The State Department has approved two major Foreign Military Sales (FMS) to Denmark, authorizing the transfer of advanced U.S. air-to-air missiles and a ground-based air defense system with an estimated combined value of $3.73 billion. According to a press release from the Defense Security Cooperation Agency (DSCA), Denmark has been cleared to purchase 200 AIM-120C-8 [β¦]BAE Systems has secured a new $198.4 million contract modification from the U.S. Army to produce an additional 240 Armored Multi-Purpose Vehicles (AMPVs). The award is a fixed-price-incentive modification to contract W56HZV-23-C-0024, and brings the total value of the agreement to just under $2.48 billion. The Army Contracting Command at Detroit Arsenal, Michigan, is managing [β¦]The U.S. State Department has approved a possible $301 million Foreign Military Sale to Italy for advanced long-range cruise missiles and associated support, according to a release from the Defense Security Cooperation Agency (DSCA). Italy has requested to purchase 100 AGM-158B/B-2 Joint Air-to-Surface Standoff Missiles with Extended Range (JASSM-ER), along with encryption equipment, software, spare [β¦]Lockheed Martin has received a $1.14 billion contract modification from the Department of the Navy to fund long lead components for future production of F-35 fighter jets under Lots 20 and 21, the Pentagon announced. According to a release, the modification (P00005) to contract N0001925C0070 covers procurement of parts, materials, and components in support of [β¦]The State Department has approved a possible Foreign Military Sale to the Republic of Korea for an additional batch of GBU-39/B Small Diameter Bombs (SDB-I) and associated equipment, with a total estimated cost of $111.8 million. According to a press release from the Defense Security Cooperation Agency (DSCA), the Republic of Korea has requested to [β¦]
ServiceNowβs dominant spot among IT service management (ITSM) platforms is facing its βmost credibleβ threat to date, as longtime platform rival Salesforce has rolled out an AI agent-powered product that has won early plaudits from one of the largest credit unions in the US.β¦
Mahri Stainnak got the call the day after President Donald Trump took office: the Office of Personnel Managementβs human resources office was putting them on administrative leave βeffective immediately,β while the agency βinvestigates your radical and wasteful DEI activity.β
Stainnak was surprised by the news. Before the Trump administration, they served as OPMβs deputy director of the governmentwide Office of Diversity, Equity, Inclusion and Accessibility. But now they worked as the director of OPMβs talent innovation group, a human resources job focused on recruiting and retaining talent across the federal government.
βI said, βWait a minute, Iβm not in diversity, equity and inclusion.β I started a new role in a job that has nothing to do with diversity, equity and inclusion.β So I felt incredibly shocked and confused,β Stainnak said.
The second call came 48 hours later: Stainnak, a nonbinary person who had worked in the federal government for more than 16 years, received a reduction in force notice, as part of the Trump administrationβs plan to root out DEI programs across the federal government.
Stainnak is now part of a class-action lawsuit filed this week in the D.C. District Court for the District of Columbia.
The lawsuit, led by the American Civil Liberties Union of D.C., claims the Trump administration unlawfully targeted and fired federal employees perceived to be associated with DEI work β even if their current jobs had nothing to do with it.
Mary Kuntz, an attorney at the law firm Kalijarvi, Chuzi, Newman & Fitch, P.C. who is representing the former employees, said the administrationβs actions βclearlyβ violate the Civil Service Reform Act, because employees like Stainnak were fired for previous work in DEI positions.
βYou canβt RIF somebody from a position theyβre not in,β Kuntz said. βThey sought to punish Mahri [Stainnak] for previous DEI work. Thatβs a violation of the First Amendment.β
Kuntz said the lawsuit claims that the administrationβs push to βeviscerateβ DEI programs also had a disproportionate impact on people of color, women, non-binary individuals, and violates Title VII of the 1964 Civil Rights Act.
βThe DEI folks were working on behalf of people with disabilities, people who are non-native speakers of English. They were advocating for protected groups,β she said.
On the campaign trail last year, President Donald Trump pledged to βeliminate all diversity, equity, and inclusion programs across the entire federal government,β and characterized these programs as promoting βun-Americanβ ideology.
On his first days in office, Trump signed executive orders that directed agencies to create lists of employees associated with DEI going back to Nov. 5, 2024 β the date of the presidential election. Β The complaint says agencies were directed to remove those employees, βregardless of their current roles or duties.β
βPresident Trumpβs directives did not merely represent a change in presidential priorities β a normal occurrence when presidential administrations change. Rather, they were targeted actions intended to punish perceived political enemies, as well as to eliminate from the federal workforce women, people of color, and those, like plaintiffs, who advocated for or were perceived as advocating for protected racial or gender groups,β the complaint states.
