Byte-Sized Security
@bytesizedsecurity.bsky.social
Capturing the perfect shot of your career, even if it's as elusive as British sunshine. Offering a blend of snappy photography tips and job-hunting wisdom. Because why settle for just one passion?
Urban VPN says it protects your privacy.
Behind the scenes, it's logging your AI chats—ChatGPT, Claude, Gemini, all of them.
Every prompt, every response, sent straight to data brokers.
No toggle to turn it off. Only way out? Uninstall.
Behind the scenes, it's logging your AI chats—ChatGPT, Claude, Gemini, all of them.
Every prompt, every response, sent straight to data brokers.
No toggle to turn it off. Only way out? Uninstall.
December 19, 2025 at 3:23 PM
Urban VPN says it protects your privacy.
Behind the scenes, it's logging your AI chats—ChatGPT, Claude, Gemini, all of them.
Every prompt, every response, sent straight to data brokers.
No toggle to turn it off. Only way out? Uninstall.
Behind the scenes, it's logging your AI chats—ChatGPT, Claude, Gemini, all of them.
Every prompt, every response, sent straight to data brokers.
No toggle to turn it off. Only way out? Uninstall.
AI helps stop cyberattacks fast.
It scans thousands of activities and spots threats in seconds.
But hackers also use AI to trick you with fake emails that look real.
AI can't do it alone.
You still need human eyes to catch what machines miss.
It scans thousands of activities and spots threats in seconds.
But hackers also use AI to trick you with fake emails that look real.
AI can't do it alone.
You still need human eyes to catch what machines miss.
November 28, 2025 at 9:03 PM
AI helps stop cyberattacks fast.
It scans thousands of activities and spots threats in seconds.
But hackers also use AI to trick you with fake emails that look real.
AI can't do it alone.
You still need human eyes to catch what machines miss.
It scans thousands of activities and spots threats in seconds.
But hackers also use AI to trick you with fake emails that look real.
AI can't do it alone.
You still need human eyes to catch what machines miss.
Phishing isn’t sloppy anymore.
AI now writes perfect messages that look like real coworkers.
It scrapes your info from LinkedIn, sounds like your boss, and tricks you fast.
Old tricks like spotting bad grammar won’t work.
Train your team and use phishing-resistant tools—or get fooled.
AI now writes perfect messages that look like real coworkers.
It scrapes your info from LinkedIn, sounds like your boss, and tricks you fast.
Old tricks like spotting bad grammar won’t work.
Train your team and use phishing-resistant tools—or get fooled.
November 20, 2025 at 6:30 PM
Phishing isn’t sloppy anymore.
AI now writes perfect messages that look like real coworkers.
It scrapes your info from LinkedIn, sounds like your boss, and tricks you fast.
Old tricks like spotting bad grammar won’t work.
Train your team and use phishing-resistant tools—or get fooled.
AI now writes perfect messages that look like real coworkers.
It scrapes your info from LinkedIn, sounds like your boss, and tricks you fast.
Old tricks like spotting bad grammar won’t work.
Train your team and use phishing-resistant tools—or get fooled.
DoorDash got hacked.
An employee fell for a social engineering scam.
Names, emails, phone numbers, and home addresses were stolen.
Customers weren’t notified for almost 3 weeks.
Would you trust them with your data now?
An employee fell for a social engineering scam.
Names, emails, phone numbers, and home addresses were stolen.
Customers weren’t notified for almost 3 weeks.
Would you trust them with your data now?
November 18, 2025 at 6:30 PM
DoorDash got hacked.
An employee fell for a social engineering scam.
Names, emails, phone numbers, and home addresses were stolen.
Customers weren’t notified for almost 3 weeks.
Would you trust them with your data now?
An employee fell for a social engineering scam.
Names, emails, phone numbers, and home addresses were stolen.
Customers weren’t notified for almost 3 weeks.
Would you trust them with your data now?
Vulnerability management is a $20B market.
But what if your systems patched themselves?
No scans. No dashboards. No tickets.
Auto-patching makes most of the industry useless.
Why aren’t you using it?
But what if your systems patched themselves?
No scans. No dashboards. No tickets.
Auto-patching makes most of the industry useless.
Why aren’t you using it?
November 11, 2025 at 9:03 PM
Vulnerability management is a $20B market.
But what if your systems patched themselves?
No scans. No dashboards. No tickets.
