Pithy Security
LightNews LightNews
banner
pithysecurity.bsky.social
Pithy Security
@pithysecurity.bsky.social
550 followers 400 following 130 posts
Pithy Security is a newsletter about cybersecurity and IT security news. We cover breaches and the latest exploits. Join if you're a security pro or anyone who loves privacy.

Join Free - pithysecurity.substack.com
Made By - @mrcomputerscience.bsky.social
Posts Replies Media Videos
Pinned
pithysecurity.bsky.social
Pithy Security @pithysecurity.bsky.social · Nov 28
1. Use Linux. (Ubuntu is my fav. But if you're paranoid, use Tails.)
2. Forget US-based big tech.
3. Use Protonmail/Tuta.
4. Use ProtonVPN or a VPN you trust. (TOR is good, but overkill for many.)
5. Remember that all accounts you created previously are still attached to you, as you said.
6. Signal.
pithysecurity.bsky.social
The impact of a major cyber defense agency losing 65% of its workforce goes beyond just the government. 🏭 Critical national infrastructure (energy, finance, water) relies on CISA. A shutdown for them means increased vulnerability for everyone. Not good. #CyberSecurity #CISA
mrcomputerscience.bsky.social MrComputerScience @mrcomputerscience.bsky.social · Oct 3
🇺🇸 America's cyber defenses just got benched! 🏈 The government shutdown has furloughed 65% of CISA personnel. 📉 While state-sponsored hackers & ransomware gangs work 24/7, our defensive team is down to a skeleton crew. 💀 Bad timing. 🤦‍♀️ #CyberSecurity #CISA

pithysecurity.substack.com/p/americas-c...
America's Cyber Defenders Just Got Benched
Also - an urgent warning about 50,000 Cisco firewalls under active zero-day attack.
pithysecurity.substack.com
October 3, 2025 at 5:25 PM
pithysecurity.bsky.social
There was a ton of fuss about this earlier in the week. Swatting threats, UN spy vibes, telecom panic. Turns out: 100K+ SIM cards seized, 300+ servers jammed in 5 NYC spots, nation-state actors linked to cartels & terrorists. Could've DDoS'd 911 calls in mins!📡💥 #Cybersecurity
mrcomputerscience.bsky.social MrComputerScience @mrcomputerscience.bsky.social · Sep 26
🚨 Crisis averted! Secret Service ghosted a sneaky nation-state plot to zap NYC's cell service this week. Imagine no Uber, no 911, no cell service. Who needs spies when you've got signal jammers? 📵😎 #NYC #Cybersecurity #Hackers #Hack #NewYork

pithysecurity.substack.com/p/crisis-ave...
Crisis Averted: The Nation-State Plot To Black Out NYC’s Cell Service!
Also - the time a group of teenage hackers owned 130 high-profile Twitter accounts.
pithysecurity.substack.com
September 26, 2025 at 10:28 AM
pithysecurity.bsky.social
Thread: How I became one of TransUnion's 4.4 million breach victims while trying to protect myself from... data breaches. The cybersecurity industry has some explaining to do. #cybersecurity #transunion
mrcomputerscience.bsky.social MrComputerScience @mrcomputerscience.bsky.social · Sep 19
I trusted TransUnion to protect my data after a breach. Then TransUnion got breached. And yes, I was one of the 4.4 million victims. The irony writes itself. All the details are in the latest issue of Pithy Security. Plus many hidden gems. #cybersecurity

pithysecurity.substack.com/p/i-trusted-...
I Trusted TransUnion. But Now I've Become One of Its 4.4 Million Victims.
Also - Microsoft and Cloudflare team up to smash scammers.
pithysecurity.substack.com
September 19, 2025 at 10:44 AM
pithysecurity.bsky.social
There are rumors that satellite hardware on US highways might have SPYING DEVICES attached unknowingly. (Think spy radios that are transmitting data.)

#cybersecurity #spying
mrcomputerscience.bsky.social MrComputerScience @mrcomputerscience.bsky.social · Sep 12
Well this is scary. 😬

Federal highway officials just warned that solar panels powering traffic lights & cameras have secret radios that could be used for spying or remote tampering.

