Alvaro Lopez Ortega / 2025-06-18 Briefing

Created Wed, 18 Jun 2025 02:32:58 +0000 Modified Sat, 28 Jun 2025 02:44:34 +0000
4223 Words

Today’s tech landscape highlights resilience through Europe’s innovative LoRa mesh networks, escalating geopolitical tensions with Taiwan sanctions and US-China dynamics, major cloud security upgrades by AWS, and significant layoffs at Intel and Disney. Meanwhile, Google, Meta, and Honda push AI advancements, while companies like xAI and Salesforce grapple with soaring costs and funding challenges.

▶️ Internet Infrastructure

Europe’s Internet Resiliency Clubs Use LoRa Mesh Networks to Restore Connectivity

An Internet Resiliency Club, utilizing LoRa radios and Meshtastic firmware, enables volunteer groups to restore internet connectivity during crises, addressing increasing threats to communication infrastructure in Europe.

  • Europe faces increased frequency and severity of internet disruptions due to war, climate change, and geopolitics, necessitating resilient communication methods
  • An Internet Resiliency Club uses low-cost LoRa radios and open source Meshtastic firmware to enable communication over a few kilometers without centralized infrastructure
  • The Amsterdam Internet Resiliency Club was established to bootstrap communication recovery, advocating for volunteer-based, low-power, mesh-networked internet resilience efforts

Cyberattack Disrupts Iran’s Bank Sepah Amid Iran-Israel Tensions

A cyberattack by Predatory Sparrow on Iran’s Bank Sepah caused service outages and data destruction, highlighting cyber warfare’s role amid Iran-Israel escalating military and geopolitical tensions.

  • Cyberattack claimed by pro-Israel hacktivist group Predatory Sparrow disrupted Iran’s Bank Sepah, causing website outages, account access issues, and payment processing failures.
  • The group announced it “destroyed the data of the Islamic Revolutionary Guard Corps’ Bank Sepah” via social media.
  • Iran’s media confirmed infrastructure impacts, with branches closed and service disruptions, amid escalating Iran-Israel conflict and recent Israeli military strikes.

Evolution of SSL: From SSL 2 to TLS 1.0 and Industry Negotiations

Tim Dierks details the evolution of SSL protocols from SSL 2 in 1995 to SSL 3 in 1996, the creation of PCT by Microsoft, and the development of TLS 1.0 (SSL 3.1) through industry negotiations and protocol renaming.

  • SSLv2 shipped in Netscape 1.1 (1995); SSLv3 in Netscape 2 (1996)
  • Microsoft revised SSL 2 with added features, creating PCT, supported only in IE and IIS
  • SSL 3.0 was developed as a significant departure from SSL 2, leading to the creation of TLS 1.0 (SSL 3.1) after negotiations supported by industry figures including Bruce Schneier and Paul Kocher

Google Cloud Outage Caused by Null Pointer Error in Service Control

Google Cloud experienced a three-hour outage caused by a null pointer crash in Service Control after deploying unprotected code changes for quota policy checks, highlighting the need for better error handling and communication.

  • Google Cloud’s outage on June 12, 2025, lasted over three hours, impacting customers including Cloudflare
  • The incident was caused by a null pointer dereference in Service Control due to unprotected code changes
  • The code change on May 29 introduced a feature to enable additional quota checks, which triggered the failure when combined with missing error handling

Railway Pauses Free Tier Deployments After GCP Outage Surge

Railway paused lowest tiers’ deployments due to increased GCP migration demand after a Google Cloud outage, affecting free and hobby users while maintaining service for paid tiers.

  • Railway paused lowest tiers’ deployments after increased demand from GCP and Heroku migrations following a Google Cloud Platform outage.
  • Throttling affected Trial and Hobby customers ($5/month) to maintain service for Pro and Enterprise tiers; enterprise customers remained unaffected.
  • Railway shifted from GCP to in-house infrastructure at the end of May, but GCP outage still caused service degradation and build queue issues.
  • The company credits a $5 free trial and a recurring $1/month credit for lightweight services; no plans to remove free tiers.
  • The GCP outage was part of a failover attempt rather than a permanent provider change, with Railway maintaining some GCP instances post-migration.