Auto-patching makes most of the industry useless.
Why aren’t you using it?
But what if your systems patched themselves?
No scans. No dashboards. No tickets.
Auto-patching makes most of the industry useless.
Why aren’t you using it?
Lost your job to AI?
You're not alone — but here's the hard part:
The new jobs need new skills.
And most people won't reskill fast enough to catch up.
The future won’t wait — will you?
You're not alone — but here's the hard part:
The new jobs need new skills.
And most people won't reskill fast enough to catch up.
The future won’t wait — will you?
November 1, 2025 at 11:33 PM
Lost your job to AI?
You're not alone — but here's the hard part:
The new jobs need new skills.
And most people won't reskill fast enough to catch up.
The future won’t wait — will you?
You're not alone — but here's the hard part:
The new jobs need new skills.
And most people won't reskill fast enough to catch up.
The future won’t wait — will you?
I thought deleting old accounts wouldn't matter.
Now I search for unused accounts every month—and delete them fast.
Your forgotten logins expose you more than you think.
Start your sweep today.
https://www.eff.org/deeplinks/2025/09/opt-out-october-daily-tips-protect-your-privacy-and-security
Now I search for unused accounts every month—and delete them fast.
Your forgotten logins expose you more than you think.
Start your sweep today.
https://www.eff.org/deeplinks/2025/09/opt-out-october-daily-tips-protect-your-privacy-and-security
October 23, 2025 at 6:30 PM
I thought deleting old accounts wouldn't matter.
Now I search for unused accounts every month—and delete them fast.
Your forgotten logins expose you more than you think.
Start your sweep today.
https://www.eff.org/deeplinks/2025/09/opt-out-october-daily-tips-protect-your-privacy-and-security
Now I search for unused accounts every month—and delete them fast.
Your forgotten logins expose you more than you think.
Start your sweep today.
https://www.eff.org/deeplinks/2025/09/opt-out-october-daily-tips-protect-your-privacy-and-security
I tricked GitHub Copilot into leaking AWS keys.
Not from my account—other users'.
By bypassing its security and injecting hidden prompts, I controlled what Copilot showed them.
Even private bugs, repo data, and malicious package suggestions.
GitHub patched it, but the risk was real.
Not from my account—other users'.
By bypassing its security and injecting hidden prompts, I controlled what Copilot showed them.
Even private bugs, repo data, and malicious package suggestions.
GitHub patched it, but the risk was real.
October 10, 2025 at 3:23 PM
I tricked GitHub Copilot into leaking AWS keys.
Not from my account—other users'.
By bypassing its security and injecting hidden prompts, I controlled what Copilot showed them.
Even private bugs, repo data, and malicious package suggestions.
GitHub patched it, but the risk was real.
Not from my account—other users'.
By bypassing its security and injecting hidden prompts, I controlled what Copilot showed them.
Even private bugs, repo data, and malicious package suggestions.
GitHub patched it, but the risk was real.
AI is taking over the SOC.
Not in the future—right now.
Teams use it to catch threats faster, respond quicker, and cut manual work.
The catch? You must keep training the AI or it falls behind.
Most don’t. Will you?
Not in the future—right now.
Teams use it to catch threats faster, respond quicker, and cut manual work.
The catch? You must keep training the AI or it falls behind.
Most don’t. Will you?
September 29, 2025 at 11:33 PM
AI is taking over the SOC.
Not in the future—right now.
Teams use it to catch threats faster, respond quicker, and cut manual work.
The catch? You must keep training the AI or it falls behind.
Most don’t. Will you?
Not in the future—right now.
Teams use it to catch threats faster, respond quicker, and cut manual work.
The catch? You must keep training the AI or it falls behind.
Most don’t. Will you?
A gamer battling cancer lost $32K from a verified Steam game.
BlockBlasters looked safe. It had good reviews. Then hackers added a crypto-drainer.
It happened live during a charity stream.
Even verified platforms aren't safe. Always triple-check downloads.
BlockBlasters looked safe. It had good reviews. Then hackers added a crypto-drainer.
It happened live during a charity stream.
Even verified platforms aren't safe. Always triple-check downloads.
September 23, 2025 at 1:08 AM
A gamer battling cancer lost $32K from a verified Steam game.
BlockBlasters looked safe. It had good reviews. Then hackers added a crypto-drainer.
It happened live during a charity stream.
