Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
cloud monster Amazon Web Services experienced DNS resolution issues on Monday leading to cascading outages that take down wide swathes of the web. Monday’s deluge paints a picture of the world’s fundamentals dependency On so-called hyperscalers like AWS and the like The challenge for major cloud providers and their customers alike is when things go haywire. See below for more on how the outage occurred.
The U.S. Department of Justice indicted the NBA on Thursday in a mob-fueled gambling scandal. Includes lawsuits Allegations that a mob-backed group is using hacked card shufflers to trap victims in millions of dollars—a method that As Wired recently demonstrated Investigating the hacking of the Deckmate 2 card shuffler used in casinos.
we are Details break on tragic Louvre jewelry heist And An investigation found that US Immigration and Customs Enforcement may not have purchased the guided missile warhead. As part of its collection. The transaction appears to have been an accounting coding error.
Meanwhile, Anthropic has partnered with the US government From guiding someone through building a nuclear weapon to creating mechanisms to hold back his AI platform, the cloud. Experts have mixed reactions, though, on whether the project is necessary — and whether it will succeed. And new research this week indicates that one browser – known as Universe Browser – has been downloaded seemingly millions of times.behaves like malware and has links to Asia’s growing cybercrime and illegal gambling networks.
And there are more. Each week, we round up security and privacy news that we haven’t covered in depth Click on the title to read the full story. And stay safe out there.
AWS confirmed in a “post-event summary” on Thursday that Monday’s major outage was caused by a domain system registry failure in its DynamoDB service. The company also explained, however, that these issues, among other issues, amplify the complexity and impact of outages. A major component of the meltdown involves issues with the network load balancer service, which is critical to dynamically managing the processing and flow of data across the cloud to prevent choke points across the cloud. Another is the barrier to introducing the new “EC2 Instance”, the virtual machine configuration mechanism at the core of AWS. Without being able to fetch new instances, the system was getting crushed under the weight of the request backlog. All these factors combine to make recovery a difficult and time-consuming process. The entire incident – from detection to remediation – took about 15 hours to show up within AWS “We know this incident has impacted many customers in a significant way,” the company wrote in its post mortem. “We will do what we can to learn from this event and use it to further improve our availability.”
Cyber ​​attacks that have stopped Manufacturing at global car giant Jaguar Land Rover (JLR) and sweeping its supply chain for five weeks could be the most financially costly hack in British history, a New analysis said this week. According to the Cyber ​​Monitoring Center (CMC), the attack could cost in the region of £1.9 billion ($2.5 billion). Researchers at CMC estimate that around 5,000 companies may have been affected by the hack, which saw JLR halt production, with the knock-on effect on its just-in-time supply chain also forcing parts suppliers to shut down operations. JLR resumed production in early October and said After a “challenging quarter”, its annual production fell by around 25 percent.
ChatGPT Creator OpenAI released its first web browser This week—a direct shot at Google’s dominant Chrome browser. Using LLM puts OpenAI’s chatbot at the heart of the Atlas browser with the ability to search, analyze, summarize and ask questions about the web pages you’re viewing. However, as with other AI-enabled web browsers, experts and security researchers are concerned about its potential Indirect prompt injection attack.
This sneaky, Almost unsolvedAttacks involve hiding a set of instructions to an LLM in text or an image that the chatbot will then “read” and act on; For example, malicious instructions may appear on a web page that a chatbot is asked to summarize. Security researchers have previously shown how This attack may leak confidential information.
Almost like clockwork, AI security researchers have Shows how the atlas can be deceived via prompt injection attacks. In one instance, independent researchers Johann Rehberger Showed how the browser can automatically turn itself from dark mode to light mode by reading the instructions in the Google document. “For this launch, we’ve done extensive red-teaming, applied novel model training techniques to reward the model for ignoring malicious instructions, implemented overlapping guardrails and safeguards, and added new systems to detect and block such attacks,” OpenAI CISO Dan Stuckey wrote in X. “However, prompt injection remains a frontier, unsolved security problem, and our adversaries will spend significant time and resources finding ways to agent ChatGPT.[s] Fall for this attack.”
Researchers at cloud security firm Ederra on Tuesday publicly disclosed findings about a significant vulnerability affecting open source libraries for file archiving features used to distribute software updates or create backups. Known as “async-tar”, numerous “forks” or adapted versions of the library contain vulnerabilities and release patches as part of the integrated release process. The researchers emphasized, however, that one widely used library, “Tokyo-tar”—is no longer maintained—sometimes called “abundanceware.” As a result, there is no patch for Tokyo-Ter users to apply. The vulnerability is tracked as CVE-2025-62518
“In a worst-case scenario, this vulnerability … could lead to remote code execution (RCE) via file overwriting attacks, such as replacing configuration files or hijacking the build backend,” the researchers wrote. “Our recommended remedy is to immediately upgrade to one of the patched versions or remove this dependency. If you depend on tokyo-tar, consider migrating to an actively maintained fork like astral-tokyo-tar.”
There have been millions of people in the past decade Forced labor is trafficked to the compound In Southeast Asia. In these compounds – mostly in Myanmar, Laos and Cambodia – these trafficking victims are forced to run online scams and Billions stolen for organized crime groups.
When law enforcement agencies shut down Internet connections in compounds, criminal gangs often turn to them Elon Musk’s Starlink satellite system to stay online. In February, a Wired investigation Thousands of phones connecting to the Starlink network were found in eight compounds located around the Myanmar-Thailand border. At the time, the company did not respond to questions about its system usage. This week, multiple Starlink devices have been seized A raid on a compound in Myanmar.