Mauritius Court Delays AFRINIC Election Over Voting Rights Dispute

A Mauritius court delayed AFRINIC’s election following an injunction by TISPA over voting rights and governance concerns; the court has not suspended the election, but timing remains uncertain.

  • Mauritius court postponed AFRINIC election after TISPA sought an injunction over voting rights issues.
  • The injunction prohibits e-voting on June 16 and in-person voting on June 23, citing members denied voting rights and governance protocol violations.
  • The court has not suspended the election but indicated uncertainty about when voting will proceed; the situation remains fluid.

AWS Enforces 100% MFA for All Root Users and Launches New Security Features

AWS enforced 100% MFA for all root users, expanding security measures announced at re:Inforce, alongside new features like IAM Access Analyzer and enhanced threat detection tools.

  • AWS achieved 100% MFA enforcement for root users across all account types, announced by CSO Amy Herzog at re:Inforce on June 17, 2025
  • AWS was the first cloud provider to mandate MFA for management and standalone root accounts, expanding to include member account root users
  • AWS also introduced dozens of new security capabilities, including IAM Access Analyzer, Security Hub data enhancements, GuardDuty EKS support, and Shield network security director

Rack-Scale AI Systems Drive Big-Scale Training for Hyperscalers

Rack-scale AI systems such as Nvidia’s NVL72 and AMD’s Helios target hyperscalers and large enterprises, offering scalable, high-bandwidth interconnects for extensive training and inference workloads, but remain costly and complex.

  • Nvidia’s GB200 NVL72 systems are priced near $3.5 million each; AMD’s Helios reference design was initially tailored for hyperscale clients.
  • Rack-scale architectures like Helios and NVL144 are large, complex, power-intensive, and targeted mainly at hyperscalers, tier-two, neo-clouds, and select enterprises.
  • Most foundation models are trained on eight-GPU systems like Nvidia’s DGX H100; larger configurations (e.g., 72 GPUs) are favored for big training workloads and inference scalability.

Taiwan sanctions SMIC and Huawei to challenge China amid US-aligned tensions

Taiwan’s June 2025 export controls target SMIC and Huawei, symbolically challenging Beijing and aligning with US sanctions, amid ongoing geopolitical tensions and China’s potential retaliation.

  • Taiwan added China’s SMIC and Huawei to its export control list on June 17, 2025, effectively blacklisting them from doing business with Taiwanese chip manufacturers.
  • The move is largely symbolic, as US export controls have already restricted Taiwanese companies like TSMC from engaging with Huawei and SMIC for the past five years.
  • Taiwan’s sanctions signal a geopolitical stance aligned with the US, potentially provoking Chinese retaliation; China has previously responded with measures such as restricting rare-earth mineral exports.

Broadcom Unveils VMware Cloud Foundation 9 for Unified Private Cloud Management

Broadcom’s VMware Cloud Foundation 9 (VCF 9) integrates compute, storage, and networking virtualization into a single private cloud platform, emphasizing simplified management, GPU migration, and advanced analytics, with vVols support ending.

  • Broadcom released VMware Cloud Foundation 9 (VCF 9) 573 days after acquiring VMware, integrating compute, storage, and networking virtualization tools into a single private cloud suite
  • VCF 9 offers a unified interface for private cloud operations, managing storage, compute, and virtual networks as a single entity; supports both VMs and containers
  • Last release to include vVols storage management tech; introduces GPU workload migration via vMotion and enhanced workload analytics; support for end of vVols is in low single digits

▶️ Open Source

GitHub Hits One Billion Repositories with Humorous Milestone “shit”

GitHub’s one billionth repository, “shit,” was created on June 11, 2025, sparking community engagement with over 4,294 reactions and numerous comments.

