Army Brig. Gen. Matt Ross, director of Joint Interagency Task Force 401, visited the National Capital Region Coordination Center to meet with senior leaders from the Department of Homeland Security, the Transportation Security Administration, the Federal Air Marshal Service and Air Force personnel.
Some within the CRM giant balked, but Benioff prevailed
ServiceNow’s dominant spot among IT service management (ITSM) platforms is facing its “most credible” threat to date, as longtime platform rival Salesforce has rolled out an AI agent-powered product that has won early plaudits from one of the largest credit unions in the US.…
Mahri Stainnak got the call the day after President Donald Trump took office: the Office of Personnel Management’s human resources office was putting them on administrative leave “effective immediately,” while the agency “investigates your radical and wasteful DEI activity.”
Stainnak was surprised by the news. Before the Trump administration, they served as OPM’s deputy director of the governmentwide Office of Diversity, Equity, Inclusion and Accessibility. But now they worked as the director of OPM’s talent innovation group, a human resources job focused on recruiting and retaining talent across the federal government.
“I said, ‘Wait a minute, I’m not in diversity, equity and inclusion.’ I started a new role in a job that has nothing to do with diversity, equity and inclusion.’ So I felt incredibly shocked and confused,” Stainnak said.
The second call came 48 hours later: Stainnak, a nonbinary person who had worked in the federal government for more than 16 years, received a reduction in force notice, as part of the Trump administration’s plan to root out DEI programs across the federal government.
Stainnak is now part of a class-action lawsuit filed this week in the D.C. District Court for the District of Columbia.
The lawsuit, led by the American Civil Liberties Union of D.C., claims the Trump administration unlawfully targeted and fired federal employees perceived to be associated with DEI work — even if their current jobs had nothing to do with it.
Mary Kuntz, an attorney at the law firm Kalijarvi, Chuzi, Newman & Fitch, P.C. who is representing the former employees, said the administration’s actions “clearly” violate the Civil Service Reform Act, because employees like Stainnak were fired for previous work in DEI positions.
“You can’t RIF somebody from a position they’re not in,” Kuntz said. “They sought to punish Mahri [Stainnak] for previous DEI work. That’s a violation of the First Amendment.”
Kuntz said the lawsuit claims that the administration’s push to “eviscerate” DEI programs also had a disproportionate impact on people of color, women, non-binary individuals, and violates Title VII of the 1964 Civil Rights Act.
“The DEI folks were working on behalf of people with disabilities, people who are non-native speakers of English. They were advocating for protected groups,” she said.
On the campaign trail last year, President Donald Trump pledged to “eliminate all diversity, equity, and inclusion programs across the entire federal government,” and characterized these programs as promoting “un-American” ideology.
On his first days in office, Trump signed executiveorders that directed agencies to create lists of employees associated with DEI going back to Nov. 5, 2024 — the date of the presidential election. The complaint says agencies were directed to remove those employees, “regardless of their current roles or duties.”
“President Trump’s directives did not merely represent a change in presidential priorities — a normal occurrence when presidential administrations change. Rather, they were targeted actions intended to punish perceived political enemies, as well as to eliminate from the federal workforce women, people of color, and those, like plaintiffs, who advocated for or were perceived as advocating for protected racial or gender groups,” the complaint states.
The complaint says agencies set competitive levels for the RIFs so narrowly that federal employees were unable to compete for retention, and that those impacted by RIFs were not considered for reassignment to other jobs.
“I absolutely feel targeted on the basis of what the Trump administration believes my beliefs are, because I was not working in a diversity, equity and inclusion role in any way at the time when the new administration came in, or at the time I was placed on administrative leave,” Stainnak said.
For all the Trump administration’s actions to strip DEI out of the federal workforce, Kuntz said the president’s executive orders don’t go into any detail to define DEI.
“He characterizes them as illegal and discriminatory and various other things … but does doesn’t define them,” Kuntz said. “You can’t decide that somebody is a different party than the party in the White House and decide to fire them on that basis.”
The lawsuit states that the total number of federal employees impacted by the DEI rollback fis unknown, but says news reports suggest it could be “potentially in the thousands.”
