14365
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Oh, it's UK underground, the font is just weird.
Font is illegal and for nerds
Use TorGuard VPN.
I didn't have to append this is this post, but they're our hosting provider and the owner uses his company resources and time to collect cat pictures with us.
Anyway, let that echo in your head tonight when you're trying to sleep. 2007 was 18 years ago.
Читать полностью…
For those young ones reading this: XChat is an IRC client
For those young ones reading this: IRC is kind of like Discord, except way slimmed down, way less features but way more flexible and you can host a server yourself
If we got $1,000,000/yr (never will happen), vx-underground would transcend space and time, pull malware from the 4th dimension — we'd be producing malware content like we were in the Dragon Ball Z hyperbolic time chamber
Читать полностью…
According to USASpending, MITRE has received approx. $1,500,000,000 since 2008 from the United States government.
We could survive approx. 30,000 years with that much money 😂😂😂
Hold up — let 4chan speak. They're onto something here
Читать полностью…
Here is what's going to happen
SoyJak nerds will meme 4chan mods for awhile. In the midst of it YouTubers will make videos discussing it (MoistCritical, MeatCanyon, TurkeyTom, etc).
Then in like, a year, it'll kind of be back to normal
This random document fell off the back of a bus. Weird.
This random document which randomly fell off the back of a bus (randomly) says MITRE is no longer supporting the CVE program as of April 16th, 2025. Which is crazy, because this random document is dated April 15th, 2025.
tl;dr nerds from /qa/ raided /lgbt/, mods got irritated, shut down /qa/. Nerds migrated to SoyJak Party instead.
SoyJak Party nerds discovered 4chan was using a dangerously outdated version of PHP and compromised the site. They were able to get access to virtually everything on the site. There is a thread on SoyJak Party about it
Drama escalated when moderators were discovered using emails as firstname-lastname with a .edu because it made it very easy for SoyJak Party nerds to find and meme 4chan moderators.
Drama only intensified more when SoyJak Party nerds memed and forged fake .gov email's into the 4chan moderator images shared. It result in hysteria as conspiracy theory nerds went off the deep end.
tldr tldr nerds raid some gay place, mods get mad, nerds go ballistic and all hell breaks loose
We have discovered the krabby patty secret formula for making people give a fuck about cybersecurity research and news.
If you make a brief post explaining what has happened, or what a paper and/or code is doing, it will be ignored — even if you share a link.
However, if you make a post explaining what has happened, basically spoon feeding the subject or paper to the readers, your engagement rate will skyrocket.
SOME of you are really, really, REALLY lazy and can't be bothered to click a link. You want the information hyper-compressed and delivered on a golden-plate with little rose petals and cool and badass cat pictures.
Hello,
For several years we've had people ask us something along the lines of, "what's your favorite paper?". Well, today I've begun putting together a "Best Of" list.
This isn't a complete list, I'll add more later.
https://vx-underground.org/Best%20Of
In 2024, 2 security researchers discovered a flaw in Bubble-dot-io, a self-described AI-based app development and publishing service.
Upon discovering the vulnerability, these 2 researchers notified Bubble. Unfortunately, for whatever reason, this fell on deaf ears.
These individuals subsequently did a talk on the vulnerability, published a proof-of-concept, and even wrote a paper on it. The code and paper show how easy it is to compromise websites and/or applications on Bubble. Despite all of this, Bubble still did nothing.
These 2 individuals then contacted me to request I relay the message loud and clear: you need to fix your software immediately.
In essence, this exploit allows the execution of arbitrary requests to the applications Elastic search which allows data dumping and/or exfiltration.
The applications encryption workflow is performed in the front-end, because Bubble-dot-io uses fixed IV's (shared between ALL clients), exploiting Bubble-dot-io is possible due to the creation of arbitrary payloads by abusing the recovery keys.
All tables can be dumped, including custom tables defined as "custom.(table_name)".
Furthermore, it's possible to attack other clients from Bubble-dot-io because the application does all hosting internally (shared).
- Cryptography keys do not rotate, hence an attacker can reuse the same keys in new Elastic searches
- Timestamps are not verified
- Attackers can enumerate customer subdomains by fuzzing *.bubbleapps-dot-io domain, making identification of targets easier
- If domain doesn't match target, response header will return correct target in 'X-BUBBLEAPP-NAME'
Please note the time date stamp in the attached images.
See subsequent post for link to paper and proof-of-concept.
We've got a 0day exploit.
