YOUR ONLINE SECURITY UNDER THREAT ? AWS OUTAGE EXPOSES CRITICAL FLAWS !

In partnership with

🤖 Dear internet users and fellow Cyberdefenders,

The boundaries between the real and digital worlds have blurred. Every piece of data, every connection, every word you type is now a potential target. Invisible attacks hide in unforeseen corners, ready to make their move.

A major incident rocked the digital world this week. A giant AWS outage revealed vulnerabilities we all thought were secure. Giant companies, like Amazon and Google, are relentlessly fighting invisible threats that, in a few moments, can turn millions of users against them.

And in this silent war, cybersecurity researchers are rising to offer solutions that reinvent the rules of digital defense.

The mission is clear: understand the threats, discover the solutions, and secure the future.

In this issue, dive into the news with SophosAI, which highlights a revolutionary defense against the attacks shaking the world of artificial intelligence, particularly jailbreaks. Discover how their solution, LLM Salting, might be the key to protecting AIs and locking down these dangerous breaches.

Highlights :

👉 Amazon's AWS outage exposed critical vulnerabilities in the global cloud system 🔥

👉 Google removed over 3,000 YouTube videos infected with malware 🧑‍💻

👉 A cybersecurity executive, living in luxury, sells secrets to Russia 💰

👉 Lazarus is already targeting European drone manufacturers 🚁

👉 SophosAI found the ultimate solution against LLM jailbreaks 🧂

If this letter was forwarded to you, subscribe by clicking this link 

🗞️​ Guess what ?

Find out why 100K+ engineers read The Code twice a week

Staying behind on tech trends can be a career killer.

But let’s face it, no one has hours to spare every week trying to stay updated.

That’s why over 100,000 engineers at companies like Google, Meta, and Apple read The Code twice a week.

Here’s why it works:

• No fluff, just signal – Learn the most important tech news delivered in just two short emails.

• Supercharge your skills – Get access to top research papers and resources that give you an edge in the industry.

• See the future first – Discover what’s next before it hits the mainstream, so you can lead, not follow.

Join 100,000+ engineers who read The Code to stay ahead of the curve.

🤓​ Would you like to know more ?

1️⃣​ Software Bug and Defective Automation : The Truth Behind the AWS Outage

Summary : Amazon Web Services suffered a major global outage due to a rare software bug and defective internal automation. Two competing programs deleted critical entries from DynamoDB, causing a cascade of failures. Amazon deactivated the faulty system, promising better resilience through additional security controls and accelerated recovery. This incident reveals how global dependence on AWS makes the internet vulnerable to a simple software error.

Details :

• Primary Trigger: The outage was caused by a complex software bug in Amazon's automated processes. Two internal programs deleted critical data in DynamoDB, causing an interruption of services like EC2, S3, and Lambda. The automated system's inability to detect the error exacerbated the situation.

• Domino Effect: The outage caused a worldwide chain reaction affecting thousands of sites and services. Companies like Netflix, Reddit, Spotify, and Airbnb experienced outages due to the failure of AWS services. Interruptions lasted several hours in some regions, causing access and productivity issues.

• Amazon's Reaction: Amazon deactivated the faulty program and implemented new backup systems. Real-time detection mechanisms will be integrated to prevent future incidents. The company promised to strengthen the resilience of its cloud services in future updates to avoid a repeat of this problem.

• Economic Impact: The economic losses caused by this outage are estimated at several hundred million dollars. Companies suffered a loss of productivity and a drop in revenue during the incident. Amazon's stock fell 3% during this period, which had a negative market impact.

What should be remembered ?

This incident illustrates the fragility of centralized cloud and the need to invest in cross-provider redundancy. Dependence on AWS must be viewed through the lens of distributed resilience, not technological convenience.

2️⃣ YouTube Ghost Network: The Malware Hiding Behind "Free" Tutorials

Summary : Google removed over 3,000 YouTube videos spreading malware disguised as software cracks. Named the "YouTube Ghost Network," the network hacked legitimate accounts to distribute fraudulent tutorials targeting users looking for free versions of software. Behind these videos were infostealers such as Rhadamanthys or Lumma, capable of siphoning passwords and cryptocurrencies.

Details :

• Distribution Method: The Ghost Network exploited legitimate YouTube accounts to broadcast videos in the form of "tutorials" promising free versions of software like Photoshop and FL Studio. These videos were optimized with clickbait titles and accompanied by fake testimonials to lend credibility to the offer.

• Social Infrastructure: The network used thousands of hacked accounts and generated hundreds of thousands of fake likes and comments. This artificially boosted the reputation of the malicious videos, allowing them to reach millions of views. These manipulations allowed them to bypass YouTube's algorithms, which did not immediately detect this harmful content.

• Payloads: The malicious videos redirected to Dropbox or Google Drive archives containing malware disguised as legitimate software. Once downloaded, this malware stole sensitive information such as passwords, crypto wallets, and bank data, with rapid data exfiltration to remote servers.

• Scale: In 2025, the number of infected videos tripled, reaching 3,000 removed videos. YouTube collaborated with Check Point to eliminate the accounts and stop the spread, but the threats continue to grow despite efforts to control this menace.

• Tactic: The attackers used compromised open-source projects, integrating malicious DLLs into unpopular plugins like those for Notepad++ or WinMerge. This allowed them to bypass traditional antivirus protections and discreetly introduce the malware into target systems.

What should be remembered?

