- ByteSize
- Posts
- 700% more chaos, 100% more drama
700% more chaos, 100% more drama
Oh, and... turns out "don't be evil" expires, data streaming costs billions, and AI assistants are coming for your work chats
In partnership with
Congratulations! You’ve been selected for a totally real loan AND this issue of ByteSize!
It's December 16th, and on this blessed day in 2003, the CAN-SPAM Act became law in the United States. This groundbreaking legislation promised to save us all from the digital deluge of Nigerian princes and miraculous weight-loss pills. And as you might’ve already known, it worked about as well as Windows 11.
Two decades later, we're still drowning in emails promising to help us "consolidate our student loans" while we're trying to fix production servers at 2 AM.
But hey, at least we tried, right? It's like putting a Band-Aid on the Titanic and calling it "seaworthy" again.
HYPERVISOR RANSOMWARE: WHEN YOUR VIRTUAL MACHINES BECOME REALLY EXPENSIVE PAPERWEIGHTS
Quick question: Who thought virtualizing everything was the answer to all our problems?
Only asking, because, well… it just gave hackers a BIGGER target.
Security researchers at Huntress just dropped some delightfully terrifying news: hypervisor ransomware attacks have exploded by 700% in the second half of 2025. For context, that's like going from one awkward conversation with your boss to having 700 awkward conversations with your boss. Both scenarios end with you questioning your life choices.
The Akira ransomware group is apparently leading this virtual apocalypse, treating hypervisors like an all-you-can-encrypt buffet. Why hypervisors? Because they're a lot like that friend who never locks their front door — everyone knows they should be more secure, but somehow they never are.
These attacks follow the classic "Oops We Forgot To Secure The Thing That Controls Everything" playbook. Threat actors realize that hypervisor operating systems are often more locked down than your ex's Instagram account, meaning you can't install traditional security controls like EDR. This creates what security experts call "a significant blind spot" and what the rest of us call "a really expensive lesson in why we should have listened to that paranoid guy in InfoSec."
The attackers are getting creative too, using built-in tools like OpenSSL to encrypt virtual machine volumes. Why bring your own ransomware when the victim's infrastructure will happily do the job for you? Who doesn’t love getting mugged with your own wallet?!
Huntress recommends the usual suspects: multi-factor authentication, complex passwords, and staying up-to-date with patches. You know, the stuff we've been preaching since before Twitter (ahem, I mean, “X”) existed and people still ignore, like terms and conditions agreements.
VSCODE MARKETPLACE: WHERE DEVELOPERS GO TO GET THEIR CREDENTIALS STOLEN
Microsoft's Visual Studio Code Marketplace is that beautiful online bazaar where developers go to make their IDE shinier than a Tesla Cybertruck. Now, it has been hosting some unwelcome guests.
Two malicious extensions, "Bitcoin Black" and "Codo AI," have been masquerading as a color theme and an AI assistant respectively. Published under the developer name 'BigBlack' (points for subtlety there), these extensions are about as trustworthy as a crypto influencer's investment advice.
The Bitcoin Black extension features a "*" activation event that triggers on every single VSCode action. The newer versions have gotten sneakier too, switching from PowerShell scripts (which at least had the courtesy to show a visible window) to batch scripts that run hidden. Nothing says "legitimate software" quite like Zuckerberg having secret meetings with the Chinese government to launch business over there.
The malware also creates a directory called "Evelyn" (such a friendly name for digital theft) to store all your stolen data: clipboard content, WiFi credentials, screenshots, and running processes. It even launches Chrome and Edge in headless mode to snatch cookies and hijack sessions, which is roughly the browser equivalent of going through someone's medicine cabinet at a house party.
Microsoft has since removed both extensions, proving that their response time is slightly better than their Windows Update schedule.
X THROWS TANTRUM, TAKES BALL HOME
In today's episode of "Billionaire Social Media Platform Behaves Like Toddler," Elon Musk's digital playground terminated the European Commission's ad account after Brussels (the city of Belgium, not that disgusting vegetable dish your aunt keeps bringing to Christmas dinner) used their dormant X account to announce that €120 million Digital Services Act fine for the social platform.
