Infosec News
-
Microsoft to Retire Authenticator Password Autofill by August 2025, Shifting Users to Edge
Microsoft has announced the phased deprecation of the
password autofill featurein its Authenticator app, aiming to consolidate credential management within its Edge browser. The Authenticator app will still support MFA and Passkeys, however. The transition will occur over several months:June 2025: Users will no longer be able to save new passwords in Authenticator.July 2025: Autofill functionality will cease, and stored payment information will be deleted.August 2025: Saved passwords and unsaved generated passwords will become inaccessible within Authenticator.
To maintain access to their saved credentials, users must switch to Microsoft Edge, where passwords and addresses synced to their Microsoft account will remain available. Edge must also be set as the default autofill provider on mobile devices to utilize this functionality. Alternatively, users can export their passwords from Authenticator before August 1, 2025, and import them into another password manager. Payment information, however, must be manually re-entered into the new platform as it cannot be exported from Authenticator.
Microsoft Announcement:
https://support.microsoft.com/en-us/account-billing/changes-to-microsoft-authenticator-autofill-09fd75df-dc04-4477-9619-811510805ab6Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
Magento Supply Chain Attack Unleashes Six-Year Dormant Backdoors, Hits Up to 1,000 E-Stores
A sophisticated supply chain attack has compromised between 500 and 1,000 Magento-powered e-commerce sites through 21 maliciously backdoored third-party extensions. Discovered by security firm Sansec, the breach involves vendors Tigren, Meetanshi, and MGS, with some backdoors embedded as far back as 2019 but only activated in April 2025. The attackers used a covert PHP backdoor hidden in license verification files, enabling remote code execution, webshell deployment, and full administrative control.
The malicious code validates specially crafted HTTP requests using hardcoded keys before executing administrative functions, including dynamic PHP code injection via uploaded "license" files. Notably, past versions of this backdoor lacked authentication, highlighting an evolving threat. One victim is reportedly a $40 billion multinational.
While Meetanshi acknowledged a server breach, Tigren denied any compromise and continues distributing affected code. MGS has remained unresponsive. BleepingComputer independently verified the backdoor in at least one extension (MGS StoreLocator). Users are urged to scan their systems for indicators of compromise and revert to known-clean backups. Sansec has pledged further analysis as investigations continue.
Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
19 Billion Leaked Credentials Reveal Dangerous Reuse Patterns
A comprehensive study by Cybernews has uncovered that over 19 billion passwords, exposed through more than 200 data breaches between April 2024 and April 2025, are circulating online. Alarmingly, only 6% of these passwords are unique, with the remaining 94% being reused across multiple accounts, significantly increasing vulnerability to cyberattacks .
The analysis highlights that 42% of the passwords are between 8 to 10 characters long, and 27% consist solely of lowercase letters and digits, making them susceptible to brute-force and dictionary attacks. Commonly used passwords include "123456" (338 million instances), "password" (56 million), and "admin" (53 million). Personal names, such as "Ana," appear in 178.8 million passwords, while terms like "love," "sun," and "freedom" are also prevalent.
Cybersecurity experts emphasize the risks associated with weak and reused passwords, noting that such practices can lead to credential-stuffing attacks, where attackers use leaked credentials to gain unauthorized access to multiple accounts. They recommend using strong, unique passwords of at least 12 characters, incorporating a mix of uppercase and lowercase letters, numbers, and special symbols. Additionally, enabling multi-factor authentication (MFA) and utilizing password managers can significantly enhance account security.
This study underscores the critical need for improved password hygiene and the adoption of more secure authentication methods to protect personal and organizational data in an increasingly digital world.
Source:
https://cybernews.com/security/password-leak-study-unveils-2025-trends-reused-and-lazy/Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
LockBit Ransomware Group Breached: Internal Data and Victim Chats Leaked
The notorious LockBit ransomware gang has suffered a significant breach, with its dark web infrastructure defaced and internal data leaked. A message reading "Don't do crime CRIME IS BAD xoxo from Prague" appeared on one of LockBit's dark web sites, accompanied by a link to a cache of leaked data, including chat logs between the hackers and their victims.