Social platforms are becoming vectors for threats. Cybersecurity must now include behavioral detection on engagement channels, not just on servers or emails.

3️⃣​ L3Harris Trenchant Executive Accused of Industrial Espionage for Russia

Summary : A former executive of L3Harris's cyber branch, Peter Williams, is accused of selling industrial secrets to a Russian buyer for $1.3 million. The information allegedly concerned offensive technologies: cyberattack tools, zero-day exploit tools, and espionage systems. U.S. authorities seized luxury goods, crypto-assets, and compromising documents.

Details:

• Suspect Profile: Peter Williams, a former L3Harris executive, stole industrial secrets on cyberattack tools. This information was sold for $1.3 million to a Russian buyer. The buyer's identity remains unknown, but the case raised serious concerns about insider risk.

• Nature of Secrets: The stolen secrets included sensitive information about cyber-weapons and zero-day exploits. These technologies enable attacks against critical infrastructures, offering a potential strategic advantage for an adversary in digital warfare. The theft could change the dynamics of targeted attacks against sensitive infrastructures.

• Transaction Channels: Payment was made in cryptocurrencies, concealing financial transactions. In addition to payments, Williams received luxury goods and funds placed in foreign bank accounts. These transactions were carefully hidden to evade detection by authorities.

• Legal Repercussions: The U.S. government is seeking to seize Williams's personal assets, including 22 luxury watches and cryptocurrencies. These items are considered proceeds of his crime, which strengthens the accusations of espionage and compromising national security.

What should be remembered ?

The case reveals the human link as a major cybersecurity flaw, even within companies specializing in digital defense. The "internal trust" factor remains a critical threat.

4️⃣​ Lazarus Group: The North Korean Shadow Over European Drones

Summary : ESET researchers discovered a new campaign by the Lazarus Group, targeting European drone manufacturers. The objective: to steal industrial plans to strengthen North Korean military capabilities. The main malware, ScoringMathTea, a RAT capable of 40 commands, is distributed via fake job documents.

Details:

• Target: The Lazarus Group, supported by the North Korean government, targeted European drone manufacturers. The objective was to steal information on the design and production of drones to enhance North Korea's military capabilities, particularly for electronic warfare and reconnaissance programs.

• Main Tool: The ScoringMathTea malware is a Trojan allowing full remote control of systems. It enables attackers to execute remote commands, steal sensitive data, and install additional malicious software, thereby compromising the security of targeted systems.

• Method: The attack, called "Operation DreamJob," consisted of sending malicious job documents to targets. These documents contained links to infected project management software or exploited security vulnerabilities in systems used for drone production, enabling infection.

• Strategic Objective: Lazarus seeks to copy and perfect drone systems to strengthen its electronic warfare capacity. By stealing industrial secrets, it improves its surveillance and reconnaissance technologies, which represents a strategic advantage in digital and traditional warfare.

• Innovation: The group continues to refine its social engineering techniques to exploit human flaws, targeting employees unprotected by reinforced cybersecurity protocols in strategic companies.

What should be remembered?

The attack illustrates state-sponsored cyber-espionage for industrial purposes. Technology companies linked to defense must strengthen their security around supply chains and internal access.

5️⃣ LLM Salting: SophosAI Invents a Cryptographic Defense Against Jailbreaks

Summary : Presented at the CAMLIS 2025 conference, SophosAI's "LLM Salting" technique aims to make each AI model unique against jailbreak attacks. By introducing a "directional rotation" in the refusal activation space, this method prevents the reuse of pre-calculated jailbreaks, while maintaining model performance.

Details:

• Origin of the Concept: LLM Salting is inspired by cryptographic principles and offers an innovative defense against jailbreaks. This technique modifies the refusal directions of large language models (LLMs), preventing the reuse of pre-calculated jailbreaks. This forces attackers to recalculate the attack for each model, making attacks less efficient.

• Principle: Salting applies small directional rotations in the model's activation space. This method disrupts existing attacks while maintaining the performance of the AI model, thus securing systems without sacrificing their functional capabilities.

• Effectiveness: Tests show that LLM Salting reduces the success of jailbreak attacks by 50 to 70%. This technique is particularly effective for protecting virtual assistants and other conversational systems, which are often the target of sophisticated attacks aimed at bypassing security systems.

What should be remembered?

LLM Salting opens a new era of defense for generative AIs: adaptive and scalable security, aligned with modern cryptography standards.

LIEUTENANT'S REPORT 🏆

SecNumCloud Cloud Hosting: Focus on Scalingo, the Trusted Solution

Scalingo is the French cloud hosting platform (PaaS) that positions itself as a key player in digital sovereignty. Its main objective is to obtain SecNumCloud certification from ANSSI, the highest security standard in France, to guarantee maximum protection against threats and extraterritorial laws.

Key Fact :

Scalingo successfully raised €3.5 million in Series A funding in July 2024. This funding, supported by BPI France and other institutional investors (Caisse d'Épargne, BNP Paribas), is specifically intended to accelerate the integration of new cybersecurity-focused features.

The company already holds ISO 27001 and HDS (Health Data Hosting) certifications.

CYBERTRIVIA - DID YOU KNOW ? 🤔

Did you know that... hackers recently used drones to infiltrate sensitive facilities?

A group of cybercriminals managed to penetrate a military site by launching a drone equipped with a spy microphone. This type of cyberattack, combining social engineering with modern technology, highlights the new frontiers of cybersecurity in information warfare.

👉️ Let me know if you need further adjustments !