Those panels you drive past daily? They might be watching you back.

pithysecurity.substack.com/p/solar-pane...
Solar Panels Caught Hiding Secret Spy Radios! 📡
Plus - the little-known history of the Ashley Madison hack.
pithysecurity.substack.com
September 12, 2025 at 1:06 PM
pithysecurity.bsky.social
Do you think Nevada got wrecked by ransomware? (There is still no word on if they paid ransom. But, they are being VERY hush hush. Many of their websites + services are still down TWELVE DAYS after the attack...

#cybersecurity #nevada #hacked
mrcomputerscience.bsky.social MrComputerScience @mrcomputerscience.bsky.social · Sep 4
🏛️💥 Nevada state offices STILL interrupted after 12 days from "network security incident." Government websites disrupted - no timeline for restoration. Whatever hit them hit HARD. State won't say ransomware, but... 👀 #Cybersecurity #Ransomware #Nevada

pithysecurity.substack.com/p/ransomware...
Ransomware Gang Shuts Down Nevada's Government For Going On 12 Days. 🚨⚠️💻
Also - The epic story of John McAfee, and his warning from beyond the grave.
pithysecurity.substack.com
September 4, 2025 at 10:45 AM
pithysecurity.bsky.social
Think of your data like a house.
A strong lock is a good start.
But the real value is in who you give the keys to.
Be wary of third-party apps and permissions.
They're the easiest way to accidentally lose (or give away) your best digital assets.
#cybersecurity #privacy #datasecurity
August 26, 2025 at 11:16 AM
Reposted by Pithy Security
mrcomputerscience.bsky.social
📞💥 Google, Adidas & 90+ companies got hacked by... phone calls. Attackers called employees pretending to be IT, tricked them into handing over credentials, then drained cloud systems. 1.1M records stolen from Allianz alone. 🎭 #Cybersecurity #SocialEngineer

pithysecurity.substack.com/p/how-a-phon...
How A Phone Call Hacked Google, Adidas & 1.1 Million Records. 📞💥🔓
Also - the little-known history of the first ransomware virus.
pithysecurity.substack.com
August 22, 2025 at 10:15 AM
Reposted by Pithy Security
mrcomputerscience.bsky.social
🎓💸 Columbia's $13B endowout couldn't stop hackers from swiping 460GB of data from 870K students, staff & applicants. The breach went undetected for a MONTH while criminals grabbed SSNs, health records & transcripts. Not so elite. 🏛️💔 #Cybersecurity #Privacy

pithysecurity.substack.com/p/870k-peopl...
870K People Just Got Their Data Stolen From An Ivy League School! 🎓💥🔒
Also - learn about The Cult Of The Dead Cow. (The Folks Who Coined The Term "Hacktivism.")
pithysecurity.substack.com
August 15, 2025 at 10:03 AM
Reposted by Pithy Security
mrcomputerscience.bsky.social
🐉💥 DragonForce strikes again! The cyber gang claimed to swipe 156GB of data from Belk (North Carolina), dropping both files and a chilling message on the dark web: “We hope this serves as a lesson.” Retail security in ’25? Under siege. 🛒💸 #Cybersecurity

pithysecurity.substack.com/p/dragonforc...
DragonForce Hackers 🚨, Drone Factory Gets Erased 🛡️, And China's New Phone Hack! 📱
Also - the little-known history of old-school AOL hackers.
pithysecurity.substack.com
July 19, 2025 at 8:36 AM
pithysecurity.bsky.social
Am I the only one who thinks $16.6B lost to cybercrime in 2024 is a low estimate? With so much unreported and hidden damage, the real number’s probably way higher! 💻💸 #CyberSecurity

