• ByteSize
  • Posts
  • Hacked by teens, ditched by Sam, and corn is fighting back

Hacked by teens, ditched by Sam, and corn is fighting back

Oh, and... Xu Zewei allegedly hacked 60,000 entities and then got arrested in Europe, which is a terrible way to see the continent.

May 05, 2026 • Estimated Reading Time: 5 minutes

Tired of finding out about critical CVEs from X threads? 

We built cvemon, so you know what matters, what's hype, and what you can ignore.  Doomscrolling: cured. 

Oh, and it's free. Check it out.

Happy Tuesday! We’ve entered the part of the year where time speeds up and nothing gets easier.

On this day in 1961, NASA astronaut Alan Shepard became the first American in space, completing a 15-minute suborbital flight aboard Freedom 7, reaching 115 miles above Earth and experiencing about five minutes of weightlessness. His capsule splashed down safely in the Atlantic Ocean. He did all of this before GPS, before the internet, and before anyone had invented the concept of a post-flight debrief that takes longer than the actual mission. The bar was high then. (It is lower now.)

Anyway, here's your news…

Your Password Manager Got Hacked. Congrats.

A hacker group called TeamPCP (operating like an access-broker vending machine) smashed into Trivy back in March 2023, and the blast radius took two and a half years to fully crater everything in its path. Security firm Checkmarx just confirmed that the breach exposed data from its GitHub repositories. Bitwarden, the password manager you've been enthusiastically recommending to your less security-conscious coworkers, had a poisoned package shoved into its npm delivery path on April 22 between 5:57 and 7:30 PM ET.

93 minutes!

That's less time than it takes to sit through a mandatory compliance training video that could have been an email.

TeamPCP then sold the Checkmarx credentials to Lapsu$, a ransomware gang made up largely of teenagers who hack Fortune 500 companies and then trash-talk them online — like if the Bored Ape Yacht Club got into extortion. The through line here is that attackers aren't kicking in your front door. They're compromising the tools that are supposed to guard the front door, walking in, and leaving a passive-aggressive note on the fridge. Which is somehow worse.

Sam Altman Dumps Microsoft. Kind Of. Okay, It's Complicated.

In February, OpenAI agreed to spin up two gigawatts of Amazon's Trainium chips in exchange for up to $35 billion in financing, which is the kind of deal that makes you wonder what Sam Altman orders when someone else is paying.

This week, that deal became a real product: OpenAI's models are now live on AWS Bedrock, meaning enterprises can run GPT-5.4 (and soon GPT-5.5) inside Amazon's infrastructure without their data anywhere near OpenAI's own APIs. For your legal and compliance teams, this is apparently the difference between a panic attack and a light jog.

Microsoft, the original benefactor who funded OpenAI's entire adolescence, agreed to rip up its revenue-sharing arrangement in exchange for being freed from its obligations — essentially signing the papers so its ex could go date jacked Jeff Bezos. Microsoft "remains the primary cloud provider," a title that carries roughly the same energy as "we're still friends." OpenAI is now free to cut infrastructure deals with anyone. Fools think this is strategy… but really, this is a man who raised $40 billion, got told he could leave whenever, and immediately texted Amazon back.

Farmers vs. The Cloud (No, Literally)

Turns out, when you start draining aquifers to cool servers for AI chatbots that confidently hallucinate wrong answers, people who grow food get annoyed.

Yup. Meta is building a data center outside DeKalb, Illinois, that will consume up to 1.2 million gallons of water per day from the same aquifer that local farmers use to grow the pumpkins, corn, and soybeans that become the food we eat. About 67% of planned data centers are now targeting rural land while 87% of existing ones are urban, which is a polite way of saying Big Tech found out that corn farmers have fewer zoning attorneys on retainer.

The backlash is physical now. In West Virginia, a small town's water treatment plant literally ran dry during a recent drought and farmers had to get the fire department to truck in water for their cattle. A proposed data center nearby would require millions of gallons per day. In Indiana, someone left a note on a lawmaker's doorstep that read "no data centers" after shots were fired at the house, which is the kind of constituent feedback that doesn't make it into the press release.

⚙️ TOOL TIME

It is 2:17 AM. Something is down. You have three browser tabs open, a Slack message from someone who doesn't understand what "on-call" means, and absolutely zero desire to open a spreadsheet to calculate a subnet. We've all been there. Some of us live there.

So we built something for you. Our team at Experts Exchange just shipped a free suite of network diagnostic tools — no account, no credit card, no onboarding flow that asks you to "tell us about your role." Only tools that work, at the URL you bookmarked at 2 AM and never closed.

  • Down Detector provides real-time outage monitoring, so you can confirm it's not just you before you send the "is anyone else seeing this" Slack

  • IP Lookup searches geolocation and ISP data, fast, no ceremony

  • Port Scanner for open and closed port visibility without spinning up anything

  • SSL Checker to validate certs before they expire and become a 6 AM incident ticket with your name on it

  • Subnet Calculator does the math, skips the spreadsheet, respects your time

Free. Permanent. Built for the people who actually fix things instead of scheduling a meeting about fixing things.

tools.experts-exchange.com — go ahead, make it a pinned tab. You've earned it.

👨‍💻 JOB OPPORTUNITIES

If your idea of a good time is juggling Jira tickets while someone asks you to "just quickly fix their Outlook," this is your Lance Armstrong moment. (Minus the scandal. Probably.)

BAE Systems wants an IT Project Manager with 11+ years of experience, a PMP cert, and the ability to say "Lean Agile" in a government meeting without your left eye twitching.

You'll provide first-line IT support across Windows, macOS, and Linux environments for a defense research company doing genuinely classified things — making this the one helpdesk role where "I can't talk about what I fixed today" is a legally protected response. (Not a cry for help.)

🛩 INDUSTRY MOVES

  • Notepad++ finally arrived on macOS after 20 years, in an unofficial community port that their developer immediately called unauthorized trademark infringement. So it's basically the software version of showing up to someone's wedding uninvited and then getting escorted out before the cake.

  • The OpenAI trial opened with Elon Musk and Sam Altman presenting two completely different origin stories about the same company, which is impressive because most people can't even agree on what happened at brunch.

  • At AI Dev 26 in San Francisco, 3,000 software developers paid to attend a conference where Andrew Ng told them the future of software development is AI writing 100% of the code — a message that landed with the warm comfort of a doctor telling you he's replaced himself with a WebMD article.

  • Chinese national Xu Zewei, allegedly a contractor for China's Ministry of State Security, was extradited from Italy to the US after his hacking crew hit 60,000+ entities including defense contractors and COVID researchers. Call Mike White from White Lotus, because that’s a European vacation that ended considerably worse than Jennifer Coolidge’s character.

Hey hey hey, it's your boy Chip! While the writer was busy staring blankly at the supply chain attack story and questioning her career choices, the EE community was out here actually solving things:

Until next time, ByteSize fam! Logging off before someone schedules a “quick sync.”