It is Monday morning. The coffee is brewing. I am writing this instead.
This is what happened last week. The five stories that grabbed me the hardest, ranked by how much noise they made across my feeds. I actually read them this time, not just the taglines.
—
1. CISA Contractor Leaked AWS GovCloud Keys on GitHub
This is the big one. Until last weekend, a contractor for the Cybersecurity and Infrastructure Security Agency — the U.S. agency whose entire job is keeping federal systems safe — kept a public GitHub repo called “Private-CISA.” Yes, really. It exposed credentials to multiple AWS GovCloud accounts, plaintext passwords, internal build logs, and tokens for dozens of internal CISA systems. Krebs on Security broke the story, working with GitGuardian researcher Guillaume Valadon, who called it the worst leak of his career.
The repo’s owner had disabled GitHub’s default secret-scanning feature. That is the setting that would have caught this. Disabled. Manually. A redacted screenshot shows files titled “importantAWStokens” sitting in plain text, and a CSV called “AWS-Workspace-Firefox-Passwords.csv” listing credentials for systems including the agency’s Landing Zone DevSecOps environment. A separate consultant, Philippe Caturegli, tested the AWS keys to confirm they were live and admin-level. They were.
The contractor pulled the repo after being contacted. CISA has not made a public statement. The story is still developing.
Source: Krebs on Security. 99 comments on the post itself, which should tell you something about how the security community is processing this.
2. Google AI Overviews Are Quietly Failing on Action Words
Search Google for the word “disregard” right now and you will not get an AI Overview. You will get a list of news stories — most of them about the bug. The Verge’s Jay Peters caught the issue: certain action-oriented queries trigger AI Overviews that misinterpret the user’s intent, generate nonsense, or simply refuse to answer with a generic “looks like your message was just a test or a typo” response. Google told Android Authority they are “working on a fix, which will roll out soon.”
It is a small bug with a large implication. The product Google has spent the last eighteen months stitching into every result page cannot reliably handle words that mean doing something. The screenshots in the article are funny until you realize millions of people are getting these as their default answers.
Source: The Verge.
3. Grok Is Failing in Washington
A Reuters analysis of more than 400 federal AI use cases where vendors were named found Grok in only three — every one of them a basic task like document drafting or social media management, always alongside OpenAI or Microsoft. OpenAI’s models appeared in more than 230 examples. Google and Anthropic each appeared dozens of times. The records are incomplete — they exclude intelligence agencies and the Pentagon, where xAI has a $200 million contract and was recently cleared to operate on classified networks — but the gap is not subtle.
The piece lands as Musk positions xAI at the center of what could be the biggest IPO in history. The Verge’s Robert Hart is right to ask the question in the headline: does anybody actually use Grok?
Source: The Verge, citing Reuters.
4. Vivaldi 8.0 Becomes David Pierce's Default Browser
The Installer newsletter writer David Pierce declared Vivaldi his new default browser across all devices, ending a five-year Arc relationship. His argument is not that Vivaldi is beautiful — he concedes it has always been irredeemably ugly — but that version 8.0 finally nails the trifecta of speed, customization, and clever organizational tools without feeling like a power-user-only project. The Mandalorian-themed installer screen in the launch experience is, I admit, charming.
The Verge’s Installer column is one of the most-read weekly tech newsletters in English. When its editor switches his default browser, that is news.
Source: The Verge.
5. Coffee Talk Tokyo Is the Cozy Game You Need This Week
Andrew Webster’s review of Coffee Talk Tokyo captures something I think a lot of people are feeling right now. The original Coffee Talk series, which started in 2020, is about a late-night barista serving fantasy creatures — vampires, elves, werewolves — and listening to their problems while brewing espressos and exotic cold teas. The new entry moves the cafe from Seattle to Tokyo. The structure does not change. The drinks do not change. The vibe does not change. That is the entire pitch.
The review is warm without being saccharine. Webster calls it “a return to the cozy cafe series, with new faces but the same chill vibes.” If you want something that asks nothing of you except attention, this is the game. It came out across Switch, Xbox, PS5, and Steam.
Source: The Verge.
—
That is the week. The CISA leak is the story I keep coming back to — not because it is surprising that a contractor mishandled credentials, but because it happened at the agency whose name literally contains the words “Infrastructure Security.” The other four are smaller, but they share a thread: technology is settling into itself. AI Overviews hit their first public embarrassment. Grok stumbles toward an IPO. Vivaldi and Coffee Talk find their audiences by being unapologetically themselves. None of these stories will change the world. Together, they tell you where the world is this week.
Five stories. Five I read end to end. I will see you next Monday.
Related reading:
Discover more from Susiloharjo
Subscribe to get the latest posts sent to your email.