Amazon explains how the AWS outage destroyed the web

cloud giant Amazon Web Services experienced DNS resolution problems on Monday, leading to cascading outages that took down large parts of the web. Monday’s crisis showed the world’s fundamental reliance on so-called hyperscalers like AWS and the challenges facing big cloud providers and their customers when things go awry. See below for more information on how outages occur.

The U.S. Justice Department’s indictments of mobster gambling scams reverberated through the NBA on Thursday. The case involves allegations that a mob-backed group is using hacked card players to defraud victims out of millions of dollars — an approach WIRED recently revealed in an investigation into the hacking of Deckmate 2 card players used in casinos.

We broke down the details of the shocking Louvre jewelry heist and found in the investigation that US Immigration and Customs Enforcement likely did not purchase the guided missile warheads as part of its purchase. This transaction appears to have been an accounting coding error.

Meanwhile, Anthropic has worked with the US government to create mechanisms to prevent its AI platform, Cloud, from directing others to build nuclear weapons. However, experts have mixed reactions on whether the project is necessary and whether it will be successful. And new research this week shows that a browser that has apparently been downloaded millions of times – known as the Universe Browser – acts like malware and has links to Asia’s growing cybercrime and gambling networks.

And there are more. Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe there

AWS confirmed in a “post-event summary” on Thursday that its major outage on Monday was caused by domain system registry failures in its DynamoDB service. The company also explained, however, that these issues have caused other problems as well, increasing the complexity and impact of outages. A major component of the collapse involved problems with the Network Load Balancer service, which is critical for dynamically managing processing and data flow across the cloud to avoid bottlenecks. Another issue with launching new “EC2 instances” was the virtual machine configuration mechanism in AWS Core. Without being able to serve up new instances, the system was overwhelmed by the sheer volume of requests. All these elements combined to make recovery a difficult and time-consuming process. The entire incident—from detection to remediation—took about 15 hours to complete on AWS. “We know this event has impacted many customers in significant ways,” the company wrote in its obituary. “We will do everything we can to learn from this event and use it to further improve our availability.”

A cyber attack that halted production at global car giant Jaguar Land Rover (JLR) and its extensive supply chain for five weeks is likely to be the costliest financial hack in UK history, new analysis out this week has revealed. According to the Cyber ​​Monitoring Center (CMC), the fallout from the attack is likely to be around £1.9 billion ($2.5 billion). Researchers at CMC estimated that as many as 5,000 companies may have been affected by the hack, which halted production at JLR and had a knock-on effect on its just-in-time supply chain, forcing parts suppliers to halt operations. JLR revamped production in early October, saying its annual output was down about 25 percent after a “challenging quarter.”

ChatGPT developer OpenAI released its first web browser this week, directly attacking Google’s dominant browser, Chrome. Atlas puts the OpenAI chatbot at the heart of the browser, with the ability to search using LLM and analyze, summarize and ask questions of the web pages you’re viewing. However, as with other AI-powered web browsers, security experts and researchers are concerned about the potential for indirect rapid injection attacks.

These sneaky, almost unsolvable attacks involve hiding a set of instructions for an LLM in text or an image that the chatbot reads and acts on. For example, malicious instructions may appear on a web page that a chatbot is asked to summarize. Security researchers have already shown how these attacks can expose confidential information.

Almost like clockwork, AI security researchers have demonstrated how to fool Atlas through rapid injection attacks. In one example, independent researcher Johann Rehberger showed how the browser can automatically switch itself from dark to light mode by reading instructions from a Google document. “For this launch, we’ve implemented new model training techniques to reward the model for ignoring malicious instructions, implemented guardrails and overlay safety measures, and added new systems to detect and block such attacks,” wrote OpenAI CISO Dane Stuckey at X. To find ways to create a ChatGPT agent[s] Get caught in these attacks.”

Researchers at cloud security firm Edera on Tuesday disclosed findings of a significant vulnerability affecting open-source libraries for the file archive feature, which is often used to distribute software updates or create backups. Known as “async-tar”, a large number of “forks” or adaptive versions of the library contain this vulnerability and have released patches as part of the coordinated disclosure process. However, the researchers emphasize that one of the most widely used libraries, “tokio-tar”, is no longer maintained – sometimes called “abandonware”. As a result, there are no patches for tokio-tar users to apply. This vulnerability is tracked as CVE-2025-62518.

“In a worst-case scenario, this vulnerability could lead to remote code execution (RCE) via file overwrite attacks, such as replacing configuration files or hijacking build backups,” the researchers wrote. Our recommended fix is ​​to immediately upgrade to one of the patched versions or remove this dependency. If you depend on Tokyo Tar, consider migrating to an active fork like astral-tokio-tar.”

Over the past decade, hundreds of thousands of people have been trafficked to forced labor centers in Southeast Asia. In these complexes – mostly in Myanmar, Laos and Cambodia – these trafficking victims are forced to commit online fraud and steal billions of dollars for organized crime groups.

When law enforcement agencies cut Internet connections to these complexes, gangs often turned to Elon Musk’s Starlink satellite system to stay online. In February, a WIRED investigation found thousands of phones connected to the Starlink network in eight complexes located around the Myanmar-Thailand border. At the time, the company did not respond to questions about the use of its systems. This week, several Starlink devices were seized in a raid on a compound in Myanmar.