  • The issue celebrates the creation of GitHub’s one billionth repository, named “shit,” opened on June 11, 2025
  • The repository has 423 issues, 111 pull requests, and 3.2k stars
  • The discussion includes community comments, reactions, and humorous exchanges about the milestone

FossifyOrg Releases Privacy-Focused Open-Source Apps with Kotlin Repositories

FossifyOrg manages Fossify, a collection of privacy-focused, open-source mobile apps, with 32 repositories in Kotlin, including Gallery, Calendar, and File-Manager, last updated June 17, 2025.

  • Fossify is an open-source, ad-free suite of mobile apps with customizable colors, controlled by FossifyOrg, verified domains www.fossify.org and fossify.org
  • The organization has 4.9k followers, 32 repositories, and active projects including Gallery, Calendar, File-Manager, Phone, Music-Player, and Messages
  • Repositories are primarily written in Kotlin, with projects like Paint, Thank-You, Voice-Recorder, and contact management apps, updated as of June 17, 2025

MiniMax M1 Opens Source with 1 Million Token Context and Competitive Performance

MiniMax’s open-source M1 model, with a 1 million token context window and 80,000 token output, challenges DeepSeek and US models, achieving high performance with lower computational costs.

  • MiniMax, an Shanghai-based AI firm, released open-source MiniMax-M1 model under Apache license on June 17, 2025
  • M1 features a 1 million token context window and 80,000 token output capacity, rivaling Google Gemini 2.5 Pro and surpassing DeepSeek R1
  • Claims to outperform domestic closed-source models and approach top overseas models in complex reasoning, with 30% of DeepSeek R1’s computational power during deep reasoning
  • Utilizes Lightning Attention mechanism for efficient long-input processing and an improved CISPO reinforcement learning algorithm, reducing training costs to $537,400 with 512 Nvidia H800s over three weeks

▶️ Software Development

Why I Reject AI Coding Tools: Speed, Liability, and Quality Concerns

Author rejects AI coding tools due to lack of speed, review complexity, and liability concerns, asserting AI-generated code does not improve productivity or understanding compared to human review.

  • Author does not use any AI coding tools, having evaluated models from GPT-2, GPT-3, Anthropic, GitHub Copilot, self-hosted models, and built toy LLMs.
  • Main reason AI tools do not work for him is that they do not make him faster; reviewing AI-generated code takes as long or longer than writing it himself.
  • He emphasizes that AI code is not equivalent to human code, as AI lacks liability, interpretability, and the ability to learn or improve over time like interns.

Chawan 0.2.0 TUI Browser Launches with New Features and Dependencies

Chawan 0.2.0, a terminal user interface browser, was released on June 16, 2025, with source, binary, and Debian packages; dependencies include libssh2, libbrotli, and OpenSSL 3.0+ or LibreSSL.

  • Chawan 0.2.0, a TUI browser, was released on June 16, 2025
  • Source tarball available at link; static amd64 Linux binary at link; Debian package at link
  • Runtime dependencies include libssh2, libbrotli (libbrotlicommon, libbrotlidec), and OpenSSL 3.0+ or LibreSSL (tested in OpenBSD 7.7); zlib, libseccomp, termcap/ncurses, libcurl no longer required

▶️ Management and Leadership

Keep It Simple: Avoid Complexity Demons in Software Development

Humorously advises developers to avoid complexity demons through disciplined “no” and “ok” strategies, proper code factoring, testing, tooling, and cautious refactoring to maintain manageable systems.

  • The article humorously advocates for simplicity in software development, emphasizing the dangers of complexity demon spirits entering codebases.
  • Recommends using “no” to prevent feature creep, “ok” with 80/20 solutions, and proper code factoring with patience.
  • Highlights importance of testing (integration and end-to-end), tooling, type systems, and cautious refactoring to manage complexity.