Even verified platforms aren't safe. Always triple-check downloads.
BlockBlasters looked safe. It had good reviews. Then hackers added a crypto-drainer.
It happened live during a charity stream.
Even verified platforms aren't safe. Always triple-check downloads.
Fake FBI websites are stealing your data.
Scammers are spoofing the IC3 site to trick you into handing over personal info.
They tweak the domain name, copy the design, and wait.
Only type “www.ic3.gov” directly into your browser.
Never trust search results or links—check the URL every time.
Scammers are spoofing the IC3 site to trick you into handing over personal info.
They tweak the domain name, copy the design, and wait.
Only type “www.ic3.gov” directly into your browser.
Never trust search results or links—check the URL every time.
September 22, 2025 at 11:33 PM
Fake FBI websites are stealing your data.
Scammers are spoofing the IC3 site to trick you into handing over personal info.
They tweak the domain name, copy the design, and wait.
Only type “www.ic3.gov” directly into your browser.
Never trust search results or links—check the URL every time.
Scammers are spoofing the IC3 site to trick you into handing over personal info.
They tweak the domain name, copy the design, and wait.
Only type “www.ic3.gov” directly into your browser.
Never trust search results or links—check the URL every time.
Hiring is broken.
Job seekers use ChatGPT to apply. Recruiters use AI to filter. Nobody calls back.
You send 100 résumés. You hear nothing.
It’s not you. It’s the system.
Job seekers use ChatGPT to apply. Recruiters use AI to filter. Nobody calls back.
You send 100 résumés. You hear nothing.
It’s not you. It’s the system.
September 13, 2025 at 6:30 PM
Hiring is broken.
Job seekers use ChatGPT to apply. Recruiters use AI to filter. Nobody calls back.
You send 100 résumés. You hear nothing.
It’s not you. It’s the system.
Job seekers use ChatGPT to apply. Recruiters use AI to filter. Nobody calls back.
You send 100 résumés. You hear nothing.
It’s not you. It’s the system.
TransUnion got hacked.
Over 4.4 million people had personal info stolen through a Salesforce app.
Names, contacts—plus Social Security Numbers—are now floating around.
Hackers linked to other Salesforce breaches like Google and Cisco.
They're offering free credit monitoring. LOL
Over 4.4 million people had personal info stolen through a Salesforce app.
Names, contacts—plus Social Security Numbers—are now floating around.
Hackers linked to other Salesforce breaches like Google and Cisco.
They're offering free credit monitoring. LOL
August 28, 2025 at 6:30 PM
TransUnion got hacked.
Over 4.4 million people had personal info stolen through a Salesforce app.
Names, contacts—plus Social Security Numbers—are now floating around.
Hackers linked to other Salesforce breaches like Google and Cisco.
They're offering free credit monitoring. LOL
Over 4.4 million people had personal info stolen through a Salesforce app.
Names, contacts—plus Social Security Numbers—are now floating around.
Hackers linked to other Salesforce breaches like Google and Cisco.
They're offering free credit monitoring. LOL
TikTok Shop is selling GPS trackers with ads that encourage stalking partners.
Some videos say things like “slap one of these on her car.”
They've sold over 100,000 of them.
TikTok removes a few, but most stay up—and sales keep growing.
Who's responsible when abuse is a business model?
Some videos say things like “slap one of these on her car.”
They've sold over 100,000 of them.
TikTok removes a few, but most stay up—and sales keep growing.
Who's responsible when abuse is a business model?
August 19, 2025 at 6:30 PM
TikTok Shop is selling GPS trackers with ads that encourage stalking partners.
Some videos say things like “slap one of these on her car.”
They've sold over 100,000 of them.
TikTok removes a few, but most stay up—and sales keep growing.
Who's responsible when abuse is a business model?
Some videos say things like “slap one of these on her car.”
They've sold over 100,000 of them.
TikTok removes a few, but most stay up—and sales keep growing.
Who's responsible when abuse is a business model?
An AI broke into the top spot on HackerOne.
Not a tool. Not a helper. A full-on autonomous hacker.
It found 285 bugs, 22 confirmed CVEs, and crushed 60,000 web apps.
Here’s why this matters for every security team:
Not a tool. Not a helper. A full-on autonomous hacker.
It found 285 bugs, 22 confirmed CVEs, and crushed 60,000 web apps.
Here’s why this matters for every security team:
August 14, 2025 at 6:30 PM
An AI broke into the top spot on HackerOne.
