How an AWS Outage Brought Down the Internet

A significant disruption to internet services this week stemmed from a major outage at Amazon Web Services (AWS), highlighting the profound dependence countless online platforms have on this single cloud infrastructure provider. The incident began with DNS resolution problems that rapidly cascaded, taking down large portions of the web and demonstrating the fragility that can exist within our highly interconnected digital ecosystem.

In a separate legal development, the US Justice Department unsealed indictments connected to an organized crime-backed gambling scam. The allegations suggest a criminal group used hacked card shuffling machines to defraud victims of millions, a method recently explored in an investigative report.

Our own investigation into the Louvre jewelry heist revealed that a transaction initially appearing to show US Immigration and Customs Enforcement purchasing guided missile warheads was likely a simple accounting error. In the realm of artificial intelligence, the company Anthropic is collaborating with the US government on safeguards designed to prevent its AI platform, Claude, from providing instructions on building nuclear weapons. Expert opinion is divided on both the necessity and potential effectiveness of this initiative. Additionally, new research has identified a browser downloaded millions of times, known as the Universe Browser, which exhibits malware-like behavior and has connections to Asia’s expansive cybercrime and illegal gambling networks.

AWS provided a detailed account of Monday’s outage in a post-event summary, confirming the root cause was Domain System Registry failures within its DynamoDB service. This initial failure triggered a chain reaction of other complications. The outage severely impacted the Network Load Balancer service, a crucial component for managing data flow across the cloud to prevent bottlenecks. Simultaneously, the ability to launch new EC2 Instances, the virtual servers that form the backbone of AWS, was disrupted. This inability to scale resources created a massive backlog of requests, making the recovery process exceptionally difficult and protracted. The entire event, from initial detection to full resolution, spanned approximately 15 hours. The company acknowledged the significant impact on its customers and committed to learning from the incident to improve future service availability.

A new analysis suggests the cyberattack that halted production at Jaguar Land Rover (JLR) for five weeks is poised to become the most financially damaging hack in British history. The Cyber Monitoring Centre estimates the total fallout could reach £1.9 billion ($2.5 billion). Researchers believe around 5,000 companies may have been affected, as JLR’s manufacturing stoppage forced its just-in-time supply chain to also suspend operations. While JLR resumed production in early October, it reported a 25 percent drop in yearly output following what it described as a “challenging quarter.”

OpenAI, the creator of ChatGPT, launched its first web browser this week, a direct competitor to established players like Google Chrome. Named Atlas, this browser integrates the AI chatbot directly into the user experience, allowing it to perform searches, analyze content, and summarize web pages. However, security experts have raised immediate concerns about the potential for indirect prompt injection attacks. These sophisticated attacks involve hiding malicious instructions within text or images on a webpage. When the AI chatbot reads and processes this content, it could be tricked into executing those commands, potentially leading to data leaks or other harmful actions.

Demonstrating the validity of these concerns, AI security researchers have already shown how Atlas can be manipulated. In one example, an independent researcher illustrated how the browser could be instructed via a Google Document to automatically switch its display from dark to light mode. OpenAI’s Chief Information Security Officer acknowledged the threat, stating the company has conducted extensive security testing and implemented new safeguards. He also conceded that prompt injection remains an unsolved security challenge, and adversaries will actively seek to exploit it.

Security researchers from firm Edera disclosed a serious vulnerability in several open-source libraries related to a file archiving feature commonly used for software updates and backups. The vulnerability, tracked as CVE-2025-62518, exists in numerous adapted versions of the “async-tar” library, which have since been patched. A significant concern is that one widely used library, “tokio-tar,” is no longer maintained, leaving its users without an official patch. The researchers warn that in a worst-case scenario, this flaw could allow remote code execution through file overwriting attacks. Their recommendation is for users to immediately upgrade to a patched library or, if using tokio-tar, migrate to an actively maintained alternative.

Over the past decade, a human trafficking crisis has unfolded in Southeast Asia, with hundreds of thousands of people forced into labor compounds, primarily in Myanmar, Laos, and Cambodia. These victims are compelled to operate online scams, generating billions for organized crime syndicates. When law enforcement agencies disrupt traditional internet connections to these compounds, the criminal groups have frequently turned to Elon Musk’s Starlink satellite system to restore their online operations. An earlier investigation found thousands of phones using Starlink at several compounds along the Myanmar-Thailand border. This week, authorities conducting a raid on a compound in Myanmar confirmed this trend by seizing multiple Starlink devices.

(Source: Wired)