Jamie Dimon Calls for School Investments to Bridge Skills Gap in Tech and Finance

Jamie Dimon proposes that companies invest in schools to incorporate workplace skills into curricula, aiming to close the skills gap in cybersecurity, coding, and financial management, amid evolving education and labor markets.

  • Jamie Dimon advocates for investing in schools to address the skills gap in cybersecurity, coding, programming, financial management, and project management.
  • He suggests integrating workplace skills into standard curricula, including credentialed classes as part of regular education, and emphasizes collaboration with the private sector.
  • JPMorgan offers school and apprenticeship programs in business management and technology; Dimon highlights the need for education reform amid ongoing seismic changes in the US education system and labor market.

Major Firms including Intel and Disney Announce Massive 2025 Layoffs

In 2025, numerous major firms such as Intel (cutting at least 15% of factory workers), Morgan Stanley (~2,000 jobs), and Disney (several hundred roles) are implementing layoffs amid technological and strategic shifts.

  • Major companies including Morgan Stanley, Disney, Intel, Meta, and others are conducting layoffs in 2025.
  • Total layoffs involve thousands of jobs, with some companies planning reductions of over 20% of their workforce.
  • Workforce reductions are driven by technological shifts, cost-cutting, and strategic restructuring, with specific numbers and timelines detailed.

WhatsApp to Launch In-App Ads Using User Data While Keeping Message Encryption

WhatsApp, owned by Meta, will begin showing ads in its “Updates” section, targeting users with data like location and device info, while maintaining message encryption and avoiding chat ads.

  • WhatsApp announced it will introduce in-app advertising starting June 16, 2025, in the “Updates” section used by 1.5 billion daily users
  • Ads will be targeted using user data such as location and device language, without accessing message content or personal chats, which remain end-to-end encrypted
  • The move marks a significant shift from WhatsApp’s original privacy-focused philosophy, which emphasized no ads and end-to-end encryption for personal messages

WestJet Faces Cybersecurity Disruptions Without Impact on Flights

WestJet reports cybersecurity-related online service disruptions since June 13, with no confirmed attack; flight operations remain unaffected while authorities collaborate on mitigation.

  • WestJet experienced “intermittent interruptions or errors” on its app and website starting June 13 due to a cybersecurity incident.
  • The airline engaged outside experts, law enforcement, and Transport Canada; no malicious intent or attack confirmed.
  • Operations remain unaffected; flights continue normally despite online service disruptions; ongoing investigation and updates are provided.

Gartner Expert Warns AI Hype Masks Its Limited Capabilities and Engineering Challenges

Gartner’s Erick Brethenoux criticizes current AI, emphasizing its limited capabilities, the engineering challenges of agentic systems, and warns against vendor hype conflating generative AI with autonomous agents.

  • Gartner’s chief of AI research Erick Brethenoux states AI is not fulfilling its current roles and should be left alone.
  • He criticizes the conflation of “AI agent” and “generative AI,” highlighting the complexity of building autonomous, agentic systems.
  • Brethenoux emphasizes AI’s limited ability to handle complex tasks, citing decades of industrial use and questioning the feasibility of managing 50,000 enterprise agents.
  • He advocates for AI to automate routine tasks directly, exemplified by Vizient’s automation of employee chores, leading to rapid adoption and employee buy-in.
  • He warns that current vendor-promoted “agentic AI” oversimplifies technical challenges, including orchestrating multiple autonomous agents and addressing negotiation and communication issues.
  • The article discusses the distinction between AI automation and true agentic AI, emphasizing the engineering complexity of decomposing systems, managing autonomy levels, and ensuring effective communication.
  • Brethenoux criticizes the hype surrounding “agentic nirvana,” attributing it to fuzzy terminology and misnaming, citing Albert Camus’ aphorism on the importance of precise language.

Outlook Crashes Due to Forms Library Issue Affecting VDI Users

Microsoft’s Classic Outlook experiences crashes when opening or creating emails, linked to the Forms Library, affecting VDI users; a workaround exists while Microsoft investigates.