The complaint states that at least 40 women or non-binary individuals, and more than 40 people of color received layoffs in connection with the Trump administration’s directives.
Stainnak and their colleagues filed an appeal to the Merit Systems Protection Board in March, but Kuntz said that appeal and similar cases brought before the Office of Special Counsel and agencies’ Equal Employment Opportunity (EEO) offices, have stalled.
In their last role, Stainnak helped agencies recruit top talent into the federal workforce. But they said the Trump administration’s purge of DEI workers has pushed out individuals who worked on bipartisan projects.
Former federal employees leading the lawsuit include a former operations manager at the Department of Veterans Affairs who “helped ensure that veterans were not inhibited from accessing earned benefits due to cultural or socioeconomic barriers,” a Department of Homeland Security Employee who led language competency efforts at the border to advance intelligence gathering and the safety of Immigration and Customs Enforcement officers.
“By illegally targeting people based on the Trump administration’s assumptions about our political beliefs, or by targeting us based on who we are, this administration actually is hurting the people who work and live in this country, because now these dedicated, hardworking federal servants are not in their jobs providing the critical services that they do, whether it’s responding to emergencies like hurricanes and making sure folks have drinking water and shelter, or making sure our transportation systems are safe and timely. This action is really hurting the people who live in this country,” Stainnak said.
President Donald Trump walks out of the Cabinet Room following a Cabinet meeting at the White House, Tuesday, Dec. 2, 2025, in Washington. (AP Photo/Julia Demaree Nikhinson)
The former headquarters of PayScale — which has relocated to Boston — now houses interactive experiences, including a winter wonderland-themed Elf Bar pop-up this month. (GeekWire Photos / John Cook)
Looking for a dose of festive cheer this holiday season?
You might just find it in an unexpected corner of Seattle, where the spirits of the tech past linger.
The former headquarters of PayScale, the compensation data company that once called the historic Palmer Building in SoDo home, has been completely transformed into a winter wonderland that includes a family-friendly daytime experience called Kringle’s Inventionasium and an adults-only evening Elf Bar pop-up.
It’s an unusual metamorphosis of a fancy high-tech office space, one that received recognition at the 2017 GeekWire Awards as one of the region’s Geekiest Office Spaces. But time moves on, and so has PayScale.
The 22-year-old software company — which in 2019 was valued at $325 million after a private equity infusion — moved its headquarters to Boston in March. The Puget Sound Business Journal reported the news earlier this week.
Now, where software geeks once wrote code and executives debated corporate strategy, elves and Santa’s reign.
It’s all the magical dream of LIT Immersive founders Jason DeLeo and Jen Matthews, two theater geeks with a flair for immersive experiences. They took control of a portion of the former PayScale space about 18 months ago, and since then have created a wide array of themed experiences across the 18,000 square feet of space directly west of Lumen Field.
The transformation from corporate office to immersive playground was made possible by the fact that the tech company had virtually abandoned the space, leaving most of the infrastructure — not to mention TVs, power cords and other gear — intact.
“Almost everything is still here from (PayScale),” DeLeo said. “The microwaves are still the microwaves that they used. Their dishwashers. They had a kegerator, we have the kegerator … it’s all here.”
LIT Immersive founder Jason DeLeo.
This allowed DeLeo and Matthews to save hundreds of thousands of dollars on the buildout of the space. The former PayScale sports bar — a highlight of the former office space — was easily repurposed (which DeLeo and Matthews happily open on game days for fans of the Seahawks and Mariners). The second floor break rooms are now used as a green room for the actors who perform in the various shows.
“We knew that PayScale was here, and that’s what turned us onto the space because it was fully networked,” said DeLeo.
The Elf Bar concept was also a stroke of luck. DeLeo and Matthews had already been cooking up a holiday-themed cocktail bar concept called Elf’d Up this year, when they were approached with a licensing deal from the creators of Elf Bar. Pop-up holiday-themed cocktail bars started gaining momentum about a decade ago, with organizations like Miracle now operating dozens of locations internationally, including four spots in Washington state.
