Tech
US cyber agency CISA had to build its incident playbook during the incident, agency reveals
U.S. federal cybersecurity agency CISA said it did not have a prepared response plan for how it should handle a cybersecurity incident in May, after an investigative reporter notified the agency that a contractor had publicly exposed sensitive keys and credentials for accessing U.S. government systems.
CISA, the Homeland Security unit tasked with defending federal networks and helping to safeguard critical infrastructure, revealed Friday in a post-mortem report that its staff “had to spend time building [a playbook] during the early stages of the incident.” The agency said it is important to prepare playbooks for “all anticipated needs” to ensure that organizations are ready to respond in the event of a security incident rather than scrambling to improvise one in real time.
The agency did not say how long the missing playbook delayed CISA’s response, and a spokesperson did not immediately respond to TechCrunch’s request for comment.
Independent cybersecurity journalist Brian Krebs reported in May that a security researcher with cyber firm GitGuardian alerted him to reams of exposed passwords stored in a publicly accessible GitHub repository, which an employee of a CISA contractor had uploaded.
According to Krebs, the researcher tried to alert the contractor but didn’t hear back. Only after Krebs contacted CISA did the agency take the repository offline and revoke and replace all of the exposed credentials to prevent any potential future abuse.
CISA said that no customer or mission data was exposed in the incident and thanked the researcher and reporter for their help. The agency said that its channels for allowing security researchers to notify CISA of potential incidents “were not well defined,” and that it has made changes to make it easier and faster for researchers to contact the agency.
CISA has been without a permanent director since the start of President Donald Trump’s second term in January 2025. The agency has also been affected by cuts, furloughs, and layoffs affecting about a third of its workforce since Trump took office.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
>
Tech
Phia accused of ‘cookie stuffing,’ taking affiliate credit on purchases it didn’t earn
Phia, the shopping startup co-founded by Bill Gates’ daughter, Phoebe Gates, and Sophia Kianni, has been accused of a practice known as “cookie stuffing,” which may have helped the product receive commissions and credit for sales it did not actually generate, according to a Bloomberg investigation.
The report has sparked controversy and led to Phia’s suspension from Impact.com, a leading affiliate and influencer platform. Other startups have been sued over “cookie stuffing,” notably Honey, which is owned by PayPal and remains the subject of an ongoing class action lawsuit.
Founded in 2025, Phia has raised more than $40 million in funding and has a star-studded list of investors, including Kim Kardashian and Hailey Bieber. The startup developed an app as a browser extension that works somewhat like Google Flights, but for shopping. Phia helps customers find the lowest-priced items across various retailers as well as discount codes to use when shopping. The company takes a commission on purchases made through the platform through an industry practice known as affiliate marketing.
The Bloomberg investigation, as well as findings from an independent consultant and a competitor, found that if a user shopped at an online retailer — even if they arrived at the site on their own or through another affiliate program like Wirecutter — Phia would open a new tab in the background. During the checkout process, Phia would override the referral codes from other affiliates and instead inject its own, allowing it to take credit for and potentially receive a commission on a purchase it didn’t earn.
Once the issue was flagged to Phia, a spokesperson told Bloomberg that all necessary changes had been made to fix the issue. A check by Bloomberg found the issue had been resolved. It’s unclear if the fix is enough to satisfy the retailers and affiliate partners that work with Phia.
TechCrunch reached out to Phia for comment and has not received a response.
>
Tech
Meta removes controversial AI feature on Instagram after backlash
Meta has axed a controversial feature that allowed users to modify photos from public Instagram accounts using AI. The feature, which was rolled out earlier this week along with a batch of other AI tools, “missed the mark” and is no longer available, according to the company.
Earlier this week, Meta announced Muse Image, a new AI image generator built by its dedicated AI unit known as Meta Superintelligence Labs. Meta promoted one feature that allowed individuals to generate images by @-mentioning public Instagram accounts that they wanted to reference. The feature, which wasn’t designed to alert a user if their photos were used in this way, prompted immediate backlash.
TechCrunch wrote its own guide explaining to users how to disable the feature.
Now, Meta has reversed course. The company issued a blog post Friday announcing that it was removing the feature. Puck News founding partner Dylan Byers was the first to share the company’s decision.
“Our intent was to provide a useful creative tool and to give people control over whether their public content could be referenced in this way,” the company posted on its blog. We’ve heard the feedback that this feature missed the mark, so it’s no longer available.
TechCrunch reached out to Meta for more information and will update this article if it responds.
Since its integration with social media platforms, AI has been misused with wild abandon — often to generate naked images of female celebrities. Platforms have attempted to mitigate this trend, although the guardrails introduced have often fallen short.
In the case of Meta’s newly nixed feature, it seems somewhat obvious that it would have been abused in this way. Indeed, Byers notes that the decision to do away with the feature came “amid scrutiny from users and talent agencies, including CAA”.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
>
Tech
Bluesky’s interim CEO, Toni Schneider, drops the ‘interim’
In March, Bluesky’s longtime CEO, Jay Graber, stepped down from that role to become its chief innovation officer. Graber was immediately succeeded by Toni Schneider, the founding CEO of Automattic, which is the company behind WordPress and Tumblr.
Schneider, who has led the company as interim CEO for the past four months, is now dropping the “interim” status and becoming its permanent chief executive.
“I’m four months into my interim CEO role at Bluesky, and it’s time for an update,” Schneider wrote on his personal blog. “Most importantly, as of today, the interim part of the title is gone. I’m loving the mission and the job, and I’m all in as Bluesky’s official CEO.”
In the post, Schneider said that one of his first orders of business is to “create smaller spaces and more private communities,” which he said would “unlock the next wave of growth and innovation.”
Automattic and True Ventures, which is a venture capital firm where Schneider is a partner, are both investors in Bluesky.
Bluesky, which was originally spun off from Twitter, became a haven for those who wished to avoid the changes Elon Musk brought to the platform after he took it over in 2022 (the site was eventually renamed X and now it is a subsidiary of Musk’s combination rocket and AI company, SpaceXAI).
Under Graber, the site grew to 43 million users, while the site’s underlying technology, the AT Protocol — a system that lets Bluesky and other apps share the same social network — was significantly expanded.
Lately, though, the site has struggled to retain or grow its user base. Some have questioned whether it is dying — pointing to apparent declines in both engagement and its overall community of users. Bluesky saw a sharp rise in users in the wake of Donald Trump’s re-election (when Elon Musk was most active in politics), but the site appears to have seen a drop off since then.
In short: Schneider will have his work cut out for him. He seems game for it, though. “We’re at the very beginning of this story,” he wrote Friday.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
>
-
Fashion9 years ago
These ’90s fashion trends are making a comeback in 2017
-
Fashion9 years ago
According to Dior Couture, this taboo fashion accessory is back
-
Fashion9 years ago
Model Jocelyn Chew’s Instagram is the best vacation you’ve ever had
-
Fashion9 years ago
Your comprehensive guide to this fall’s biggest trends
-
Fashion9 years ago
A photo diary of the nightlife scene from LA To Ibiza
-
Fashion9 years ago
9 Celebrities who have spoken out about being photoshopped
-
Fashion9 years ago
Emily Ratajkowski channels back-to-school style
-
Tech3 months agoOpenAI CEO apologizes to Tumbler Ridge community