  • Classic Outlook crashes when opening or creating emails due to issues with the Forms Library
  • Affected users are primarily on virtual desktop infrastructure (VDI), local Outlook users are less impacted
  • Workaround involves creating a FORMS2 folder in %localappdata%\Microsoft; Microsoft is investigating the issue

Securing Autonomous AI Agents with Dynamic Identity and Contextual Access

Organizations must implement dynamic, context-aware identity security for autonomous AI agents, including lifecycle management, behavioral boundaries, JIT privileges, and comprehensive audit mechanisms.

  • AI agents now possess identity, requiring new security approaches.
  • Traditional IAM frameworks are inadequate for managing autonomous, adaptive machine identities.
  • Key security strategies include lifecycle governance, contextual authorization, traceability, JIT access, and continuous auditing.

Intel to Cut 15-20% of Fab Workforce Amid Financial Challenges

Intel intends to cut 15-20% of its fab staff in mid-2025 due to financial issues, despite CHIPS Act relief and potential tax credit increases from 25% to 30%.

  • Intel plans to lay off 15-20% of its fab workforce starting July 2025, citing financial challenges.
  • The layoffs follow a previous reduction of over 16,000 employees (15%) last year under former CEO Pat Gelsinger.
  • The company may benefit from increased US Senate investment tax credits, raising from 25% to 30%, via the CHIPS Act draft bill.

Microsoft Launches On-Prem Microsoft 365 for European Data Sovereignty

Microsoft launched “Microsoft 365 Local,” an on-premises suite on Azure Local, targeting European data sovereignty and compliance, with features like on-prem workloads, local key management, and restricted access, in preview for 2025.

  • Microsoft introduced “Microsoft 365 Local,” an on-premises version of its 365 suite, targeting European compliance and sovereignty requirements.
  • The software runs exclusively on Azure Local, a subset of Azure providing hypervisor technology for on-prem deployment.
  • Microsoft emphasizes full control over security, compliance, and governance, enabling deployment of workloads like Exchange Server and SharePoint Server within customer-controlled environments.
  • The solution is currently in preview and expected to be generally available later in 2025 across all European cloud regions.
  • Microsoft extended its External Key Management to Azure Managed HSM, allowing customers to store encryption keys on-premises, with support from major HSM vendors like Futurex, Thales, and Utimaco.
  • The initiative aligns with European data sovereignty laws such as GDPR, and includes features like “Data Guardian,” restricting Microsoft staff access to European data.
  • The move responds to increased European concerns over data privacy, US-initiated legal risks, and the need for on-prem solutions that prevent data leakage outside the EU.

Microsoft Releases Fix for Surface Hub v1 Boot Issue Caused by June Update

Microsoft issued an out-of-band patch for Surface Hub v1 devices affected by June’s KB5060533 update, which caused start failures due to secure boot signature errors.

  • Microsoft released an out-of-band update to fix a Surface Hub v1 issue caused by June’s KB5060533 update, which prevented devices from starting with the error: “Secure Boot Violation: Invalid signature detected.”
  • The problematic update affected Surface Hub v1 devices but did not impact Surface Hub 2S and 3 models; Microsoft paused the update on June 11 and issued KB5063159 on June 16 to address the problem.
  • The issue’s root cause remains unclear, and there is no reliable workaround; some users reported partial success with disk re-imaging, while Microsoft investigates manufacturing tools for recovery.

UK MoD Delays £92M Oracle ERP Contract Amid Governance Review

UK MoD paused a £92M Oracle Fusion ERP contract during a governance review; procurement rescheduled for early 2026, with project approval pending until late 2025.

  • UK Ministry of Defence (MoD) has paused a £92 million contract for Oracle Fusion cloud ERP implementation amid a project governance review.
  • The procurement for the five-year contract is delayed until early 2026; the project governance review is expected to conclude in late 2025.
  • The MoD is awaiting approval of the business case for the transformation and implementation phase, which is currently under governance review.