Beyond its festive cocktails, Elf Bar offers a host of activities for 21+ crowd: holiday-themed trivia; karaoke lounge; a snowball fight club; and games. Reservations for three evening time slots are available, and tickets range from $15.50 to $18.50. The Elf Bar is open through Dec. 21, though DeLeo said they may extend the pop-up based on demand.
The day-time, kid-friendly Kringle’s Inventionasium — inspired by a long-running show in Cleveland, Ohio — has been a hit with families and school groups. Cost of that experience ranges from $24 to $63 per guest, with the daytime shows running through December 24.
Next up for DeLeo and Matthews? With the FIFA World Cup coming to Seattle next summer — including six matches across the street at Lumen Field — they are already planning for the next immersive experience or ways to rent the space to a team, corporate sponsor or broadcast company.
DeLeo said they are “praying” that Seattle gets some big-name teams during the World Cup draw today. Their holiday wish may have come true, with the U.S. Men’s National Team slated to play Australia — known as the “socceroos” — on Friday, June 19 at Lumen Field.
Google Chrome is rolling out updates to its autofill feature, giving the browser much deeper access to the data stored in your Google Account and Google Wallet. This move means consolidating even more of your personal information under Google's umbrella.
Google just announced that it has raised the rate limits for its Antigravity development platform. However, this benefit is primarily reserved for users who pay for Google AI Pro or Ultra subscriptions. Free users still have to do the workarounds for the incredibly low limits.
Calibre just dropped version 8.16.1, and it brings a new feature that lets you ask an AI what book you should read next. This latest update builds on the AI capabilities the Calibre team has been adding over the past few months, which follows the trend of adding AI whenever possible.
There’s some Toyota news today that doesn’t involve the chairman wearing a MAGA hat. The Japanese automaker evidently decided it’s been too long since it flexed its engineering chops on something with two doors and plenty of power, so it has rectified that situation with a new flagship coupe for its Gazoo Racing sporty sub-brand. Meet the GR GT, which looks set to go on sale toward the end of next year.
The Camry-esque look at the front, and to an extent the rear, came second to the GR GT’s aerodynamics, which is the opposite way to how Toyota usually styles its cars. It’s built around a highly rigid aluminum frame—Toyota’s first, apparently—with carbon fiber for the hood, roof, and some other body panels to minimize weight. The automaker says that lowering the car’s center of gravity was a top priority, and weight balance and distribution also help explain the transaxle layout, where the car’s transmission is behind the cockpit and between the rear wheels.
I get a LOT of Camry from the nose.
Credit:
Toyota
We're told it will have a good V8 sound.
Credit:
Toyota
Does this interior befit a coupe that will cost about half a million dollars?
Credit:
Toyota
I mostly posted this because of the license plate.
Credit:
Toyota
Aluminum forms the chassis.
Credit:
Toyota
The transaxle-layout powertrain.
Credit:
Toyota
The seats look grippy.
Credit:
Toyota
That transaxle transmission will be an eight-speed automatic that uses a wet clutch instead of a torque converter and into which the car’s hybrid motor is integrated. Power from the 4.0 L twin-turbo V8 and the hybrid system should be a combined 641 hp (478 kW) and 626 lb-ft (850 Nm). Despite the aluminum frame and use of composites, the GT GR is no featherweight; it will weigh as much as 3,858 lb (1,750 kg). The V8 is a new design with a short stroke, a hot-V configuration for the turbochargers, and dry sump lubrication.
There are reports of a public Proof of Concept (PoC), but the repository that has been linked explicitly calls out that it is not a true PoC, but merely research into how the vulnerability might work. As far as I can tell, there is not yet a public PoC, but reputable researchers have been able to reverse engineer the problem. This implies that mass exploitation attempts are not far off, if they haven’t already started.
Legal AI Breaks Attorney-Client Privilege
We often cover security flaws that are discovered by merely poking around the source of a web interface. [Alex Schapiro] went above and beyond the call of duty, manually looking through minified JS, to discover a major data leak in the Filevine legal AI. And the best part, the problem isn’t even in the AI agent this time.