Cybersecurity experts from Analyst1 and Rapid7 have reviewed the leaked materials and consider them authentic. The data reveals LockBit's indiscriminate targeting, including small businesses, for ransom. Analysts suggest this breach could significantly impact the group's operations and credibility.
This incident follows previous disruptions, including a major international law enforcement operation in February 2024 that seized some of LockBit's infrastructure . Despite past resilience, this latest breach represents a substantial blow to the group's stature.
https://www.computing.co.uk/news/2025/security/lockbit-ransomware-gang-hacked-again
-
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
Cybercriminals are exploiting the popularity of AI tools by creating fake AI-powered platforms to distribute a new information-stealing malware called Noodlophile. These fraudulent platforms, often advertised through seemingly legitimate Facebook groups and viral social media campaigns, have attracted over 62,000 views on a single post, indicating a significant reach.
Users are lured into these schemes by promises of AI-generated content creation services, such as videos, logos, and images. Upon uploading their content, users are prompted to download what they believe is their AI-enhanced media. Instead, they receive a malicious ZIP archive named "VideoDreamAI.zip". This archive contains a deceptive executable file, "Video Dream MachineAI.mp4.exe", which initiates the infection chain.
The executable launches a legitimate binary associated with ByteDance's video editor, CapCut, which is used to run a .NET-based loader named CapCutLoader. This loader then downloads and executes a Python payload ("srchost.exe") from a remote server. The Python binary facilitates the deployment of Noodlophile Stealer, capable of harvesting browser credentials, cryptocurrency wallet information, and other sensitive data. In some instances, the stealer is bundled with a remote access trojan like XWorm, providing attackers with deeper access to infected systems.
Investigations suggest that the developer of Noodlophile is of Vietnamese origin, with a GitHub profile claiming to be a "passionate Malware Developer from Vietnam." This campaign underscores a growing trend where threat actors leverage public interest in AI technologies to propagate malware, highlighting the need for increased vigilance when engaging with online AI tools.
Sources:
https://thehackernews.com/2025/05/fake-ai-tools-used-to-spread.html -
Spain Probes Cybersecurity Gaps in Wake of Massive Power Grid Blackout
On April 28, Spain experienced a catastrophic blackout, losing 60% of its power—roughly 15GW—in just five seconds. While the cause remains under investigation, Spain's National Cybersecurity Institute (Incibe) is now scrutinizing small and medium-sized renewable energy producers for potential cybersecurity weaknesses.
The inquiry targets decentralized renewable sources—like solar and wind farms—that rely on internet-connected systems, making them more vulnerable to remote exploits. Investigators are questioning operators on remote access capabilities, recent patches, and anomaly logs.
Despite no initial evidence of cyber intrusion at Spain’s main grid operator (Red Eléctrica), the government isn't ruling out a coordinated cyberattack. With 100,000 cyber incidents recorded in Spain last year and a €1.1B investment announced to bolster cybersecurity, the investigation reflects growing concern over the fragility of modern, decentralized infrastructure.
Security experts remain skeptical, citing the technical difficulty of executing a synchronized attack of such scale. Yet the sheer impact has prompted a deeper look into firmware-level risks, IoT vectors, and underregulated installations—especially those below 1MW that fall outside real-time monitoring capabilities.
Sources:
https://www.ft.com/content/a24e6e3c-cf9f-4093-833b-6e7492e7e7f0 -
Exodus to Drop Monero (XMR) Support by August 2025 — What You Need to Know
Exodus Wallet, a popular self-custody cryptocurrency wallet, has officially announced it will discontinue support for Monero (XMR) on August 10, 2025. After this deadline, users will no longer be able to send, receive, or view XMR balances through Exodus.
What You Should Do:Before August 10, 2025:- You can send your XMR to another wallet or swap it for another asset within Exodus.
- Exodus Swap remains available for converting XMR to other coins until the cutoff date.
After August 10, 2025:- You won’t be able to interact with XMR in Exodus in any form.