www.bleepingcomputer.com/news/securit...
FBI: US lost record $16.6 billion to cybercrime in 2024
The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year.
www.bleepingcomputer.com
April 24, 2025 at 1:23 AM
Reposted by Pithy Security
pithysecurity.bsky.social
Yep. Back to a system of lords and peasants. I prefer peer to peer equality.
April 21, 2025 at 4:23 PM
pithysecurity.bsky.social
🚨 People say they can't be tricked. Data says otherwise. Text scams rose to hundreds of millions 💰 in 2024. Watch out for fake package alerts 📦, job offers 💼, fraud warnings 🚨, toll fee scams 🚗, and wrong number tricks. 📱🔒 Report scams to the FTC! #CyberSecurity

www.malwarebytes.com/blog/news/20...
Text scams grow to steal hundreds of millions of dollars
Text scams come in many forms and are an ever increasing threat doing an awful lot of financial, and other, damage
www.malwarebytes.com
April 21, 2025 at 3:34 PM
pithysecurity.bsky.social
🚨 Phishers are abusing Google OAuth to send ultra-convincing fake emails that pass Google’s DKIM checks - making them look 100% legit! Even pros were fooled. Stay sharp: always double-check URLs, even if the email looks official. #Phishing #Cybersecurity

www.bleepingcomputer.com/news/securit...
Phishers abuse Google OAuth to spoof Google in DKIM replay attack
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page ...
www.bleepingcomputer.com
April 21, 2025 at 2:14 PM
pithysecurity.bsky.social
🔒🚫 Oracle denies data breach claims after hacker alleges theft of 6 million records. Company stands firm on data security #CyberSecurity #DataProtection

www.bleepingcomputer.com/news/securit...
Oracle denies breach after hacker claims theft of 6 million data records
Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company's Oracle Cloud federated SSO login servers
www.bleepingcomputer.com
March 21, 2025 at 10:50 PM
pithysecurity.bsky.social
You see this new botnet? 🚨 Eleven11bot emerges overnight, infecting 30,000+ webcams & video recorders 📹, mostly in US 🇺🇸. It delivers massive "hyper-volumetric" DDoS attacks 🚀, consuming bandwidth in terabits per second 📊. A new era of cyber threats 🚨.

#cybersecurity

arstechnica.com/security/202...
Massive botnet that appeared overnight is delivering record-size DDoSes
Eleven11bot infects video recorders, with the largest concentration of them in the US.
arstechnica.com
March 6, 2025 at 10:20 PM
pithysecurity.bsky.social
🚨 Warning! 🚨 Scammers are impersonating PayPal using hacked ad accounts, exploiting a Google policy loophole 🤖. They create fake ads with official-looking PayPal URLs 📊, tricking users into giving personal info 📝. Stay vigilant 👀 verify URLs! 💻

#Cybersecurity

www.malwarebytes.com/blog/scams/2...
PayPal's "no-code checkout" abused by scammers
Malicious Google ads are redirecting PayPal users looking for assistance to fraudulent pay links embedding scammers' phone numbers.
www.malwarebytes.com
March 5, 2025 at 4:58 AM
pithysecurity.bsky.social
🚨 AI Security Alert! 🤖🔓 Nearly 12,000 API keys & passwords discovered in Common Crawl dataset used to train major AI models! 😱 This affects LLMs from tech giants like OpenAI, Google, Meta & more. Huge implications for #Cybersecurity #Privacy

www.bleepingcomputer.com/news/securit...
Nearly 12,000 API keys and passwords found in AI training dataset
Close to 12,000 valid secrets that include API keys and passwords have been found in the Common Crawl dataset used for training multiple artificial intelligence models.
www.bleepingcomputer.com
March 3, 2025 at 10:56 PM
pithysecurity.bsky.social
New Linux Malware Alert: 'Auto-Color' 🎨

🖥️ Targets universities & gov orgs in N. America & Asia
🔓 Grants hackers full remote access
🕵️ Evades detection with clever tricks
🔒 Requires root privileges

Stay vigilant, Linux users! Patch & update! #CyberSecurity

thehackernews.com/2025/02/new-...
New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems
Auto-Color Linux malware targets governments and universities, using stealth tactics and encryption to evade detection and maintain persistence.
thehackernews.com
February 26, 2025 at 8:57 PM
pithysecurity.bsky.social
🚨 ALERT: Predatory App Strikes Google Play! 📱💸 "Finance Simplified" app, part of SpyLoan family, downloaded 100K times 📊 ⚠️ Masquerades as financial tool, but STEALS user data for blackmail 🕵️‍♂️

