Featured
AWS's Journey to Cloud System Reliability: Integrating Formal and Semi-Formal Methods

AWS has transformed its cloud system validation through innovative formal and semi-formal methods, from TLA+ to the P programming language and PObserve. These practices have enabled AWS to deliver highly reliable services while achieving significant performance improvements across critical infrastructure.
National Security Advisor Under Scrutiny for Using Personal Gmail for Government Business

National Security Advisor Michael Waltz faces criticism after reports reveal he and his staff used personal Gmail accounts for government communications. The controversy intensifies following a recent Signal chat incident involving sensitive military discussions with high-ranking officials.
NaNoWriMo Closes After 25 Years Amid AI and Moderation Controversies

The beloved online writing platform National Novel Writing Month has announced its permanent shutdown after 25 years, citing financial difficulties and recent controversies. The closure follows intense debates over AI use in creative writing and concerns about forum moderation safety.
Microsoft Teams Voice Phishing Campaign Deploys Malware Through Remote Support Tools

A sophisticated phishing attack using Microsoft Teams voice calls has been discovered targeting organizations by deploying malware through legitimate remote tools. The multi-stage attack combines social engineering with technical exploitation, highlighting growing concerns about AI-enabled social engineering threats.
VMware Auto-Update System Breaks Following Broadcom's URL Changes

VMware Workstation and Fusion Pro users face certificate validation errors when attempting automatic updates due to Broadcom's redirection of update server URLs. The issue forces manual updates through Broadcom's portal, raising concerns about users potentially missing critical security patches.
Major Security Breach: APIsec Exposes 3TB of Fortune 100 Client Data in Elasticsearch Database

Security firm APIsec.ai accidentally exposed over three terabytes of sensitive customer information, including API scan results and system credentials, in a publicly accessible database. The breach, discovered by UpGuard, potentially compromised data from numerous Fortune 100 clients and revealed detailed API testing logs spanning multiple years.
FBI Raids Homes of Missing Indiana University Cybersecurity Professor

A prominent cybersecurity professor at Indiana University and his wife have mysteriously disappeared, prompting FBI raids at their two homes. The university has inexplicably erased Dr. Xiaofeng Wang's extensive academic records and contact information, raising concerns in the academic community.
Critical GitHub CodeQL Vulnerability Exposes Supply Chain Attack Risk

A security flaw in GitHub CodeQL temporarily exposed a privileged token that could enable supply chain attacks affecting thousands of repositories. The vulnerability allowed potential code execution and data theft through GitHub Actions workflows, though GitHub's swift response prevented any known compromises.
Google Faces Legal Battle Over Alleged Covert Data Collection Despite Disabled Tracking

A federal judge in San Francisco has allowed a lawsuit against Google to proceed, rejecting the tech giant's motion to dismiss claims of unauthorized data collection from users who disabled tracking. The case highlights concerns over Google's privacy controls and data practices, with a jury trial scheduled for 2025.