Output from the terminal command cURL shows that devices inside Azure and other Microsoft networks have been routing some traffic to subdomains of sei.co.jp, a domain belonging to Sumitomo Electric.
someone at github added autocomplete to one time passwords pic.twitter.com/FLp9FX1dA0
— JLarky (@JLarky) March 9, 2026
Zerosquare (./2132) :Amazon Web Services vibe-codes itself an outage or twoPivot to AIAmazon Web Services is the biggest cloud provider. Large chunks of the internet run on AWS. You’ll pay and pay. But it basically works. Amazon’s at work on fixing that. The AI push across Amazon ha…After outages, Amazon to make senior engineers sign off on AI-assisted changesArs TechnicaAWS has suffered at least two incidents linked to the use of AI coding assistants.
Amazon has undertaken multiple rounds of lay-offs in recent years, most recently eliminating 16,000 corporate roles in January. The group has disputed the claim that headcount cuts were responsible for an increase in recent outages.
Website backup crippled by 1.6MB Friends GIF that was replicated 246,173 times, breaking Linux's EXT4 filesystem limit — Jennifer Aniston's 'happy dance' animation ate up 377 gigabytes of data due to security policy
Tom's Hardware
A single tiny GIF, frequently used in chats by a site's community members, ended up adding 377GB to the website's backup quota, breaking its Linux filesystem and causing the backup process to fail. The Jennifer Aniston ‘happy dance’ reaction GIF weighs in at 1.6MB, and in the headlining case, it was duplicated 246,173 times in the backup, writes Discourse tech blogger Jake Goldsborough. This problem was precipitated by, dare we say, an overuse of the happy dance GIF, plus a file security policy implementation. Fixing it wasn’t entirely straightforward.
Discourse is a company and open‑source software project that builds one of the most widely used modern community‑discussion platforms, currently powering over 22,000 online communities. Its real-time chat platform allows users to insert emojis and GIFs in their discussions to liven up debates. But the platform’s ‘secure uploads’ feature means that “when a file moves between security contexts (say, from a private message to a public post), the system creates a new copy with a randomized SHA1,” explains Goldsborough. “The original content is identical, but Discourse treats it as a new file.” So, a popular image or reaction GIF will spread across posts, reposts, and PMs, and each context creates another file copy.
Discourse’s first attempt at a fix for the system being swamped by duplicates was to track original content by its hash. Then, during backup, group uploads by the hash and download only the first file in each group. Hardlinks were created for any duplicates.
This seemed like an elegant solution until one of Discourse’s larger customers made everyone aware of the ext4 limit of roughly 65,000 hardlinks per inode. In the headlining case, the backup worked with this first fix, but “instead of one download for all 246,173 duplicates, we got one download plus ~181,000 fallback downloads after hitting the limit,” explains the firm’s blog. “Not the win I expected.”
The German country-code top-level domain (ccTLD) experienced an extensive and protracted service disruption last night. This outage did not originate from a failure within the .de root nameservers themselves, but rather from a profound cryptographic error in the DNSSEC (Domain Name System Security Extensions) signing process. The publication of an invalid signature effectively paralyzed the entire .de namespace.
Technical forensics suggest this catastrophe was the result of a fundamental configuration oversight by DENIC, the regulatory body overseeing the domain. Specifically, during a routine rotation of the Zone Signing Key (ZSK)—a critical component utilized for DNSSEC encryption—DENIC released a malformed signature.
As a consequence of this invalid signature, all recursive resolvers configured with DNSSEC validation began returning SERVFAIL errors. This triggered a cascade of resolution failures across millions of .de domains; notably, prominent platforms such as Amazon.de were rendered inaccessible to the public.
The Newest Instagram "Exploit" is the Goofiest I've Seen
Sid's Blog
Yesterday, a slew of Instagram accounts, including some high profile ones like the Obama White House account, seemingly got hacked. I've seen my share of exploits and takeover techniques, but this is the most unserious, "almost too stupid to be true" of them all.
Step 01: Faking the Location & Initiating Support
All the attacker needs to kick this off is your account username. Then, they hop on a VPN or proxy close to your city so Instagram's security algorithms don't suspect a thing. (You can quite easily get this from your public profile or "About" section or a hundred other ways.) Once it looks like the request is coming from the correct region, they tell the Meta support AI that the account is hacked and ask it to send the verification codes to an arbitrary email address they control.
Step 02: That's It
Really, that's it. The first proper zero auth password reset I've seen in production. There appears to be no additional check as to whether the email being given is actually something the user has used before. Once the AI sends the security code to the attacker's email, the attacker passes it right back to complete the verification. The platform hands over a fresh password reset link, granting full ownership to the attacker.
Instagram's AI may or may not ask the attacker for a video selfie to prove identity. It's not particularly discerning at the moment, so something as simple as an AI animated public photo from the target's feed has been widely reported to work.
2FA Doesn't Help
In case you're wondering, because the system treats this high-privilege recovery flow as a total account reset by the "true" owner, the original 2FA gets thoroughly bypassed in the process.
Existing sessions are revoked and the password changed with no email, text, or push notification. The actual owner can't initiate recovery because the email and phone numbers now map to the attacker. There's no human to escalate to, it's just you arguing with a chat hoping to take control back while praying they don't do it again.
And if you're part of the A/B tested accounts on which the AI support option is active, tough luck, you can't even turn it off.