The complaint says agencies set competitive levels for the RIFs so narrowly that federal employees were unable to compete for retention, and that those impacted by RIFs were not considered for reassignment to other jobs.
βI absolutely feel targeted on the basis of what the Trump administration believes my beliefs are, because I was not working in a diversity, equity and inclusion role in any way at the time when the new administration came in, or at the time I was placed on administrative leave,β Stainnak said.
For all the Trump administrationβs actions to strip DEI out of the federal workforce, Kuntz said the presidentβs executive orders donβt go into any detail to define DEI.
βHe characterizes them as illegal and discriminatory and various other things β¦ but does doesnβt define them,β Kuntz said. βYou canβt decide that somebody is a different party than the party in the White House and decide to fire them on that basis.β
The lawsuit states that the total number of federal employees impacted by the DEI rollback fis unknown, but says news reports suggest it could be βpotentially in the thousands.β
The complaint states that at least 40 women or non-binary individuals, and more than 40 people of color received layoffs in connection with the Trump administrationβs directives.
Stainnak and their colleagues filed an appeal to the Merit Systems Protection Board in March, but Kuntz said that appeal and similar cases brought before the Office of Special Counsel and agenciesβ Equal Employment Opportunity (EEO) offices, have stalled.
In their last role, Stainnak helped agencies recruit top talent into the federal workforce. But they said the Trump administrationβs purge of DEI workers has pushed out individuals who worked on bipartisan projects.
Former federal employees leading the lawsuit include a former operations manager at the Department of Veterans Affairs who βhelped ensure that veterans were not inhibited from accessing earned benefits due to cultural or socioeconomic barriers,β a Department of Homeland Security Employee who led language competency efforts at the border to advance intelligence gathering and the safety of Immigration and Customs Enforcement officers.
βBy illegally targeting people based on the Trump administrationβs assumptions about our political beliefs, or by targeting us based on who we are, this administration actually is hurting the people who work and live in this country, because now these dedicated, hardworking federal servants are not in their jobs providing the critical services that they do, whether itβs responding to emergencies like hurricanes and making sure folks have drinking water and shelter, or making sure our transportation systems are safe and timely. This action is really hurting the people who live in this country,β Stainnak said.
The post Federal employees who left βDEIβ roles still fired under Trump administration purge, lawsuit claims first appeared on Federal News Network.
Β© The Associated Press
Looking for a dose of festive cheer this holiday season?Β
You might just find it in an unexpected corner of Seattle, where the spirits of the tech past linger.Β
The former headquarters of PayScale, the compensation data company that once called the historic Palmer Building in SoDo home, has been completely transformed into a winter wonderland that includes a family-friendly daytime experience called Kringleβs Inventionasium and an adults-only evening Elf Bar pop-up.
Itβs an unusual metamorphosis of a fancy high-tech office space, one that received recognition at the 2017 GeekWire Awards as one of the regionβs Geekiest Office Spaces. But time moves on, and so has PayScale.
The 22-year-old software company βΒ which in 2019 was valued at $325 million after a private equity infusion β moved its headquarters to Boston in March. The Puget Sound Business Journal reported the news earlier this week.
Now, where software geeks once wrote code and executives debated corporate strategy, elves and Santaβs reign.Β
Itβs all the magical dream of LIT Immersive founders Jason DeLeo and Jen Matthews, two theater geeks with a flair for immersive experiences. They took control of a portion of the former PayScale space about 18 months ago, and since then have created a wide array of themed experiences across the 18,000 square feet of space directly west of Lumen Field.Β
The transformation from corporate office to immersive playground was made possible by the fact that the tech company had virtually abandoned the space, leaving most of the infrastructure βΒ not to mention TVs, power cords and other gear βΒ intact.Β
βAlmost everything is still here from (PayScale),β DeLeo said. βThe microwaves are still the microwaves that they used. Their dishwashers. They had a kegerator, we have the kegerator β¦ itβs all here.β
This allowed DeLeo and Matthews to save hundreds of thousands of dollars on the buildout of the space. The former PayScale sports bar β a highlight of the former office space β was easily repurposed (which DeLeo and Matthews happily open on game days for fans of the Seahawks and Mariners). The second floor break rooms are now used as a green room for the actors who perform in the various shows.Β
βWe knew that PayScale was here, and thatβs what turned us onto the space because it was fully networked,β said DeLeo.Β
The Elf Bar concept was also a stroke of luck. DeLeo and Matthews had already been cooking up a holiday-themed cocktail bar concept called Elfβd Up this year, when they were approached with a licensing deal from the creators of Elf Bar. Pop-up holiday-themed cocktail bars started gaining momentum about a decade ago, with organizations like Miracle now operating dozens of locations internationally, including four spots in Washington state.Β
Beyond its festive cocktails, Elf Bar offers a host of activities for 21+ crowd: holiday-themed trivia; karaoke lounge; a snowball fight club; and games. Reservations for three evening time slots are available, and tickets range from $15.50 to $18.50. The Elf Bar is open through Dec. 21, though DeLeo said they may extend the pop-up based on demand.Β
The day-time, kid-friendly Kringleβs Inventionasium βΒ inspired by a long-running show in Cleveland, Ohio βΒ has been a hit with families and school groups. Cost of that experience ranges from $24 to $63 per guest, with the daytime shows running through December 24.