The story starts with subdomain enumeration — the process of searching DNS records, Google results, and other sources for valid subdomains. That resulted in a valid subdomain and a not-quite-valid web endpoint. This is where [Alex] started digging though Javascript, and found an Amazon AWS endpoint, and a reference to BOX_SERVICE. Making requests against the listed endpoint resulted in both boxFolders and a boxToken in the response. What are those, and what is Box?
Box is a file sharing system, similar to a Google Drive or even Microsoft Sharepoint. And that boxToken was a valid admin-level token for a real law firm, containing plenty of confidential records. It was at this point that [Alex] stopped interacting with the Filevine endpoints, and contacted their security team. There was a reasonably quick turnaround, and when [Alex] re-tested the flaw a month later, it had been fixed.
JSON Formatting As A Service
The web is full of useful tools, and I’m sure we all use them from time to time. Or maybe I’m the only lazy one that types a math problem into Google instead of opening a dedicated calculator program. I’m also guilty of pasting base64 data into a conversion web site instead of just piping it through base64 and xxd in the terminal. Watchtowr researchers are apparently familiar with such laziness efficiency, in the form of JSONformatter and CodeBeautify. Those two tools have an interesting feature: an online save function.
You may see where this is going. Many of us use Github Gists, which supports secret gists protected by long, random URLs. JSONformatter and CodeBeautify don’t. Those URLs are short enough to enumerate — not to mention there is a Recent Links page on both sites. Between the two sites, there are over 80,000 saved JSON snippets. What could possibly go wrong? Not all of that JSON was intended to be public. It’s not hard to predict that JSON containing secrets were leaked through these sites.
And then on to the big question: Is anybody watching? Watchtowr researchers beautified a JSON containing a Canarytoken in the form of AWS credentials. The JSON was saved with the 24 hour timeout, and 48 hours later, the Canarytoken was triggered. That means that someone is watching and collecting those JSON snippets, and looking for secrets. The moral? Don’t upload your passwords to public sites.
Shai Hulud Rises Again
NPM continues to be a bit of a security train wreck, with the Shai Hulud worm making another appearance, with some upgraded smarts. This time around, the automated worm managed to infect 754 packages. It comes with a new trick: pushing the pilfered secrets directly to GitHub repositories, to overcome the rate limiting that effected this worm the first time around. There were over 33,000 unique credentials captured in this wave. When researchers at GitGuardian tested that list a couple days later, about 10% were still valid.
This wave was launched by a PostHog credential that allowed a malicious update to the PostHog NPM package. The nature of Node.js means that this worm was able to very quickly spread through packages where maintainers were using that package. Version 2.0 of Shai Hulud also includes another nasty surprise, in the form of a remote control mechanism stealthily installed on compromised machines. It implies that this is not the last time we’ll see Shai Hulud causing problems.
Bits and Bytes
[Vortex] at ByteRay took a look at an industrial cellular router, and found a couple major issues. This ALLNET router has an RCE, due to CGI handling of unauthenticated HTTP requests. It’s literally just /cgi-bin/popen.cgi?command=whoami to run code as root. That’s not the only issue here, as there’s also a hardcoded username and password. [Vortex] was able to derive that backdoor account information and use hashcat to crack the password. I was unable to confirm whether patched firmware is available.
Google is tired of their users getting scammed by spam phone calls and texts. Their latest salvo in trying to defeat such scams is in-call scam protection. This essentially detects a banking app that is opened as a result of a phone call. When this scenario is detected, a warning dialogue is presented, that suggests the user hangs up the call, and forces a 30 second waiting period. While this may sound terrible for sophisticated users, it is likely to help prevent fraud against our collective parents and grandparents.
What seemed to be just an illegal gambling ring of web sites, now seems to be the front for an Advanced Persistent Threat (APT). That term, btw, usually refers to a government-sponsored hacking effort. In this case, instead of a gambling fraud targeting Indonesians, it appears to be targeting Western infrastructure. One of the strongest arguments for this claim is the fact that this network has been operating for over 14 years, and includes a mind-boggling 328,000 domains. Quite the odd one.
If you're anything like me, you've already hastily consumed the first four episodes of Stranger Things 5. Don't sit there twiddling your thumbs, though. Netflix has plenty more shows to keep you entertained.