Not a tool. Not a helper. A full-on autonomous hacker.
It found 285 bugs, 22 confirmed CVEs, and crushed 60,000 web apps.
Here’s why this matters for every security team:
Not a tool. Not a helper. A full-on autonomous hacker.
It found 285 bugs, 22 confirmed CVEs, and crushed 60,000 web apps.
Here’s why this matters for every security team:
So let me get this straight—you used Veo3 to whip up a fake Yeti video, slapped on some cinematic music and clickbait, and now you're selling AI-generated “creativity” for six figures? Wild. We’ve entered an era where deepfakes and hype matter more than storytelling or craft.
August 12, 2025 at 9:03 PM
So let me get this straight—you used Veo3 to whip up a fake Yeti video, slapped on some cinematic music and clickbait, and now you're selling AI-generated “creativity” for six figures? Wild. We’ve entered an era where deepfakes and hype matter more than storytelling or craft.
AI voice scams are everywhere.
Attackers use voice clones to sound like your boss, your kid, or your friend.
They push you to act fast—send money, click links, give passwords.
Don’t trust urgent requests from calls.
Hang up. Call back on a number you know.
Attackers use voice clones to sound like your boss, your kid, or your friend.
They push you to act fast—send money, click links, give passwords.
Don’t trust urgent requests from calls.
Hang up. Call back on a number you know.
August 9, 2025 at 6:30 PM
AI voice scams are everywhere.
Attackers use voice clones to sound like your boss, your kid, or your friend.
They push you to act fast—send money, click links, give passwords.
Don’t trust urgent requests from calls.
Hang up. Call back on a number you know.
Attackers use voice clones to sound like your boss, your kid, or your friend.
They push you to act fast—send money, click links, give passwords.
Don’t trust urgent requests from calls.
Hang up. Call back on a number you know.
Tea leaked again.
This time, it exposed 1.1 million private messages from women talking about cheating, abortions, and sharing phone numbers.
Some users even shared real names, making them easy to find.
Hackers used Tea’s own API to get the data—until last week.
Who else downloaded it?
This time, it exposed 1.1 million private messages from women talking about cheating, abortions, and sharing phone numbers.
Some users even shared real names, making them easy to find.
Hackers used Tea’s own API to get the data—until last week.
Who else downloaded it?
July 30, 2025 at 3:23 PM
Tea leaked again.
This time, it exposed 1.1 million private messages from women talking about cheating, abortions, and sharing phone numbers.
Some users even shared real names, making them easy to find.
Hackers used Tea’s own API to get the data—until last week.
Who else downloaded it?
This time, it exposed 1.1 million private messages from women talking about cheating, abortions, and sharing phone numbers.
Some users even shared real names, making them easy to find.
Hackers used Tea’s own API to get the data—until last week.
Who else downloaded it?
Allianz Life got hacked.
Hackers broke into a third-party CRM and stole personal data from most of its 1.4 million US customers.
The attack used social engineering—no technical breach of core systems.
Victims get 24 months of free identity protection.
The FBI is now involved.
Hackers broke into a third-party CRM and stole personal data from most of its 1.4 million US customers.
The attack used social engineering—no technical breach of core systems.
Victims get 24 months of free identity protection.
The FBI is now involved.
July 28, 2025 at 6:30 PM
Allianz Life got hacked.
Hackers broke into a third-party CRM and stole personal data from most of its 1.4 million US customers.
The attack used social engineering—no technical breach of core systems.
Victims get 24 months of free identity protection.
The FBI is now involved.
Hackers broke into a third-party CRM and stole personal data from most of its 1.4 million US customers.
The attack used social engineering—no technical breach of core systems.
Victims get 24 months of free identity protection.
The FBI is now involved.
The U.S. government now accepts Venmo to pay off the $36.6 trillion national debt.
Since 1996, all public donations combined equal $67.3 million—less than 0.0002% of the total.
You could send $1,000 today.
It wouldn't change anything.
But at least you’d get a receipt.
Since 1996, all public donations combined equal $67.3 million—less than 0.0002% of the total.
You could send $1,000 today.
It wouldn't change anything.
But at least you’d get a receipt.
July 24, 2025 at 6:30 PM
The U.S. government now accepts Venmo to pay off the $36.6 trillion national debt.
Since 1996, all public donations combined equal $67.3 million—less than 0.0002% of the total.