Next up for DeLeo and Matthews? With the FIFA World Cup coming to Seattle next summer βΒ including six matches across the street at Lumen Field βΒ they are already planning for the next immersive experience or ways to rent the space to a team, corporate sponsor or broadcast company.Β
DeLeo said they are βprayingβ that Seattle gets some big-name teams during the World Cup draw today.Β Their holiday wish may have come true, with the U.S. Menβs National Team slated to play Australia βΒ known as the βsocceroosβ βΒ on Friday, June 19 at Lumen Field.
Google Chrome is rolling out updates to its autofill feature, giving the browser much deeper access to the data stored in your Google Account and Google Wallet. This move means consolidating even more of your personal information under Google's umbrella.
Google just announced that it has raised the rate limits for its Antigravity development platform. However, this benefit is primarily reserved for users who pay for Google AI Pro or Ultra subscriptions. Free users still have to do the workarounds for the incredibly low limits.
I was surprised the best chatbot for job searches wasn't the one I thought it would be.
The post I tested job searches using Gemini, ChatGPT, and Grok, and thereβs a clear standout appeared first on Digital Trends.
Calibre just dropped version 8.16.1, and it brings a new feature that lets you ask an AI what book you should read next. This latest update builds on the AI capabilities the Calibre team has been adding over the past few months, which follows the trend of adding AI whenever possible.
Thereβs some Toyota news today that doesnβt involve the chairman wearing a MAGA hat. The Japanese automaker evidently decided itβs been too long since it flexed its engineering chops on something with two doors and plenty of power, so it has rectified that situation with a new flagship coupe for its Gazoo Racing sporty sub-brand. Meet the GR GT, which looks set to go on sale toward the end of next year.
The Camry-esque look at the front, and to an extent the rear, came second to the GR GTβs aerodynamics, which is the opposite way to how Toyota usually styles its cars. Itβs built around a highly rigid aluminum frameβToyotaβs first, apparentlyβwith carbon fiber for the hood, roof, and some other body panels to minimize weight. The automaker says that lowering the carβs center of gravity was a top priority, and weight balance and distribution also help explain the transaxle layout, where the carβs transmission is behind the cockpit and between the rear wheels.
That transaxle transmission will be an eight-speed automatic that uses a wet clutch instead of a torque converter and into which the carβs hybrid motor is integrated. Power from the 4.0 L twin-turbo V8 and the hybrid system should be a combined 641 hp (478 kW) and 626 lb-ft (850 Nm). Despite the aluminum frame and use of composites, the GT GR is no featherweight; it will weigh as much as 3,858 lb (1,750 kg). The V8 is a new design with a short stroke, a hot-V configuration for the turbochargers, and dry sump lubrication.
Β© Toyota
After a week away recovering from too much turkey and sweet potato casserole, weβre back for more security news! And if you need something to shake you out of that turkey-induced coma, React Server has a single request Remote Code Execution flaw in versions 19.0.1, 19.1.2, and 19.2.1.
The issue is insecure deserialization in the Flight protocol, as implemented right in React Server, and notably also used in Next.js. Those two organizations have both issued Security Advisories for CVSS 10.0 CVEs.
There are reports of a public Proof of Concept (PoC), but the repository that has been linked explicitly calls out that it is not a true PoC, but merely research into how the vulnerability might work. As far as I can tell, there is not yet a public PoC, but reputable researchers have been able to reverse engineer the problem. This implies that mass exploitation attempts are not far off, if they havenβt already started.
We often cover security flaws that are discovered by merely poking around the source of a web interface. [Alex Schapiro] went above and beyond the call of duty, manually looking through minified JS, to discover a major data leak in the Filevine legal AI. And the best part, the problem isnβt even in the AI agent this time.
The story starts with subdomain enumeration β the process of searching DNS records, Google results, and other sources for valid subdomains. That resulted in a valid subdomain and a not-quite-valid web endpoint. This is where [Alex] started digging though Javascript, and found an Amazon AWS endpoint, and a reference to BOX_SERVICE. Making requests against the listed endpoint resulted in both boxFolders and a boxToken in the response. What are those, and what is Box?