As Microsoft continues giving everyone reasons to drop Windows in favor of a more reliable and open platform, there's no better time to explore what Linux has to offer. Here are a few good apps worth your time if you've got a Linux computer to play with this weekend.
The United States Army Contracting Command at Rock Island Arsenal has awarded Allied Metal Tech LLC of Greenville, Wisconsin, a contract valued at $272 million for the production of bomb dummy unit-50 (BDU-50) cast ductile iron devices with material handling pallets in support of the U.S. Air Force and potential Foreign Military Sales (FMS) requirements. […]
Back in August, Google—and Jimmy Fallon—put on a big show to reveal the Pixel 10 series. A feature called “Magic Cue” was demoed during the event, and it seemed genuinely useful. Well, I’ve been using a Pixel 10 for three months, and I’m still waiting to be amazed.
The State Department has approved a possible Foreign Military Sale (FMS) to Canada involving air strike weapons and related equipment with an estimated total cost of $2.68 billion. The Defense Security Cooperation Agency (DSCA) has notified Congress of the required certification. According to the DSCA release, the Government of Canada requested a broad package of […]
Before making any food item, read the recipe carefully and keep all ingredients ready. Chop or slice vegetables if required. Measure the amount of liquid ingredients (like any sauce, milk, ketch up, oil, etc) and transfer them into small individual bowls. Prepare the paste or puree if required.
Peel and cut onion into two halves and soak in a bowl of water for 15 minutes before chopping them. This will save you from burning eyes and runny tears.
To keep each rice grain separate after cooking and to retain its white color, wash rice 4-5 times in water and add 2-3 drops of lemon juice while cooking.
Do not throw away the nutritious leftover water into which vegetables were boiled. Use it to make dough of paratha or chapati or for making gravies.
To make French fries crisp, first deep-fry them until half done and then store in a container or cover with a plastic wrap and place in freezer section of refrigerator for 4-5 hours. Deep-fry again just before serving.
To make chapatis and rotis soft, always bind smooth and soft dough and let it rest for at least 20-30 minutes before making them.
To peel the almonds easily, soak them in hot water for 10-15 minutes before starting to peel the skin.
To make your daily breakfast parathas more healthy and nutritious, add either crushed sweet corn, pureed spinach, grated radish, grated cabbage, fenugreek leaves or boiled and mashed vegetables while preparing the dough.
Curry Related Tips
To give extra richness to Indian curry, use cashew nut paste, milk or poppy seed paste as base for gravy.
To prevent diced eggplant (brinjal) and potato from turning brown, put them in a bowl of water.
If your curry or dal has become salty by mistake then do not throw it away. Just add peeled and diced half-raw potato in it and boil for 5 minutes and discard the potato. Potato absorbs the extra salt.
Peel and cut onion into two halves and soak in a bowl of water for 15 minutes before chopping them. This will save you from burning eyes and runny tears.
Add a pinch of sugar while boiling or cooking green leafy vegetables to retain their bright green color.
To make melt in the mouth paneer curry, soak paneer cubes in hot water for 10 minutes and drain them before using in recipe.
To retain the bright green color of spinach after blanching, immediately transfer them into a bowl of ice-cold water.
Punjabi curries taste best when you prepare its gravy a day before and use it to make a curry. Prepared gravy should be stored in refrigerator to allow flavors of spices mingle together well.
Balancing security and the guest experience can be difficult. But, if implemented effectively, visitor management systems and processes can benefit the guest experience rather than hinder it.
Login
The United States Army Contracting Command at Rock Island Arsenal has awarded Allied Metal Tech LLC of Greenville, Wisconsin, a contract valued at $272 million for the production of bomb dummy unit-50 (BDU-50) cast ductile iron devices with material handling pallets in support of the U.S. Air Force and potential Foreign Military Sales (FMS) requirements. […] 
The State Department has approved a possible Foreign Military Sale (FMS) to Canada involving air strike weapons and related equipment with an estimated total cost of $2.68 billion. The Defense Security Cooperation Agency (DSCA) has notified Congress of the required certification. According to the DSCA release, the Government of Canada requested a broad package of […] 