The 0day impacts an organization which provides managed services for Danone, SeaGate, Unity, Shopify, Paramount Pictures, HubSpot, Amazon, PWC, Yamaha, L'Oreal
The exploit was reported, but the vendor ignored it.
Chat, do we drop a 0day on a Friday?
Someone found this in an antique store today.
Before us there was another vx-underground (apparently) and they were also cool and badass
Hello, how are you?
tl;dr doing stuff
Right now we've got 250GB+ of new malwares we need to push. We're in the process of syncing it, making local backups, etc. We also temporarily stopped migrating virus-dot-exchange, but it's still on the todo list.
As many of you have noticed, updates on things have been volatile and shakey. I greatly miscalculated the difficulty of preparation and deployment of mini-human. I had thought, to some degree, it was an exaggeration that it would require a great deal of effort — it turns out the entire planet (past, and present) was not lying.
Despite the deployment of Smelly Smellington Jr, the general plan will be as follows:
- Continue daily ingests and malware sample distribution from petikvx, JaffaCakes118, and Neiki__. These 3 act as the back bone of our malware ingestion cycle.
- If or when _BradleyVX returns from his family duties: continual archival of The Old New Thing, cat picture collection (semi-joking), and his work on malware collection. Bradley has primarily been responsible for the malware family collection and he will continual doing so.
- Cryakl will continue working on the malware builder collection. Cryakl has done an excellent job ensuring we're up-to-date on malware builders historically and present...ly (?)
- f0wlsec will continue his work on the APT malware samples and papers collection. If you do not see an update in a significant period of time, feel free to poke him with a stick.
My request to anyone who reads this: PLEASE do not hesitate to contact me (or whoever) regarding malware papers (reverse engineering, development, history, whatever). Even if the paper doesn't make it into the collection it is super-duper appreciated when someone notifies us of a potential paper. It makes my life so much easier. If you've written a paper for yourself, or your group, or your company — DON'T hesitate to notify me (or whoever in our group) so it can be archived.
How to send us a paper: literally just send the link on Discord, Twitter, Telegram, e-mail. That's all you have to do. If you send me enough cool stuff maybe you can take my job and be given a pretty staff sticker and I can focus more on other administrative tasks.
Anyway, i'll be AFK. You'll see a spike in silly posts and cat pictures. If this upsets you, I don't know bro, we're busy and this is all for free. You gotta deal with it for awhile.
Love you
- smelly smellington
People who are 18 years old, as of 2025, were born the same year as the release of Halo 3 — the same year the original iPhone was released when Steve Jobs was alive.
The people you will be interviewing in the next couple of years do not know a world without smart phones.
X employees shared online they're rewriting the X DM system and naming it 'XChat' — which is strange because I recall using XChat sometime in the late 90's, or early 2000's
Читать полностью…
If we had $1,000,000/yr, Bradley and I would travel to Russia to physically meet Lockbit in person and challenge him to a Yu-Gi-Oh duel to end his operations
Читать полностью…
We've been surviving for almost 6 years by begging nerds for spare change, sucking the dicks (and clits) of small business owners, and praying X payouts give us more than $50/month
For $500,000/yr we'd be a fuckin' MALWARE REPO MACHINE (3,000 years to spend $1,500,000,000)
Hi,
We've archived the MITRE CVE database. The CVE DB is free and open source on GitHub. However, we're providing a backup location for the data. We doubt it'll magically disintegrate in ash, but if it does we have a copy.
https://vx-underground.org/Archive/CVE
MoistCritical will probably name it, "The 4Chan situation is crazy". He'll open the video with a weird reference to semen, erections, or anime, then say "I'm not an expert on the subject". It'll conclude with "That's pretty much it, see ya".
Читать полностью…
what do u mean a website historically used for memeing and trolling forked and the memesters and trollsters decided to meme and troll?? how could this have happened???
Читать полностью…
BreachForum domain not seized. I misread something from my daily drama nerds cycle I go through.
BreachForums is offline — nerds speculated it will be seized. Or maybe it's just infra problems, or something.
No one knows anything. I can't read
4chan compromised by SoyJak Party people over some conflicts with raiding LGBT image boards — databases dumped, emails leaked, source code leaked
BreachForums domain seized
It's Tuesday
Hasherezade just unveiled another process injection method. There are probably 20 or 30 different process injection methods now, and nerds are still using CreateRemoteThread like it's 2005
Читать полностью…
"North Korea has ceremonially opened its first computer club — with Kim Jong Un himself attending the event.
Now, North Korean hackers will be able to comfortably steal billions of dollars from “Western capitalists” for their leader." — Nexta TV
... Based and/or cyber criminal pilled?