Cloud giant Amazon Web Services experienced DNS resolution issues on Monday, leading to cascading outages that damaged enormous swaths of the network. Monday’s crash illustrates the world’s fundamental dependence on so-called hyperscalers like AWS, and the challenges facing both major cloud service providers and their customers when something goes wrong. Below you will find more information about how the failure occurred.
Indictments by the U.S. Department of Justice over a crowd-fueled gambling fraud rippled through the NBA on Thursday. The case includes allegations that a crowd-backed group used hacked card shufflers to defraud victims out of millions of dollars – an approach recently demonstrated by WIRED in an investigation into the hacking of Deckmate 2 card shufflers used in casinos.
We uncovered the details of the shocking jewelry heist at the Louvre and, through our investigation, determined that U.S. Immigration and Customs Enforcement likely did not purchase the missile warheads as part of their orders. The transaction appears to have resulted from an accounting coding error.
Meanwhile, Anthropic has partnered with the U.S. government to develop mechanisms to prevent Claude’s AI platform from directing someone through the process of building a nuclear weapon. However, experts have mixed reactions on whether this project is necessary and whether it will be successful. Up-to-date research this week indicates that a browser that has apparently been downloaded millions of times – known as Universe Browser – is behaving like malware and has links to Asia’s booming cybercrime and illegal gambling networks.
And there’s even more. Each week, we summarize security and privacy news that we haven’t covered in detail ourselves. Click on the headlines to read the full articles. And stay unthreatening there.
In a “post-event debrief” on Thursday, AWS confirmed that Monday’s major outage was caused by a domain system registry failure in DynamoDB. However, the company also explained that these issues also signaled other issues, increasing the complexity and impact of the outage. One of the main elements of the collapse was problems with the Network Load Balancer service, which is crucial for dynamically managing processing and data flow in the cloud to prevent bottlenecks. The second was disruptions in launching recent “EC2 Instances,” the virtual machine configuration engine at the core of AWS. The system was unable to spawn recent instances and began to burden itself with the burden of backlogged requests. All these elements together make recovery a arduous and time-consuming process. The entire incident – from detection to resolution – took approximately 15 hours on AWS. “We know this event had a significant impact on many customers,” the company wrote in the postmortem. “We will do everything we can to learn from this event and use them to further improve our accessibility.”
The cyber attack, which halted production of global car giant Jaguar Land Rover (JLR) and its extensive supply chain for five weeks, is likely to be the most financially costly hack in UK history, a new analysis showed this week. According to the Cyber Monitoring Center (CMC), the impact of the attack is likely to be around £1.9 billion ($2.5 billion). CMC researchers estimated that around 5,000 companies may have been affected by the breach, with JLR ceasing production and the knock-on effect in the just-in-time supply chain also forcing parts supply companies to halt operations. JLR restored production in early October and he said after a “difficult quarter”, annual production fell by about 25 percent.
ChatGPT developer OpenAI released its first web browser this week – a direct shot at the dominant Google Chrome browser. Atlas places an OpenAI chatbot at the heart of the browser, with the ability to search using LLM and analyze, summarize and ask questions about the web pages you view. However, as with other AI-enabled web browsers, security experts and researchers are concerned about the possibility of indirect injection attacks.
These insidious, almost unsolvable attacks work by hiding a set of instructions for the LLM in text or an image, which the chatbot will then “read” and act on; for example, malicious instructions may appear on the website that the chatbot is asked to summarize. Security researchers have previously shown how these attacks can leak secret data.
Almost like clockwork, AI security researchers showed what Atlas could be like cheated through rapid injection attacks. In one case, an independent researcher Johann Rehberger showed how the browser can automatically switch from murky mode to lithe mode by reading the instructions in a Google doc. “For this launch, we conducted extensive red-teaming activities, implemented novel model training techniques to reward the model for ignoring malicious instructions, implemented overlapping guardrails and security measures, and added new systems to detect and block such attacks” – OpenAI CISO Dane Stuckey wrote on X. “However, instant injection remains a borderline, unsolved security issue, and our adversaries will spend significant time and resources finding ways to make the ChatGPT agent[s] fall for these attacks.”
On Tuesday, researchers at cloud security firm Edera publicly disclosed findings of a significant vulnerability in open source libraries in a file archiving feature often used to distribute software updates or create backups. Multiple “forks” or adapted versions of the library, known as “async-tar”, contain this vulnerability and have released fixes through a coordinated disclosure process. However, researchers point out that one widely used library, “tokio-tar”, is no longer maintained – it is sometimes called “abandoned software”. As a result, tokio-tar users cannot apply any patch. The vulnerability is tracked as CVE-2025-62518.
“In a worst-case scenario, this vulnerability… could lead to remote code execution (RCE) via file overwrite attacks such as exchanging configuration files or hijacking build backends,” the researchers wrote. “Our suggested solution is to immediately upgrade to one of the patched versions or remove this dependency. If you care about tokio-tar, consider migrating to an actively supported fork such as astral-tokio-tar.”
Over the past decade, hundreds of thousands of people have been trafficked to forced labor centers in Southeast Asia. In these centers – mainly in Burma, Laos and Cambodia – victims of human trafficking are forced to carry out online fraud and steal billions for organized crime groups.
When law enforcement shut down internet connections to properties, criminal gangs often used Elon Musk’s Starlink satellite system to stay online. In February, a WIRED investigation found thousands of phones connecting to the Starlink network at eight facilities on the Myanmar-Thailand border. The company did not respond to inquiries about the exploit of its systems at the time. Multiple Starlink wa devices were seized this week raid on a compound in Burma.