Box is a file sharing system, similar to a Google Drive or even Microsoft Sharepoint. And that boxToken was a valid admin-level token for a real law firm, containing plenty of confidential records. It was at this point that [Alex] stopped interacting with the Filevine endpoints, and contacted their security team. There was a reasonably quick turnaround, and when [Alex] re-tested the flaw a month later, it had been fixed.
The web is full of useful tools, and Iβm sure we all use them from time to time. Or maybe Iβm the only lazy one that types a math problem into Google instead of opening a dedicated calculator program. Iβm also guilty of pasting base64 data into a conversion web site instead of just piping it through base64 and xxd in the terminal. Watchtowr researchers are apparently familiar with such laziness efficiency, in the form of JSONformatter and CodeBeautify. Those two tools have an interesting feature: an online save function.
You may see where this is going. Many of us use Github Gists, which supports secret gists protected by long, random URLs. JSONformatter and CodeBeautify donβt. Those URLs are short enough to enumerate β not to mention there is a Recent Links page on both sites. Between the two sites, there are over 80,000 saved JSON snippets. What could possibly go wrong? Not all of that JSON was intended to be public. Itβs not hard to predict that JSON containing secrets were leaked through these sites.
And then on to the big question: Is anybody watching? Watchtowr researchers beautified a JSON containing a Canarytoken in the form of AWS credentials. The JSON was saved with the 24 hour timeout, and 48 hours later, the Canarytoken was triggered. That means that someone is watching and collecting those JSON snippets, and looking for secrets. The moral? Donβt upload your passwords to public sites.
NPM continues to be a bit of a security train wreck, with the Shai Hulud worm making another appearance, with some upgraded smarts. This time around, the automated worm managed to infect 754 packages. It comes with a new trick: pushing the pilfered secrets directly to GitHub repositories, to overcome the rate limiting that effected this worm the first time around. There were over 33,000 unique credentials captured in this wave. When researchers at GitGuardian tested that list a couple days later, about 10% were still valid.
This wave was launched by a PostHog credential that allowed a malicious update to the PostHog NPM package. The nature of Node.js means that this worm was able to very quickly spread through packages where maintainers were using that package. Version 2.0 of Shai Hulud also includes another nasty surprise, in the form of a remote control mechanism stealthily installed on compromised machines. It implies that this is not the last time weβll see Shai Hulud causing problems.
[Vortex] at ByteRay took a look at an industrial cellular router, and found a couple major issues. This ALLNET router has an RCE, due to CGI handling of unauthenticated HTTP requests. Itβs literally just /cgi-bin/popen.cgi?command=whoami to run code as root. Thatβs not the only issue here, as thereβs also a hardcoded username and password. [Vortex] was able to derive that backdoor account information and use hashcat to crack the password. I was unable to confirm whether patched firmware is available.
Google is tired of their users getting scammed by spam phone calls and texts. Their latest salvo in trying to defeat such scams is in-call scam protection. This essentially detects a banking app that is opened as a result of a phone call. When this scenario is detected, a warning dialogue is presented, that suggests the user hangs up the call, and forces a 30 second waiting period. While this may sound terrible for sophisticated users, it is likely to help prevent fraud against our collective parents and grandparents.
What seemed to be just an illegal gambling ring of web sites, now seems to be the front for an Advanced Persistent Threat (APT). That term, btw, usually refers to a government-sponsored hacking effort. In this case, instead of a gambling fraud targeting Indonesians, it appears to be targeting Western infrastructure. One of the strongest arguments for this claim is the fact that this network has been operating for over 14 years, and includes a mind-boggling 328,000 domains. Quite the odd one.
Plus, the flagship OnePlus 15 is finally available for pre-order in the US.
The post OnePlus 15R poised to make battery anxiety a thing of the past with mega reveal appeared first on Digital Trends.
If you're anything like me, you've already hastily consumed the first four episodes of Stranger Things 5. Don't sit there twiddling your thumbs, though. Netflix has plenty more shows to keep you entertained.
As Microsoft continues giving everyone reasons to drop Windows in favor of a more reliable and open platform, there's no better time to explore what Linux has to offer. Here are a few good apps worth your time if you've got a Linux computer to play with this weekend.
The United States Army Contracting Command at Rock Island Arsenal has awarded Allied Metal Tech LLC of Greenville, Wisconsin, a contract valued at $272 million for the production of bomb dummy unit-50 (BDU-50) cast ductile iron devices with material handling pallets in support of the U.S. Air Force and potential Foreign Military Sales (FMS) requirements. [β¦]
Login