- However, using your 25-word mnemonic, you can recover your Monero in any compatible wallet.
Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
Troy Hunt's Mailchimp List Breached via Phishing Attack in March 2025While old news, Troy Hunt, the security researcher behind Have I Been Pwned, disclosed that his Mailchimp account was compromised on March 25, 2025, via a phishing attack. The attacker tricked him into entering credentials on a fake Mailchimp SSO site, then swiftly replayed both his username and OTP to the real Mailchimp login endpoint. Within moments, the intruder exported his full mailing list—over 16,000 records—before access could be revoked.
Cloudflare quickly blocked the phishing site, but not before Troy's credentials were compromised:
The stolen data included subscriber email addresses, subscription preferences, and metadata such as IP addresses, derived lat/long, time zones, and timestamps. Alarmingly, it also contained over 7,500 unsubscribed addresses, prompting questions about Mailchimp’s data retention policies and GDPR compliance.
The phishing email was sent to a unique Mailchimp-specific address, suggesting the attacker may have sourced their target list from a previous Mailchimp-related breach, possibly the 2022 crypto-targeted incident. Other organizations have reported receiving identical phishing messages, further supporting this theory.
Troy has since rotated credentials, removed the API key, and had his account access restored. The compromised data has already been loaded into Have I Been Pwned, and affected users have been notified.
https://haveibeenpwned.com/PwnedWebsites#TroyHuntMailchimpList
https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/
-
FBI Warns Senior U.S. Officials of AI Voice Cloning and Smishing Campaigns
The FBI has issued an urgent alert about a wave of sophisticated social engineering attacks where threat actors impersonate high-ranking U.S. officials using AI-generated voice cloning and malicious text messages (smishing).
These messages have targeted both current and former government personnel as well as their contacts, aiming to build trust and eventually extract access to sensitive accounts or information. The tactics mirror spear-phishing, but leverage newer AI tools to enhance credibility.
Notably:
- AI voice cloning usage surged 442% in late 2024, making vishing (voice phishing) a potent new threat.
- Publicly available speeches or interviews are often enough to train a voice model with highly realistic results.
- These methods are now part of campaigns by state-linked groups and ransomware actors like Scattered Spider and AlphV.
- Mandiant reports successful red-team use of cloned voices to bypass security teams and deploy malware.
This trend reflects a broader rise in AI-powered attack vectors and underscores the need for multi-factor authentication, strict access controls, and ongoing employee training in recognizing manipulative communications.
Sources:
https://www.ic3.gov/PSA/2025/PSA250515https://www.cybersecuritydive.com/news/fbi-us-officials-impersonated-text-ai-voice/748334/
-
Inside Job - Coinbase Faces $400M Fallout After Insider Data Breach and $20M Ransom Demand
On May 15, 2025, Coinbase disclosed a significant data breach involving bribed overseas customer support agents who leaked sensitive customer information. The breach affected approximately 1% of users, compromising data such as names, contact details, masked Social Security numbers, bank account identifiers, government-issued ID images, and transaction histories.
The attackers demanded a $20 million ransom, which Coinbase refused to pay. Instead, the company established a $20 million reward fund for information leading to the arrest and conviction of the perpetrators. The breach is projected to cost Coinbase between $180 million and $400 million, encompassing remediation efforts and customer reimbursements.
In response, Coinbase has terminated the involved contractors, enhanced fraud monitoring, and is cooperating with U.S. and international law enforcement agencies. The U.S. Department of Justice has initiated an investigation into the incident.
The breach has also led to multiple lawsuits alleging inadequate security measures by Coinbase. Despite the breach, Coinbase confirmed that no passwords, private keys, or customer funds were compromised.