You could send $1,000 today.
It wouldn't change anything.
But at least you’d get a receipt.
Since 1996, all public donations combined equal $67.3 million—less than 0.0002% of the total.
You could send $1,000 today.
It wouldn't change anything.
But at least you’d get a receipt.
A startup is selling stolen data from hacked computers... to debt collectors and divorce lawyers.
For $50, you can search names, addresses, and leaked logins from malware-infected devices.
They call it "intelligence."
Experts call it illegal.
You trust your browser autofill? Think again.
For $50, you can search names, addresses, and leaked logins from malware-infected devices.
They call it "intelligence."
Experts call it illegal.
You trust your browser autofill? Think again.
July 22, 2025 at 6:30 PM
A startup is selling stolen data from hacked computers... to debt collectors and divorce lawyers.
For $50, you can search names, addresses, and leaked logins from malware-infected devices.
They call it "intelligence."
Experts call it illegal.
You trust your browser autofill? Think again.
For $50, you can search names, addresses, and leaked logins from malware-infected devices.
They call it "intelligence."
Experts call it illegal.
You trust your browser autofill? Think again.
One weak password.
That’s all it took to destroy a 158-year-old company and cost 700 jobs.
Hackers got in, locked the systems, and demanded millions.
The company didn’t have it.
Now it doesn’t exist.
That’s all it took to destroy a 158-year-old company and cost 700 jobs.
Hackers got in, locked the systems, and demanded millions.
The company didn’t have it.
Now it doesn’t exist.
July 22, 2025 at 3:23 PM
One weak password.
That’s all it took to destroy a 158-year-old company and cost 700 jobs.
Hackers got in, locked the systems, and demanded millions.
The company didn’t have it.
Now it doesn’t exist.
That’s all it took to destroy a 158-year-old company and cost 700 jobs.
Hackers got in, locked the systems, and demanded millions.
The company didn’t have it.
Now it doesn’t exist.
Hackers can force U.S. trains to brake with cheap radio tools.
The rail industry has known since 2012.
The fix still isn’t done.
AI can build the exploit in seconds.
Why are we still waiting?
The rail industry has known since 2012.
The fix still isn’t done.
AI can build the exploit in seconds.
Why are we still waiting?
July 15, 2025 at 6:30 PM
Hackers can force U.S. trains to brake with cheap radio tools.
The rail industry has known since 2012.
The fix still isn’t done.
AI can build the exploit in seconds.
Why are we still waiting?
The rail industry has known since 2012.
The fix still isn’t done.
AI can build the exploit in seconds.
Why are we still waiting?
Your eSIM can be cloned.
Researchers found old Java Card bugs in modern eSIM chips.
With short device access, attackers extract keys and install spyware remotely.
Some networks already rerouted calls to cloned eSIMs.
Still think your mobile data is safe?
Researchers found old Java Card bugs in modern eSIM chips.
With short device access, attackers extract keys and install spyware remotely.
Some networks already rerouted calls to cloned eSIMs.
Still think your mobile data is safe?
July 12, 2025 at 9:12 PM
Your eSIM can be cloned.
Researchers found old Java Card bugs in modern eSIM chips.
With short device access, attackers extract keys and install spyware remotely.
Some networks already rerouted calls to cloned eSIMs.
Still think your mobile data is safe?
Researchers found old Java Card bugs in modern eSIM chips.
With short device access, attackers extract keys and install spyware remotely.
Some networks already rerouted calls to cloned eSIMs.
Still think your mobile data is safe?
Why do job seekers have to pay for resume help to get a job?
You're unemployed, struggling, and still expected to afford resume services to pass a bot.
Then you're judged more by format than skill.
Job hunting shouldn't feel rigged.
There has to be a better way.
You're unemployed, struggling, and still expected to afford resume services to pass a bot.
Then you're judged more by format than skill.
Job hunting shouldn't feel rigged.
There has to be a better way.
July 10, 2025 at 3:23 PM
Why do job seekers have to pay for resume help to get a job?
You're unemployed, struggling, and still expected to afford resume services to pass a bot.
Then you're judged more by format than skill.
Job hunting shouldn't feel rigged.
There has to be a better way.
You're unemployed, struggling, and still expected to afford resume services to pass a bot.
Then you're judged more by format than skill.
Job hunting shouldn't feel rigged.
There has to be a better way.