Democrats Question Palantir’s IRS Data System Over Privacy Concerns

Democratic lawmakers questioned Palantir’s role in developing an IRS API system, denying claims of a mega database, citing legal risks under tax confidentiality and Privacy Act, with no proof of such a database existing.

  • Democratic lawmakers sent a letter to Palantir CEO Karp questioning legality of aiding IRS in creating a searchable taxpayer database, citing potential violations of tax confidentiality and Privacy Act.
  • The letter references a NYT report alleging Palantir employees helped IRS develop a “single, searchable database” of taxpayer records, raising concerns over data sharing and legal compliance.
  • The Treasury confirmed Palantir’s involvement in improving IRS API connectivity, not in building a centralized mega database, and stated their work complies with data protection laws.

Salesforce hikes prices and launches new AI agent SKUs amid limited AI performance

Salesforce raises prices by 6% on August 1 for key cloud services, introduces new Agentforce AI agent SKUs starting at $125/month, and emphasizes AI integration despite limited agent performance and ongoing pricing model adjustments.

  • Salesforce announced a 6% price increase effective August 1 for Enterprise and Unlimited SKUs of Sales Cloud, Service Cloud, Field Service, and select Industries Clouds.
  • New SKUs of Agentforce platform for building AI agents are generally available, with add-ons starting at $125 per user per month for Enterprise and Unlimited customers.
  • Salesforce introduced Flex Credits in May to replace per-conversation pricing, aiming to provide cost flexibility; AI agent effectiveness remains limited, with Salesforce research showing only 58% success on single-function tasks and 35% on multi-step tasks.

Microsoft and AMD Partner to Develop Next-Gen Xbox Hardware and Handhelds

Microsoft and AMD confirmed a multi-year partnership to develop silicon for upcoming Xbox consoles and handhelds, ensuring backward compatibility and supporting Windows 11-based gaming devices.

  • Microsoft and AMD have established a multi-year partnership to co-engineer silicon for next-generation Xbox consoles and handheld devices, including the Xbox Ally.
  • The partnership aims to support backward compatibility for existing Xbox games across new hardware.
  • The Xbox Ally handheld, utilizing AMD’s Z2 platform, will run Windows 11 and is designed to be the most powerful handheld, with ongoing support for Xbox ecosystem features.

▶️ Technology

Google Launches Gemini 2.5 Flash and Pro Models with Enhanced AI Performance

Google announced the general availability of Gemini 2.5 Flash and Pro models, and previewed the cost-efficient, fast Gemini 2.5 Flash-Lite, enhancing AI performance and efficiency (source).

  • Google expanded the Gemini 2.5 model family, releasing stable versions of Gemini 2.5 Flash and Pro, and previewing 2.5 Flash-Lite.
  • Gemini 2.5 models are designed for high performance with cost and speed efficiency, following the Pareto Frontiers.
  • 2.5 Flash-Lite, now in preview, offers higher quality on coding, math, science, reasoning, and multimodal benchmarks, with lower latency and 1 million-token context length.

Honda achieves successful test of reusable rocket in Japan

Honda successfully tested its independently developed reusable rocket, reaching 271.4 meters altitude and demonstrating key reusability technologies, supporting future space and satellite launch applications.

  • Honda R&D successfully conducted a launch and landing test of an experimental reusable rocket on June 17, 2025, in Taiki Town, Hokkaido, Japan.
  • The rocket (6.3 m length, 85 cm diameter, 900 kg dry weight) reached an altitude of 271.4 meters, with a flight duration of 56.6 seconds, landing within 37 cm of the target point.
  • The test aimed to demonstrate key technologies for rocket reusability, including flight stability during ascent/descent and landing capability, with safety measures such as a restricted 1 km radius area and onboard safety systems.

xAI Burns Through $1B Monthly Amid $13B Losses and Funding Hunt

xAI is losing $1 billion per month amid high infrastructure costs, seeking $9.3 billion funding, with projected $13 billion losses in 2025 and aiming for profitability by 2027.

