14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
So far this holiday season we've got $14,000 in gifts to giveaway.
We've got more coming. We're estimating nearly $30,000 for noobs and nerds.
Dear large vendors, training course providers, and rich people,
It is time for the 2nd annual tuts-for-nerds giveaway series for the holiday season. If you're any of the 3 listed above, please contact us so we can give stuff away to nerds in need.
Thanks,
ChatGPT is showing some prompt errors. The general public (who are primarily NOT tech savvy) become aware of the issue. They have two options. Which will they choose?
Читать полностью…
ChatGPT can't say David Faber, or David Mayer, via the Web UI. It can however say the names programmatically via the API.
It's something to do with policy or flagging, a weird bug. Alternatively, as many have hypothesized, it could the illuminati and the big spooky banks!!!!1
Shout-out to 'cth'. No idea who this guy is, but he's been immeasurably helpful to us. He's like our Senior Internet Degeneracy correspondent (we never hired him, he randomly showed up and gives us stuff).
Читать полностью…
Today it was unveiled that a 'video game researcher' SvenTek_667 has come into possession of the source code to Crysis 3 — the 2013 first-person shooter video game.
We have no idea why nerds are freaking out about this game (we never played it), but people are going nuts
It's never too early to have "the talk" with your children.
Читать полностью…
We made a dumb joke about a path inside of a Windows binary. We were flooded by angry nerds telling us it's from an ASSERT, it's a _FILE_ macro, it's from a AzureDevOps pipeline.
tfw you make a joke (and oopsie, didn't know it was from AzureDevOps) (please stop yelling at us)
More details have emerged surrounding Connor "Waifu" Moucka.
Interestingly, and a bit ironically, Mr. Moucka's identity was unveiled as a result of his attempts to obfuscate his identity online. No information has been released on how he was precisely identified, however it has been noted he was unmasked as a result of the misinformation he released about himself.
Additionally, it was noted part of his strategy was threatening security researchers. Instead of intimidating Unit221B and Mandiant, this had an opposite effect and only brought more attention to himself from researchers and law enforcement agencies.
Mr. Moucka is currently being held in Maplehurst Correctional Complex. He is scheduled for a hearing November 29th — the hearing is to discuss his further court dates.
More information:
https://www.therecord.com/news/waterloo-region/accused-kitchener-hacker-unmasked-after-threatening-woman-online/article_3501ea8b-1514-5524-8de6-f52e92c3e103.html
Today EUROPOL announced the takedown of a large illegal streaming network operating within the EU. 11 people have been arrested, €1,600,000+ seized.
The unnamed network allowed users to illegally stream movies, television series, and sporting events
https://www.europol.europa.eu/media-press/newsroom/news/european-law-enforcement-stops-illegal-iptv-service-providers
The globalists don't want you to know this, but .EX_ files are real and you can use it for malware
Читать полностью…
Today ESET released a paper on "Bootkitty" the first UEFI bootkit for Linux.
We didn't even read the paper, we just liked the name and artwork
Shortly following the announcement of the Threat Actor "Remi" being arrested, we were contacted by "Remi" in proxy by a party which is close to him.
"Remi" requested (by proxy) we share a photo of him and state "If you’re gonna post about me, at least notice the drip"
Internet nerds are reporting Sora AI, the OpenAI product for transforming text into video, has been leaked online.
However, we don't quite understand the context of the word 'leak' here because the material 'leaked' online does not contain a dataset. Instead the material directly cites an OpenAI API URL. We're not sure you can call something an AI leak when it's a python script invoking an API URL ...
Files leaked:
- .gitattributes
- README-dot-md
- app-dot-py
Inside of the 'app' python script you can see the API URL invocation. The README is just a manifesto, or something, against OpenAI, standard anti-AI stuff.
¯\_(ツ)_/¯
us approaching wealthy people and vendors for stuff to giveaway
Читать полностью…
Shout-out to /g/'s Tech Memes and Tech Crimes on Telegram.
They've been our primary source of tech-related shit posts for over a year now. They're doing God's work.