🔓 Harvests contacts, photos, location & more 📞📸🗺️

#CyberSecurity

www.malwarebytes.com/blog/news/20...
Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail
The stolen information included listed contacts, call logs, text messages, photos, and the device’s location.
www.malwarebytes.com
February 26, 2025 at 2:55 AM
pithysecurity.bsky.social
🚨 Alert: Massive botnet targets Microsoft 365! 🖥️ Over 130K compromised devices launching coordinated password-spraying attacks on M365 accounts. 😱 C2 servers hosted by SharkTech (US) with links to Chinese cloud providers. 🌐🔒

#CyberSecurity

www.helpnetsecurity.com/2025/02/24/b...
Massive botnet hits Microsoft 365 accounts - Help Net Security
A botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 accounts.
www.helpnetsecurity.com
February 24, 2025 at 10:48 PM
pithysecurity.bsky.social
🛏️💻 "Smart" bed vulnerability lets hackers access your entire network. They know when you're sleeping, awake, and can run any code they like. This is perfectly normal. Lol. (Does EVERYTHING have to be on the damn network?) #IoT #CyberSecurity #Fail

www.tomshardware.com/tech-industr...
Security researcher finds vulnerability in internet-connected bed, could allow access to all devices on network
They know when you're sleeping, they know when you're awake, and they can execute arbitrary code, but not for goodness' sake.
www.tomshardware.com
February 23, 2025 at 9:51 PM
pithysecurity.bsky.social
🌐 Heads up! X now blocks links to "Signal.me," the URL used for sharing your Signal account info. 🚫 Posting these links via public posts, direct messages, or profile bios results in error messages about spam or malware risks. 😱

#CyberSecurity #Privacy

www.bleepingcomputer.com/news/securit...
X now blocks Signal contact links, flags them as malicious
Social media platform X (formerly Twitter) is now blocking links to "Signal.me," a URL used by the Signal encrypted messaging to share your account info with another person.
www.bleepingcomputer.com
February 18, 2025 at 9:33 PM
pithysecurity.bsky.social
🚨🔒 Microsoft is ending its Defender 'Privacy Protection' VPN feature by Feb 28! 📆 The decision is due to low usage, and Microsoft plans to focus on other features 📈. Users will need to find alternative VPNs for secure browsing 🌐.

#VPN #CyberSecurity

www.bleepingcomputer.com/news/microso...
Microsoft kills off Defender 'Privacy Protection' VPN feature
Microsoft announced it is killing off its Privacy Protection VPN feature in the Microsoft Defender app at the end of the month to focus on other features.
www.bleepingcomputer.com
February 4, 2025 at 1:18 PM
pithysecurity.bsky.social
🧠 Hackers are exploiting Google’s Gemini AI to boost attack efficiency. 💻 State-sponsored APT groups, primarily from Iran and China, use it for research, reconnaissance, and productivity gains rather than novel AI-driven attacks. 🔍

#CyberSecurity #AI

www.bleepingcomputer.com/news/securit...
Google says hackers abuse Gemini AI to empower their attacks
Multiple state-sponsored groups are experimenting with the AI-powered Gemini assistant from Google to increase productivity and to conduct research on potential infrastructure for attacks or for recon...
www.bleepingcomputer.com
February 3, 2025 at 12:47 PM
pithysecurity.bsky.social
🚨 Google's Shocking App Security Blitz: Blocked 2.36 MILLION risky Android apps & banned 158K malicious developer accounts! 🛡️ AI-powered threat detection keeps your phone safe. Stay protected! 🤖

#CyberSecurity #AI #Google

security.googleblog.com/2025/01/how-...
How we kept the Google Play & Android app ecosystems safe in 2024
Posted by Bethel Otuteye and Khawaja Shams (Android Security and Privacy Team), and Ron Aquino (Play Trust and Safety) Android and Google...
security.googleblog.com
January 31, 2025 at 2:28 PM