  • Elon Musk’s xAI is burning through approximately $1 billion monthly, with projected losses of $13 billion in 2025 due to high AI infrastructure costs.
  • The company is attempting to raise $9.3 billion in debt and equity, planning to spend over half within three months, aiming for profitability by 2027.
  • Revenues are forecasted at $500 million in 2025, rising to over $2 billion in 2026, but revenue growth lags behind competitors like OpenAI.

Media Leaders Discuss AI’s Transformative Role in Content Personalization and Production

Media industry leaders highlight AI’s impact on personalized recommendations, smarter search, creative testing, global distribution, and visual effects, with significant growth potential and technical advancements.

  • Media executives from YouTube, Tubi, and others discussed AI’s role in transforming content recommendations, search, creative testing, global reach, and visual effects.
  • Tubi uses machine learning for personalized home screens, improving recommendations over eight years; Crunchyroll also curates AI-driven suggestions.
  • AI-powered search engines like CineSearch enable natural language queries and parameter-based filtering, enhancing content discovery.
  • AI facilitates extensive A/B testing of thumbnails and ads, and tools like Google’s Gemini assist in brainstorming and content creation.
  • AI enables instant translation, dubbing, and subtitling, expanding global reach; ODK Media increased viewership from 5.5 million to 60 million through AI translation.
  • Hollywood studios incorporate AI in post-production, with tools like Runway used in Oscar-nominated films; AI is also making visual effects more accessible for smaller budgets.

Meta and Luxottica Unveil AI Smart Glasses Under Oakley and Prada

Meta and Luxottica will release AI-enabled smart glasses under Oakley and Prada brands, with Oakley models priced around $360 for enhanced weather resistance, expanding their existing partnership.

  • Meta and EssilorLuxottica plan to launch AI-powered smart glasses branded as Oakley and Prada, extending their partnership.
  • The Oakley version may cost approximately $360 and will be more weather resistant than Ray-Ban models.
  • Meta’s collaboration with Prada follows a 10-year licensing renewal with Luxottica, covering development and distribution of Prada, Miu Miu, and Prada Linea Rossa eyewear.

Amazon Plans Job Cuts Amid $100 Billion AI Investment

Amazon expects to cut corporate jobs as AI adoption accelerates, with over 1.5 million employees and a $100 billion AI investment in 2025, aiming for efficiency and innovation.

  • Amazon CEO Andy Jassy announced plans to reduce the company’s corporate workforce due to increased reliance on artificial intelligence (AI)
  • Amazon employs over 1.5 million people worldwide and plans to spend $100 billion in 2025 on AI services and data centers, up from $83 billion in 2024
  • Jassy stated AI will lead to efficiency gains, requiring fewer employees for some roles, with AI integrated across nearly every part of the company

Google warns Scattered Spider shifts focus to US insurance sector causing outages

Google warns that Scattered Spider has moved from retail to US insurance sector, causing outages at Erie and Philadelphia Insurance, with ongoing investigations and security hardening guidance.

  • Google threat analysts warn that Scattered Spider has shifted focus from UK and US retail targets to US insurance companies, following ransomware attacks.
  • Multiple insurance firms, including Erie Insurance and Philadelphia Insurance, experienced system outages and ongoing forensic investigations since early June.
  • Google recommends enhanced security measures such as verifying help desk callers via video or challenge-response and implementing phishing-resistant multi-factor authentication.

Sitecore Vulnerabilities Expose Major Clients to RCE Attacks

WatchTowr disclosed three vulnerabilities in Sitecore CMS, including hardcoded password “b” and path traversal, enabling pre-authentication remote code execution on affected systems.

  • Sitecore Experience Platform has seven vulnerabilities, three disclosed publicly, affecting major clients like Microsoft and United Airlines
  • Disclosed flaws include a hardcoded password “b” that can be brute-forced in three seconds and path traversal issues
  • Exploitation chain enables full system takeover via pre-authentication RCE when combined with the Sitecore PowerShell Extension installed