Image 3 isn't ours. We stole it from some LLM nerds discussing the issue shown above. They're probably wrong though, this isn't a policy issue, this is (for real, fo' real), the Rothschild and Big Brother censoring your ability to print names onto a screen
Читать полностью…
Correction: the source code to Crysis 3 was leaked in 2020 by Egregor ransomware group. The source code was in password protected 7z file. Either no one tried to bruteforce it, or people kept hush-hush about it.
tfw the password was literally 123123
Hello,
We can now share the documents from the Ticketmaster / Snowflake hacker a/k/a Waifu.
We've censored it, or tried our best to. We will discuss it more later.
You can download it here: https://samples.vx-underground.org/tmp/censored%20(1).pdf
Hello, we're aware vx-underground is down.
Thankfully this time it's not our fault. It's Wasabi's fault. They're having a massive outage.
It'll be back when it's back.
Bologna FC has been ransomed by RansomHub ransomware group.
https://www.bleepingcomputer.com/news/security/bologna-fc-confirms-data-breach-after-ransomhub-ransomware-attack/
Today Mikhail Pavlovich Matveev a/k/a Wazawaka was arrested in Kaliningrad, Russia.
Mikhail Matveev is a bit of a ransomware 'celebrity', often blatantly showing his face and his 'work flow'. He has been tied to Lockbit, Conti, and BABUK
https://ria.ru/20241129/sud-1986456557.html
This is a binary from Microsoft Windows which is primarily used in Enterprise environments.
It's 3am and we're wondering why it has these hardcoded paths that look like they're from a hobbyist, not from a professional software engineering team
We'll be AFK for Ameriburger holiday stuff. Happy Ameriburger holidays to you and your families.
No one do anything crazy while we're gone.
Thanks,
- smelly
(it's just a silly cab file, but we forgot it existed, we're bringing .ex_ and .com files back) (windows doesn't support .com files anymore)
Читать полностью…
Security research TuringAlex spotted AIRASHI botnet sharing the lyrics to "Conga" by Gloria Estefan and specifically calling out Xlab_qax and Fox_threatintel
11/10, banger song, now doing the Conga
SimoKohonen did the math. Here is a list of every vendor and every high-severity CVE from the past 5 years.
Qualcomm: 97,388
Cisco: 15,833
Microsoft: 11,375
Intel: 9,323
Juniper: 5,550
Dell: 5,041
Hp: 4,448
Netgear: 3,855
Apple: 3,544
Siemens: 3,281
Zoho Corp: 2,636
Lexmark: 1,668
Oracle: 1,642
F5: 1,637
Google: 1,557
Netapp: 1,258
Brother: 1,220
Lenovo: 1,195
Adobe: 1,184
Mitsubishi Electric: 1,087
Vmware: 1,071
Amd: 1,053
Huawei: 969
Mediatek: 890
Cdatatec: 841
Zyxel: 815
Redhat: 724
Schneider-Electric: 674
Debian: 671
Aruba Networks: 668
Hikvision: 640
Fedora project: 619
Moxa: 590
Dlink: 546
Linux: 527
Hpe: 493
Ibm: 474
Vivotek: 420
Xerox: 404
Mitsubishi: 397
Totolink: 395
Freebsd: 386
Qnap: 380
Weidmueller: 324
Sap: 308
Canonical: 303
Phoenix Contact: 294
GE Healthcare: 293
Tenda: 292
Tp-Link: 291
Qualcomm takes 1st place.
97,388 high-severity CVEs ÷ 1,825 days (5 years)
An average of 53.36 high-severity CVEs a day
Very cool.
We've received confirmation that a sim-swapper operating under the moniker 'Remi' has been arrested by Federal Bureau of Investigation.
Remi is being charged with 18 USC § 1343 (Wire fraud) and 18 USC § 1028 (Fraud and misuse of identification documents).
RansomHub ransomware group after they successfully exfiltrate data and ransom a hotdog stand (they're asking for $200,000,000)
Читать полностью…