Sources:
https://cybersecuritynews.com/coinbase-hacked
https://www.businessinsider.com/coinbase-hack-crypto-scam-fraud-coin-sp500-listing-cryptocurrency-exchange-2025-5
https://www.thetimes.com/business-money/companies/article/coinbase-says-hackers-bribed-staff-in-cyberattack-9vgkbq5whSysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
Critical RCE Vulnerability in Lexmark Printers (CVE-2025-1127) Threatens Networks
A critical vulnerability, CVE-2025-1127, has been identified in over 150 Lexmark printer models, including the CX, MX, XC, and CS series. This flaw allows remote attackers to execute arbitrary code on unpatched devices by exploiting a combination of path traversal (CWE-22) and race condition (CWE-362) vulnerabilities in the embedded web server. The vulnerability has been assigned a CVSS v3.1 score of 9.1 (Critical).
Discovered by DEVCORE researchers through Trend Micro’s Zero Day Initiative, the exploit requires network access and valid credentials. However, many devices remain vulnerable due to unchanged default admin credentials. Attackers can leverage this flaw to deploy ransomware, exfiltrate documents, or use compromised printers as entry points into corporate networks.
Affected Models:
The vulnerability impacts devices running firmware versions released before February 13, 2025. A wide range of Lexmark models are affected, including CX950, XC9525, MX953, CX961, XC9635, CS963, CX833, MS531, MX532, CS531, CX930, XC9325, CS943, MX432, CX730, CS730, MS321, M1242, B2338, MS622, MX321, MB2338, MS725, B2865, MS822, MX721, XM5365, MB2770, CS622, CS421, C2325, CX522, MC2535, CX421, MC2325, B2236, MS331, M1342, B3442, XM1342, MX331, MB3442, C3426, CS431, CS331, C3224, C2326, MC3426, CX431, XC2326, MC3426, MC3224, CX331, CX820, XC6152, CS820, C6160, CS720, C4150, CX725, XC4140, CS921, C9235, CX920, XC9225, and more.Lexmark has released patched firmware versions with “.206” or “.408” suffixes across 38 distinct product families. Administrators can verify firmware versions through the control panel’s Settings → Reports → Menu Setting Page.
Sources:
https://gbhackers.com/critical-vulnerability-in-lexmark-printers/
https://cyberpress.org/lexmark-printer-flaw/ -
AirBorne Alert: 23 Zero-Click Vulnerabilities in Apple AirPlay Expose Billions of Devices to RCE Threats
Security researchers at Oligo Security have disclosed 23 previously unknown vulnerabilities in Apple's AirPlay protocol, collectively dubbed “AirBorne.” These flaws affect Apple and third-party AirPlay-compatible devices, including smart TVs, speakers, and in-car systems like CarPlay. Critically, several of the bugs are zero-click and wormable, meaning attackers can exploit them without user interaction and potentially spread laterally across networks.
The vulnerabilities allow remote code execution (RCE) and device hijacking over the same Wi-Fi network. Attackers can silently compromise a device, execute arbitrary payloads, and even eavesdrop via smart systems, turning entertainment features into serious security liabilities.
Impacted devices range from iPhones, iPads, and MacBooks to third-party IoT devices, many of which may not receive timely security updates. Despite Apple patching the core vulnerabilities in recent OS updates, many third-party vendors remain exposed, as they rely on outdated SDKs or unsupported firmware.
Key Points:
- Zero-click, wormable RCE vulnerabilities
- Exploitable via Wi-Fi proximity, no pairing needed
- 23 CVEs affecting both Apple and OEM AirPlay implementations
- Attacks demonstrated on smart TVs, speakers, and vehicle infotainment systems
- Major concern for unpatched third-party devices still using vulnerable AirPlay stacks
- Researchers urge users to disable AirPlay on untrusted networks
- Apple users should update iOS/macOS immediately
- Devs/OEMs must audit third-party SDKs and deploy firmware updates ASAP
Sources:
- https://www.kaspersky.com/blog/airborne-wormable-zero-click-vulnerability-in-apple-airplay/53443/
- https://timesofindia.indiatimes.com/technology/tech-news/apple-airplay-may-have-major-security-flaws-that-can-allow-hackers-to-hijack-devices-researchers-claim/articleshow/121346229.cms
- https://www.ndtv.com/world-news/apple-warns-iphone-users-advises-them-to-urgently-turn-off-this-feature-8464822
-
GhostSpy Android RAT: Stealthy Remote Control Malware
A newly surfaced Android RAT dubbed GhostSpy is making waves in the wild. It uses Accessibility abuse, UI automation, and overlay techniques to gain full device control — logging keystrokes, stealing 2FA codes, bypassing secure banking app protections, and maintaining persistence through anti-uninstall overlays.
