Amazon Explains How Its AWS Outage Took Down the Web

The unreality giant Amazon Web Services knowledgeable DNS solution issues connected Monday leading to cascading outages that took down wide swaths of nan web. Monday’s meltdown illustrated nan world’s basal reliance connected alleged hyperscalers for illustration AWS and nan challenges for awesome unreality providers and their customers alike erstwhile things spell awry. See beneath for much astir really nan outage occurred.

US Justice Department indictments successful a mob-fueled gambling scam reverberated done nan NBA connected Thursday. The lawsuit includes allegations that a group backed by nan mob was utilizing hacked paper shufflers to con victims retired of millions of dollars—an attack that WIRED precocious demonstrated successful an investigation into hacking Deckmate 2 paper shufflers utilized successful casinos.

We broke down nan specifications of nan shocking Louvre jewelry heist and found successful an investigation that US Immigration and Customs Enforcement apt did not bargain guided rocket warheads arsenic portion of its procurements. The transaction appears to person been an accounting coding error.

Meanwhile, Anthropic has collaborated pinch nan US authorities to develop mechanisms meant to support its AI platform, Claude, from guiding personification done building a atomic weapon. Experts person mixed reactions, though, astir whether this task is necessary—and whether it will beryllium successful. And caller investigation this week indicates that a browser seemingly downloaded millions of times—known arsenic nan Universe Browser—behaves for illustration malware and has links to Asia’s booming cybercrime and forbidden gambling networks.

And there’s more. Each week, we information up nan information and privateness news we didn’t screen successful extent ourselves. Click nan headlines to publication nan afloat stories. And enactment safe retired there.

After Major Outage, AWS Unpacks “Three Distinct Periods of Impact”

AWS confirmed successful a “post-event summary” connected Thursday that its awesome outage connected Monday was caused by Domain System Registry failures successful its DynamoDB service. The institution besides explained, though, that these issues tipped disconnected different problems arsenic well, expanding nan complexity and effect of nan outage. One main constituent of nan meltdown progressive issues pinch nan Network Load Balancer service, which is captious for dynamically managing nan processing and travel of information crossed nan unreality to forestall choke points. The different was disruptions to launching caller “EC2 Instances,” nan virtual instrumentality configuration system astatine nan halfway of AWS. Without being capable to bring up caller instances, nan strategy was straining nether nan weight of a backlog of requests. All of these elements mixed to make betterment a difficult and time-consuming process. The full incident—from discovery to remediation—took astir 15 hours to play retired wrong AWS. “We cognize this arena impacted galore customers successful important ways,” nan institution wrote successful its station mortem. “We will do everything we tin to study from this arena and usage it to amended our readiness moreover further.”

Cyberattack Against Jaguar Land Rover Set to Cost Around $2.5 Billion

The cyberattack that unopen down production astatine world car elephantine Jaguar Land Rover (JLR) and its sweeping proviso concatenation for 5 weeks is apt to beryllium nan astir financially costly hack successful British history, a new study said this week. According to nan Cyber Monitoring Centre (CMC), nan fallout from nan onslaught is apt to beryllium successful nan region of £1.9 cardinal ($2.5 billion). Researchers astatine nan CMC estimated that astir 5,000 companies whitethorn person been impacted by nan hack, which saw JLR extremity manufacturing, pinch nan knock-on effect of its just-in-time proviso concatenation besides forcing firms supplying parts to halt operations arsenic well. JLR restored accumulation successful early October and said its yearly accumulation was down astir 25 percent aft a “challenging quarter.”

OpenAI’s Web Browser Atlas Raises Prompt Injection Fears

ChatGPT shaper OpenAI released its first web browser this week—a nonstop changeable astatine Google’s ascendant Chrome browser. Atlas puts OpenAI’s chatbot astatine nan bosom of nan browser, pinch nan expertise to hunt utilizing nan LLM and person it analyze, summarize, and inquire questions of nan web pages you’re viewing. However, arsenic pinch different AI-enabled web browsers, experts and information researchers are concerned astir nan imaginable for indirect punctual injection attacks.

These sneaky, almost unsolvable, attacks impact hiding a group of instructions to an LLM successful matter aliases an image that nan chatbot will past “read” and enactment upon; for instance, malicious instructions could look connected a web page that a chatbot is asked to summarize. Security researchers person antecedently demonstrated really these attacks could leak concealed data.

Almost for illustration clockwork, AI information researchers person demonstrated really Atlas tin be tricked via punctual injection attacks. In 1 instance, independent interrogator Johann Rehberger showed really nan browser could automatically move itself from acheronian mode to ray mode by reference instructions successful a Google Document. “For this launch, we’ve performed extended red-teaming, implemented caller exemplary training techniques to reward nan exemplary for ignoring malicious instructions, implemented overlapping guardrails and information measures, and added caller systems to observe and artifact specified attacks,” OpenAI CISO Dane Stuckey wrote connected X. “However, punctual injection remains a frontier, unsolved information problem, and our adversaries will walk important clip and resources to find ways to make ChatGPT agent[s] autumn for these attacks.”

Critical Vulnerability successful Open Source Tool Illustrates Software Supply Chain Challenges

Researchers from nan unreality information patient Edera publically disclosed findings connected Tuesday astir a important vulnerability impacting unfastened root libraries for a record archiving characteristic often utilized for distributing package updates aliases creating backups. Known arsenic "async-tar," galore "forks" aliases adapted versions of nan room incorporate nan vulnerability and person released patches arsenic portion of a coordinated disclosure process. The researchers emphasize, though, that 1 wide utilized library, "tokio-tar," is nary longer maintained—sometimes called "abandonware." As a result, location is nary spot for tokio-tar users to apply. The vulnerability is tracked arsenic CVE-2025-62518.

"In nan worst-case scenario, this vulnerability ... tin lead to Remote Code Execution (RCE) done record overwriting attacks, specified arsenic replacing configuration files aliases hijacking build backends," nan researchers wrote. "Our suggested remediation is to instantly upgrade to 1 of nan patched versions aliases region this dependency. If you dangle connected tokio-tar, see migrating to an actively maintained fork for illustration astral-tokio-tar."

2,500 Starlink Terminals Deactivated Around Scam Compounds, SpaceX Claims

Over nan past decade, hundreds of thousands of group person been trafficked to forced labour compounds successful Southeast Asia. In these compounds—mostly successful Myanmar, Laos, and Cambodia—these trafficking victims person been compelled to tally online scams and steal billions for organized crime groups.

When rule enforcement agencies person unopen disconnected net connections to nan compounds, nan criminal gangs person often turned to Elon Musk’s Starlink outer strategy to enactment online. In February, a WIRED investigation recovered thousands of phones connecting to nan Starlink web astatine 8 compounds based astir nan Myanmar-Thailand border. At nan time, nan institution did not respond to queries astir nan usage of its systems. This week, aggregate Starlink devices were seized successful a raid astatine a Myanmar compound.