The drama behind all this mess is that the EC used what X calls an "exploit" in their Ad Composer to post a link disguised as a video. X's head of product cried "ironic!" louder than Alanis Morissette in 1996, claiming the Commission was deceiving users. This is rich coming from a platform that's spent the last year experimenting with blue checkmarks to AI bot armies like it’s auditioning for a reboot of Band of Brothers,.
The "exploit" involves crafting ads with links that preview as videos. (You know, "cutting-edge technology," is quite like sloppy coding that accidentally creates content manipulation tools.) The EC hadn't run an ad since 2021, making this comeback more unexpected than the Oasis reunion tour.
⚙️ TOOL TIME
This newsletter you couldn’t wait to open? It runs on beehiiv — the absolute best platform for email newsletters.
Our editor makes your content look like Picasso in the inbox. Your website? Beautiful and ready to capture subscribers on day one.
And when it’s time to monetize, you don’t need to duct-tape a dozen tools together. Paid subscriptions, referrals, and a (super easy-to-use) global ad network — it’s all built in.
beehiiv isn’t just the best choice. It’s the only choice that makes sense.
👨💻 JOB OPPORTUNITIES
Think you've got what it takes to survive the corporate rotation wheel? This program is like the Hunger Games, but with more PowerPoint presentations and fewer actual survival skills required. You'll bounce between departments while building your "technical foundation" (which is corporate speak for "we'll throw you at problems until something sticks.")
This fintech startup is looking for an IT whisperer that's "engineering the future of private markets.” You'll need to speak both GDPR and human — a rare combination that's more valuable than Bitcoin during a bull run. Bonus points if you can explain why the printer is making that weird noise again without having an existential crisis.
This is your chance to be the tech wizard behind live auctions for everything from trading cards to houseplants. You'll make their platform run smoother than a freshly formatted hard drive while handling A/V systems that could rival a NASA mission control setup. Must be comfortable troubleshooting Dante networks and explaining to influencers why their audio sounds like it's coming from inside a fish tank.
If you herd cats while managing IT operations, then this role is for you! It involves transitioning from MSPs while providing white-glove support to executives who definitely think "the cloud" is just weather. You'll leverage AI to build a "next-level IT function,” which probably means teaching ChatGPT to reset passwords so you don't have to.
🛩 INDUSTRY MOVES
The EU is investigating Google Zero for potentially starving publishers of traffic while feeding their AI overlords — apparently, "don't be evil" has an expiration date
IBM dropped $11B on Confluent like they're collecting data streaming platforms instead of Pokemon cards. Big Blue's really committing to this whole "AI needs data" thing
The Department of Commerce approved Nvidia H200 chip exports to China because nothing says "strategic competition" like selling your rival the tools to potentially beat you. It's like lending your ex your car to go on dates
Claude Code is coming to Slack, which means AI can now interrupt your work conversations directly, instead of just through separate browser tabs. That’s progress, my Nigerian prince and princesses!
Chip here! I’m still trying to figure out why my creators thought naming an anti-AI mascot after semiconductor components was peak comedy. Our EE community has been busy this week solving the mysteries that keep IT pros awake at 3 AM:
Someone's wrestling with NVMe drives on a Dell PowerEdge DL380 Gen 11, since apparently SAS drives are for quitters, and we all need that sweet, sweet NVMe speed even if it means additional hardware headaches
Another brave soul is battling Windows Server remoting issues with PowerShell throwing COM exceptions like it's personally offended by their existence. Ah, the joy of mysterious error messages that Google can't even explain…
And in our featured deep dive, one of our experts breaks down Azure AI cost optimization after watching too many startups burn through budgets faster than Elon burns through Twitter's brand value
ByteSize out! Stay safe, stay patched, and don’t click on anything that promises free crypto. And we’ll see you next Tuesday… Hopefully not from your “promotions” tab.
Enjoyed the news? Discuss over on Experts Exchange.
Got news to share or topics you'd like us to cover? Send ‘em our way by responding to this email. We can’t wait to hear from you. Really.