High level overview:
- Installs silently via dropper APK using update.apk
- Bypasses permissions with automated UI taps
- Screenshares even protected apps via UI reconstruction
- Intercepts 2FA codes from Google/Microsoft Authenticator
- Remotely wipes device via Device Admin API
- Uses fake full-screen uninstall warnings
- Real-time audio/video surveillance, SMS exfiltration
Sources:
Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
Unimed Data Breach Exposes 14 Million Patient-Doctor Communications
Unimed, Brazil's largest healthcare cooperative, inadvertently exposed over 14 million patient-doctor messages through an unsecured Apache Kafka instance. The breach included sensitive data such as names, phone numbers, email addresses, Unimed card numbers, uploaded images, documents, and real-time chat logs from both human doctors and Unimed's AI chatbot, "Sara".
Cybernews researchers discovered the misconfigured Kafka broker on March 24, 2025, and notified Unimed on March 31. The exposed instance was secured by April 7. Unimed stated on May 29 that the incident was isolated, promptly resolved, and that there is no evidence, so far, of any leakage of sensitive data from clients, cooperative physicians, or healthcare professionals. An in-depth investigation remains ongoing.
Sources:
-
ViciousTrap: Persistent SSH Backdoors Found in 9,000+ ASUS Routers
A sophisticated cyberattack campaign, dubbed ViciousTrap, has compromised over 9,000 ASUS routers, establishing persistent SSH backdoors that survive reboots and firmware updates.
Discovered by GreyNoise in March 2025, the attackers exploit a command injection vulnerability (CVE-2023-39780) and authentication bypass techniques to gain access. They then enable SSH on port 53282 and insert their own public keys into the routers' NVRAM, ensuring persistence even after firmware upgrades.
The attack is stealthy, involving no malware installation and disabling router logging to avoid detection. The compromised routers are believed to be part of a larger operational relay box (ORB) network, potentially laying the groundwork for future botnet activities.
Indicators of Compromise (IOCs):
- SSH enabled on TCP port 53282
- Presence of unauthorized SSH public keys
- Known malicious IP addresses:
- 101.99.91.151
- 101.99.94.173
- 79.141.163.179
- 111.90.146.237
Sources:
Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, FedoraTwo information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).
CVE-2025-5054 (CVSS score: 4.7) - A race condition in Canonical apport package up to and including 2.32.0 that allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces CVE-2025-4598 (CVSS score: 4.7) - A race condition in systemd-coredump that allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original processSource: https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html?m=1&s=09
-
FBI: Over 900 Organizations Hit by Play Ransomware, SimpleHelp Exploits and ESXi Variants Used
The Play ransomware group—also known as Playcrypt—has compromised approximately 900 organizations since its emergence in June 2022, according to a newly updated advisory from the FBI, CISA, and Australian Cyber Security Centre (ACSC). Initially thought to have about 300 victims as of October 2023, Play has seen a rapid expansion, becoming one of the most active ransomware gangs in 2024 and into 2025.
Play operates as a closed ransomware-as-a-service (RaaS) group employing double-extortion tactics, exfiltrating data before encrypting it to pressure victims into paying ransoms.
Play ransomware’s advanced operational security, tailored builds per target, and use of human-operated extortion methods reflect a shift toward more customized, persistent threat campaigns. The exploitation of RMM software like SimpleHelp and targeting of ESXi environments shows an intent to hit core infrastructure, increasing pressure on victims to pay.
