidentified balloons entered the capital’s airspace from Belarus’, which disrupted about 30 flights. Lithuanian officials linked this to earlier balloon incursions from the direction of Belarus and tightened a 90‑km no‑fly zone along the border. This was lifted on 19/11/2025 , but may again be imposed due to the latest incident.  Earlier, on 22/11/2025 , the Dutch MoD stated that its forces had fired on a drone in the vicinity of Volkel Air Base in Noord-Brabant, in the south of the Netherlands. This was a serious security incident, as American nuclear arms are stored at said air base. This incident does not entail the same type of drones such as the Shaheds , but more likely a small to medium‑sized remotely‑piloted or commercially derived drone (multirotor or small fixed‑wing), operated locally. In other words - those you can buy at the shop. On 18/11/2025 , the Romanian MoD detected a drone in their airspace travelling to Ukraine - triggering an alert and leading to fighter jets being scrambled to combat the threat. No debris was found; it is likely that the drone was able to continue its voyage to Ukraine uninterrupted.  On 06/11/2025 , drone sightings over Gothenburg‑Landvetter Airport in Sweden forced diversions to Copenhagen and other cities. This again concerned a commercial civilian-type drone.  Also on 06/11/2025 , operations at Hanover Airport in Germany were halted for about 45 minutes after an unidentified drone was sighted in the vicinity of the airport. Three flights were delayed or redirected; operations resumed shortly after. At the time of writing, it is unclear what happened to the drone.  Earlier in November, Belgium had several drone sightings over airports and other military or strategic locations. On 04/11/2025  drones were spotted over Zaventem airport, resulting in dozens of canceled flights. Earlier, drones were also observed over Kleine Brogel military airbase. Additional reports have come from other airports, including Ostend, Deurne (Antwerp), and to a lesser extent Charleroi, Florennes, and Schaffen. Some reports, such as those at Deurne, were later retracted after investigation. On 09/11/2025 , drones were spotted over the Doel nuclear power plant. Following these incidents, the UK deployed an extra anti-drone team to Belgium. On 02/11/2025 , flights were briefly suspended at Germany’s Bremen airport - also because a drone was flying overhead.  These incidents are just from November 2025 - they followed months in which drone sightings over airports in Europe became so frequent that they even got their own Wikipedia page.  Again, it is important to make the distinction between the long-range military grade drones used against Ukraine and civilian drones. The Romania-incidents, mostly fallout from the Ukraine War, concern the first category, while the airport incursions are because of the latter. Analysis and conclusion The recent wave of airspace incursions across Europe - from Russian military-grade drones straying into Romanian and Moldovan territory to mysterious balloon intrusions over Lithuania and unexplained (civilian) drone activity at airports and military installations in Sweden, Germany, Belgium, and the Netherlands - is a troubling pattern and once again highlights the vulnerability of European aviation security.  It has to be noted first that attribution remains uncertain in many of these incidents. Despite many fingers immediately pointing to Moscow as culpable, this has not been confirmed. Identifying the perpetrators behind such actions is also incredibly difficult, raising questions about whether attribution is even worth pursuing. What is clear, however, is that these incidents are consistent with grey-zone tactics designed to test defenses, generate uncertainty, and demonstrate the inadequacy of current measures and protocols, often used by geopolitical adversaries. These pretty simple incursions have caused disruptions, public confusion, and have threatened critical strategic assets. It appears that Europe remains unprepared in light of these threats. The current response frameworks, which comes down to scrambling fighter jets to intercept drones or closing airports each time an unidentified object appears, is operationally unsustainable and incredibly costly. Fighter aircraft are expensive, resource-intensive assets poorly suited to countering small, cheap drones that may simply run out of fuel and crash harmlessly. The fact that one Russian drone was recovered intact in a Romanian backyard, carrying no payload, illustrates the limited immediate threat of individual incursions and the disproportionate response they trigger. However, doing nothing also comes at a considerable cost, as it gives malicious actors carte blanche to violate NATO-airspace. There is also a risk that pilots may misjudge whether a drone carries a payload, potentially choosing not to shoot it down to avoid collateral damage, only for that assessment to be proven incorrect. This creates a challenging dilemma for NATO partners, forcing them to choose between costly overreaction and potentially dangerous inaction—precisely the kind of no-win complacency scenario that makes this an effective grey-zone tactic. As these incidents appear to be escalating in frequency and geographic spread, European nations require urgent investment in dedicated counter-drone systems, improved detection networks, and coordinated response protocols that don't rely on mobilizing fighter aircraft for every intrusion. Without necessary adaptation, Europe will remain reactive and vulnerable to continued exploitation of its airspace, whether by potential state actors testing boundaries or by the spillover effects of the war in Ukraine.

Date:  24/11/2025 (16:00 UTC+01:00) Who?  Russian intelligence-gathering vessel Yantar (Project 22010 oceanographic vessel, ~108 metres, IMO 7524419); operated by Russian Ministry of Defence Main Directorate of Deep-Sea Research (GUGI); deployed by Russian Navy/intelligence agencies.   Where?  Not expressly given by the British government, but according to open source flight data and the approaches of two military aircraft, the location of the incident likely occurred north west of Scotland IVO Hebrides approximately 45 nautical miles from British coast, with other reports stating as close at 12 nautical miles off the coast. Importantly in this area, there are critical transatlantic and intra-European subsea cables, as well as the homebase of the UK’s nuclear deterrent submarines, HMNB Clyde. The Yantar (ЯНТАРь) in 2018. What happened?  On 19/11/2025 , UK Defence Secretary John Healey confirmed that the Russian intelligence-gathering vessel,  Yantar , had entered UK waters off the northern Scottish coast and directed laser-dazzling devices at RAF pilots conducting surveillance operations. The ship had entered the UK exclusive economic zone (EEZ) within the last two weeks.  That same day, UK Royal Navy and RAF assets were deployed to monitor and track the vessel's movements, given its intelligence-gathering capabilities. During surveillance operations, RAF P-8 Poseidon aircraft pilots reported being targeted by laser-dazzling devices emitted from the  Yantar.  No physical injuries were reported, though the UK Defence Ministry emphasised the serious risk posed by such incidents to aircraft safety. Analysis Continuing Threat to Critical Undersea Infrastructure The undersea cable networks mapped and targeted by the  Yantar  carry approximately 98% of UK international communications and data traffic, including banking, energy sector communications, and civilian internet. Importantly, businesses in Europe, specifically those based in the littoral nations of the North Sea are critically dependent on these undersea infrastructures for Real-time financial transactions and banking operations, cloud-based services and data storage, energy sector operational control systems and sea-based physical assets, supply chain coordination and logistics and international communications and customer services. Disruption to even a single major cable or several at crossing-points would impact business operations across multiple sectors regionally and internationally. Most notably, stakeholders of cables or assets located in the North Sea are at continued risk of being directly or indirectly targeted by grey zone actions, given the target-rich environment for adversaries and the inability to protect so many potential targets in such a vast area.  Escalation of sea and land-based Russian Hybrid Warfare Tactics This incident represents a significant escalation in Russian ‘grey zone’ operations, actions that fall short of declared war, but pose serious military and economic risk. The use of laser-dazzling against RAF personnel indicates: Increased willingness to directly target NATO military assets; Potential expansion of hostile actions beyond reconnaissance to active interference; Testing of UK response capabilities and rules of engagement. Demonstration of capability and resolve to NATO adversaries. As a result, geopolitical tension between UK/NATO and Russia may escalate further, creating unpredictability in operations, especially in the North Sea and Baltic Sea. Furthermore, this latest incident complements the numerous drone sightings over key pieces of infrastructure in European NATO countries, including airfields, commercial airports, military facilities, and energy infrastructure. Business Continuity Risk for North Sea Operations Due to this, companies operating in or dependent on North Sea infrastructure face heightened risks, from offshore energy operations to telecommunication cables, maritime operations and international trade. Oil and gas facilities rely on subsea cables for operational control, remote monitoring, and communications, and offshore wind farms depend on undersea power transmission systems. Shipping, fishing, and marine services depend on GPS, communications, and navigation systems that rely on undersea infrastructure to transmit internet traffic. Delays or disruptions to North Sea shipping lanes or related communications would affect supply chains globally, and consequently global markets. Lastly, there may be insurance and liability implications for disruption to critical infrastructure and regulatory attention to infrastructure resilience may result in new compliance requirements. Information gathering for future attacks The  Yantar's  activities include collecting valuable intelligence on various targets, such as: cable routing and network architecture, operational security protocols of energy and communications networks, geographic vulnerabilities in critical infrastructure, asset clustering/crossings between the UK, the Netherlands and Belgium, threatening a cascading risk, geographic chokepoints i.e. Great Belt (Denmark Strait), and NATO military coordination and response capabilities. This intelligence could inform future Russian cyber or physical attacks on critical systems. Notably, there are thought to be approximately 50 other vessels, operated by GUGI, that conduct similar intelligence-gathering operations worldwide. Conclusion The  Yantar  incident represents a significant escalation in Russian intelligence and hybrid warfare operations targeting critical UK and NATO infrastructure. For businesses operating in the North Sea, dependent on undersea communications infrastructure, or engaged in international trade, this situation requires immediate reassessment of business continuity plans, cybersecurity postures, and supply chain resilience. The incident demonstrates Russia's willingness to directly target NATO military assets in the grey zone, suggesting potential for further escalation. Organisations should treat this as a wake-up call to accelerate implementation of redundancy and contingency planning for critical infrastructure dependencies. This incident is only a part of a Europe-wide grey zone series of events almost certainly being conducted by the Russian state and associated entities, at sea and on land. They do not qualify a war response and therefore continued actions with plausible deniability will continue to be conducted, probing and testing NATOs military resolve, and more importantly, that of its citizens and businesses.