Author | Lightnews

Byte-Sized Security @bytesizedsecurity.bsky.social · 23h

Lost your job to AI?

You're not alone — but here's the hard part:

The new jobs need new skills.

And most people won't reskill fast enough to catch up.

The future won’t wait — will you?

Byte-Sized Security @bytesizedsecurity.bsky.social · 10d

I thought deleting old accounts wouldn't matter.
Now I search for unused accounts every month—and delete them fast.

Your forgotten logins expose you more than you think.

Start your sweep today.
https://www.eff.org/deeplinks/2025/09/opt-out-october-daily-tips-protect-your-privacy-and-security

Byte-Sized Security @bytesizedsecurity.bsky.social · 23d

I tricked GitHub Copilot into leaking AWS keys.

Not from my account—other users'.

By bypassing its security and injecting hidden prompts, I controlled what Copilot showed them.

Even private bugs, repo data, and malicious package suggestions.

GitHub patched it, but the risk was real.

Byte-Sized Security @bytesizedsecurity.bsky.social · Sep 29

AI is taking over the SOC.

Not in the future—right now.

Teams use it to catch threats faster, respond quicker, and cut manual work.

The catch? You must keep training the AI or it falls behind.

Most don’t. Will you?

Byte-Sized Security @bytesizedsecurity.bsky.social · Sep 23

A gamer battling cancer lost $32K from a verified Steam game.

BlockBlasters looked safe. It had good reviews. Then hackers added a crypto-drainer.

It happened live during a charity stream.

Even verified platforms aren't safe. Always triple-check downloads.

Byte-Sized Security @bytesizedsecurity.bsky.social · Sep 22

Fake FBI websites are stealing your data.

Scammers are spoofing the IC3 site to trick you into handing over personal info.

They tweak the domain name, copy the design, and wait.

Only type “www.ic3.gov” directly into your browser.

Never trust search results or links—check the URL every time.

Byte-Sized Security @bytesizedsecurity.bsky.social · Sep 13

Hiring is broken.

Job seekers use ChatGPT to apply. Recruiters use AI to filter. Nobody calls back.

You send 100 résumés. You hear nothing.

It’s not you. It’s the system.

Byte-Sized Security @bytesizedsecurity.bsky.social · Aug 28

TransUnion got hacked.

Over 4.4 million people had personal info stolen through a Salesforce app.

Names, contacts—plus Social Security Numbers—are now floating around.

Hackers linked to other Salesforce breaches like Google and Cisco.

They're offering free credit monitoring. LOL

Byte-Sized Security @bytesizedsecurity.bsky.social · Aug 19

TikTok Shop is selling GPS trackers with ads that encourage stalking partners.

Some videos say things like “slap one of these on her car.”

They've sold over 100,000 of them.

TikTok removes a few, but most stay up—and sales keep growing.

Who's responsible when abuse is a business model?

Byte-Sized Security @bytesizedsecurity.bsky.social · Aug 14

An AI broke into the top spot on HackerOne.

Not a tool. Not a helper. A full-on autonomous hacker.

It found 285 bugs, 22 confirmed CVEs, and crushed 60,000 web apps.

Here’s why this matters for every security team:

Byte-Sized Security @bytesizedsecurity.bsky.social · Aug 12

Just because it looks shiny doesn’t mean it’s meaningful. AI tools are powerful, but let's not pretend this slop is gold.

1

Byte-Sized Security @bytesizedsecurity.bsky.social · Aug 12

So let me get this straight—you used Veo3 to whip up a fake Yeti video, slapped on some cinematic music and clickbait, and now you're selling AI-generated “creativity” for six figures? Wild. We’ve entered an era where deepfakes and hype matter more than storytelling or craft.

1 1

Byte-Sized Security @bytesizedsecurity.bsky.social · Aug 9

AI voice scams are everywhere.

Attackers use voice clones to sound like your boss, your kid, or your friend.

They push you to act fast—send money, click links, give passwords.

Don’t trust urgent requests from calls.

Hang up. Call back on a number you know.

Byte-Sized Security @bytesizedsecurity.bsky.social · Jul 30

Tea leaked again.

This time, it exposed 1.1 million private messages from women talking about cheating, abortions, and sharing phone numbers.

Some users even shared real names, making them easy to find.

Hackers used Tea’s own API to get the data—until last week.

Who else downloaded it?

Byte-Sized Security @bytesizedsecurity.bsky.social · Jul 28

Allianz Life got hacked.

Hackers broke into a third-party CRM and stole personal data from most of its 1.4 million US customers.

The attack used social engineering—no technical breach of core systems.

Victims get 24 months of free identity protection.

The FBI is now involved.

Byte-Sized Security @bytesizedsecurity.bsky.social · Jul 24

The U.S. government now accepts Venmo to pay off the $36.6 trillion national debt.

Since 1996, all public donations combined equal $67.3 million—less than 0.0002% of the total.

You could send $1,000 today.

It wouldn't change anything.

But at least you’d get a receipt.

Byte-Sized Security @bytesizedsecurity.bsky.social · Jul 22

A startup is selling stolen data from hacked computers... to debt collectors and divorce lawyers.

For $50, you can search names, addresses, and leaked logins from malware-infected devices.

They call it "intelligence."

Experts call it illegal.

You trust your browser autofill? Think again.

Byte-Sized Security @bytesizedsecurity.bsky.social · Jul 22

One weak password.

That’s all it took to destroy a 158-year-old company and cost 700 jobs.

Hackers got in, locked the systems, and demanded millions.

The company didn’t have it.

Now it doesn’t exist.

Byte-Sized Security @bytesizedsecurity.bsky.social · Jul 15

Hackers can force U.S. trains to brake with cheap radio tools.

The rail industry has known since 2012.

The fix still isn’t done.

AI can build the exploit in seconds.

Why are we still waiting?

Byte-Sized Security @bytesizedsecurity.bsky.social · Jul 12

Your eSIM can be cloned.

Researchers found old Java Card bugs in modern eSIM chips.

With short device access, attackers extract keys and install spyware remotely.

Some networks already rerouted calls to cloned eSIMs.

Still think your mobile data is safe?

Byte-Sized Security @bytesizedsecurity.bsky.social · Jul 10

Why do job seekers have to pay for resume help to get a job?

You're unemployed, struggling, and still expected to afford resume services to pass a bot.

Then you're judged more by format than skill.

Job hunting shouldn't feel rigged.

There has to be a better way.

Byte-Sized Security @bytesizedsecurity.bsky.social · Jul 8

A Chrome extension with 100,000+ users turned into spyware overnight.

It looks legit. Still works as expected. Still listed as “verified” by Google.

It’s tracking every site you visit — and hijacking your browser in the background.

Delete “Color Picker, Eyedropper — Geco colorpick” from Chrome

Byte-Sized Security @bytesizedsecurity.bsky.social · Jul 8

Google is quietly giving Gemini AI access to your Android apps.

Even if you turned the feature off before, it might still activate.

Your chats, calls, and messages could be processed for 72 hours.

No clear way to remove Gemini without using developer tools.

Android users: check your settings now

Byte-Sized Security @bytesizedsecurity.bsky.social · Jul 5

Trump officials built a national citizenship database.

It merges immigration, Social Security, and other records into one searchable tool.

State officials now use it to check citizenship before people vote.

What else will this data center be used for?

Byte-Sized Security @bytesizedsecurity.bsky.social · Jul 5

A new federal citizenship database is live.

It merges immigration, Social Security, and might soon add DMV data.

Election officials now get one-stop access to voter citizenship info.

Privacy laws were skipped. Public input was ignored.

Would you trust every agency to have your full data file?