Exploited Vulnerabilities:
Source:
https://www.securityweek.com/fbi-aware-of-900-organizations-hit-by-play-ransomware/Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
Supply-Chain RAT Compromise Strikes 16 Gluestack React-Native-Aria Packages With Nearly 1 Million Weekly Downloads
On June 6, 2025, threat actors injected heavily obfuscated remote-access-trojan (RAT) code into a new version of the Gluestack react-native-aria/focus package on NPM. Within hours, 16 of the 20 total Gluestack React-Native-Aria packages—totaling roughly 960,000 weekly downloads—were compromised. The malicious payload was appended (padded with spaces) to the end of each package’s lib/index.js file, making it easy to miss via the standard NPM code viewer.
Aikido Security’s analysis revealed that the RAT establishes a persistent connection to the attacker’s command-and-control (C2) server and accepts a variety of commands, including directory changes, file uploads, and arbitrary shell execution via child_process.exec(). Additionally, the malware prepends a fake Python path to the Windows PATH environment variable, hijacking legitimate python and pip invocations to execute malicious binaries silently.
Attempts by Aikido researcher Charlie Eriksen to contact Gluestack maintainers via GitHub issues have gone unanswered, and while NPM has been alerted, remediation could take several days. This campaign appears linked to the same actors behind four other NPM compromises earlier this week (biatec-avm-gas-station, cputil-node, lfwfinance/sdk, and lfwfinance/sdk-dev), underscoring the growing risk of high-volume supply-chain attacks in the JavaScript ecosystem.
Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
GitLab Urgently Patches Multiple High‑Severity Flaws Allowing Account Takeover and CI/CD Job Injection
Critical versions released: GitLab has shipped security updates—Community and Enterprise editions 18.0.2, 17.11.4, and 17.10.8—addressing several severe vulnerabilities. Administrators of self-hosted instances are urged to upgrade immediately. GitLab.com already runs the patched versions; dedicated customers unaffected.
Vulnerabilities patched:
- HTML injection / account takeover (CVE‑2025‑4278): A malicious actor could exploit this flaw via the search page, injecting HTML to hijack user sessions and take over accounts remotely.
- Auth bypass in Ultimate EE—CI/CD job injection (CVE‑2025‑5121): This missing-authorization bug allows authenticated users on Ultimate editions to inject arbitrary CI/CD jobs into any future pipelines—raising risk of code injection. Exploitation requires Ultimate license and authenticated access.
- Cross-site scripting (CVE‑2025‑2254): Enables session hijacking via script execution in snippet viewer.
- Denial-of-Service (CVE‑2025‑0673): Infinite redirect loop forcing memory exhaustion and denial of service.
-
Widespread Google Cloud & Cloudflare Outage Disrupts Spotify, Discord, Gmail & More
Timeline & Root Cause
- The outage began approximately 10:51 UTC on June 12, when Google Cloud’s Identity and Access Management (IAM) service began failing, triggering cascading disruptions.
- Around 18:19 UTC, Cloudflare reported numerous authentication and connectivity failures, notably in Access and Zero Trust WARP services.
Services Impacted
- Google Cloud: Over 50 services impacted—BigQuery, App Engine, Cloud Storage, Vertex AI Search, Cloud Shell, Memorystore, Dataproc, Workstations, IAM tools, and more.
- Cloudflare: Authentication failures affected Access, Workers KV, Stream, dashboard, AI Gateway, AutoRAG, WARP, Durable Objects; core network and CDN remained largely unaffected.
Downstream Effects
- Major platforms including Spotify, Discord, Google Workspace (Gmail, Meet), Twitch, Snapchat, Shopify, OpenAI services, and Replit experienced intermittent outages.
- Outage trackers like Downdetector, ThousandEyes, and similar services showed massive report spikes around midday UTC.
Mitigation & Recovery Status
- By 20:09 UTC, Google’s engineering teams had identified the root cause, initiated mitigations, and began service restorations—most regions recovered, except us-central1, with no ETA for full restoration.
- Cloudflare confirmed service recovery under way around 18:30 UTC, though some intermittent authentication errors persisted while caches refreshed.
- A scheduled maintenance was ongoing in Cloudflare’s Dallas data center earlier (08:00–10:00 UTC), but engineers affirm it was unrelated to this global outage.
Sources:
