40630
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Clarification post, previous post about Ubisoft lead to some confusion. That's my fault. I'll be more verbose. I was trying to compress the information into 1 singular post without it exceeding the word limit.
Here's the word on the internet streets:
- THE FIRST GROUP of individuals exploited a Rainbow 6 Siege service allowing them ban players, modify inventory, etc. These individuals did not touch user data (unsure if they even could). They gifted roughly $339,960,000,000,000 worth of in-game currency to players. Ubisoft will perform a roll back to undo the damages. They're probably annoyed. I cannot go into full details at this time how it was achieved.
- A SECOND GROUP of individuals, unrelated to the FIRST GROUP of individuals, exploited a MongoDB instance from Ubisoft, using MongoBleed, which allowed them (in some capacity) to pivot to an internal Git repository. They exfiltrated a large portion of Ubisoft's internal source code. They assert it is data from the 90's - present, including software development kits, multiplayer services, etc. I have medium to high confidence this true. I've confirmed this with multiple parties.
- A THIRD GROUP of individuals claim to have compromised Ubisoft and exfiltrated user data by exploiting MongoDB via MongoBleed. This group is trying to extort Ubisoft. They have a name for their extortion group and are active on Telegram. However, I have been unable to determine the validity of their claims.
- A FOURTH GROUP of individuals assert the SECOND group of individuals are LYING and state the SECOND GROUP has had access to the Ubisoft internal source code for awhile. However, they state the SECOND GROUP is trying to hide behind the FIRST GROUP to masquerade as them and give them a reason to leak the source code in totality. The FIRST GROUP and FOURTH GROUP is frustrated by this
Will the SECOND GROUP leak the source code? Is the SECOND GROUP telling the truth? Did the SECOND GROUP lie and have access to Ubisoft code this whole time? Was it MongoBleed? Will the FIRST GROUP get pinned for this? Who is this mysterious THIRD GROUP? Is this group related to any of the other groups?
Find out next time on Dragon Ball Z
To those who are non-nerds,
Yes, the situation is funny. (Un)fortunately in this scenario everything in game is now worthless because everyone has everything. What will most likely happen is Ubisoft will sigh, do a massive database roll back, or mass undo inventory stuff for players.
This isn't going to destroy their company or revenue. It will however annoy the shit out of them (leadership) and the developers because they're going to have to work to fix the issue during the holiday season.
My post is meant to be funny. I enjoy mocking the absurdity of the situation and poking fun at large companies who have oopsies like this.
Ubisoft executives when they hear the news someone has compromised Rainbow Six Siege and gifted $13,332,000 worth of in-game currency to roughly 30,000,000 active players, thus defrauding their company of an estimated $339,960,000,000,000
Читать полностью…
> wake up
> take a shit
> get out of bed
> push trash on desk into pile
> get on computer
> Rb6 hacked
> Tarkov people hacked
> MongoBleed dropped
> ???
Big drama on the internet today as several high-profile tarkov players had their account compromised.
Mass hysteria has erupted online. However, in an interesting twist of fate, the individual who claims responsibility for the compromises has come forward and explained how they exploited Escape From Tarkov's authentication system and effectively bypassed it.
The person responsible is (based on information they've provided) from Argentina. Their explanation is in Spanish. Here is the tl;dr and in English
"The Steam (OpenID) authentication system does not appear to be correctly validating the digital signature (openid.sig) or the response_nonce returned by the Steam servers. This allows an attacker to impersonate any user account simply by manually modifying the openid.identity and openid.claimed_id parameters in the return URL.
Vulnerable Endpoint example:
https://profile.tarkov.com/login/steam?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=id_res&openid.op_endpoint=https://steamcommunity.com/openid/login&openid.claimed_id=
Vulnerable Parameter: openid.identity / openid.claimed_id
Steps to reproduce (Proof of concept):
- Start a legitimate Steam login process.
- Before the page loads the profile, intercept or modify the Steam response URL.
- Replace the SteamID64 at the end of the openid.claimed_id and openid.identity parameters with that of any other user.
- The server grants access to the profile of the user whose ID was entered, without having gone through the real login process of that account.
The individual goes on criticism the game company for their lack of security. He says all Steam users are impacted, including game developers.
The person responsible shared photos as proof
tl;dr Tarkov devs are going to have to do big work over the Holiday break to patch this before things get worse
For malware analysts, or nerds who care:
Initial access script SHA256:
aa3a9ed1e3b21845a6a0dfd5cef12661becbdb738e2a78adecbb2421785795c9
Payload SHA256:
58ed7f9d65b10b2501e5d080217ae79cd0d88ae0d784896ceac67abda03ab3ed
Delivery domain:
mscfg[.]cfd
C2:
hov[.]kievholod[.]kiev[.]ua
t[.]me/gal17d
Oh. My. God.
Santa (a/k/a Cuzie13) was a little late this Christmas, but bro still delivered. We got malicious AI generated advertisements on Snapchat
tl;dr fake windows activation, running command shown executes malicious powershell script that downloads malware
Lots of confusion on TikTok today. Users are confused by this Hiphop pendant for sale
Читать полностью…
The Nigerian government put out a press release saying they partnered with the United States Federal Bureau of Investigation to perform a sweeping law enforcement takedown, and crackdown, on scammers and various other cybercrime things.
Pretty much no one cared, I don't even think the FBI cared. I can't even remember if it was Nigeria or a different county from that region.
Basically, it was a smaller country riddled with corruption and crime from both politicians and citizens. The entire comment section was people being skeptical of reform or OnlyFans spam.
iF sAnTa iS rEaL hOw cOmE hE doEsnT go To pOoR cOuNtriEs
Santa doesn't go to "poor" countries because he's several hundred years old and overflowing with CLASSISM.
He's real, but he is steaming with prejudice against the poor. He's a real jerk.
"To deliver gifts to every child, Santa must travel incredibly fast, roughly 4.7 to 5.4 million kilometers per hour (3 million mph), which is about 0.5% the speed of light, requiring him to visit ~1,900 houses per second, but using time zones and relativity allows for magical solutions, like stopping time or using multiple sleighs, otherwise, air resistance would vaporize him."
> travels 0.5% speed of light
> no fancy tech, just reindeer
> defies laws of physics
> visits 1900 homes per second
> no one knows how it's possible
> isn't instantly vaporized
I don't know if I want to share the unredacted documents because I haven't reviewed them. I don't want to expose a person who has been a victim of sex trafficking.
If you want to look more into it yourself, go down the rabbit hole here: https://www.reddit.com/r/law/comments/1ptlms6/some_epstein_files_can_be_unredacted/
There are objective truths and emotional truths.
Sometimes people will (intentionally or unintentionally) overlook evidence because they want a story to be true.
tl;dr dumb made up story, probably AI slop, regarded as true by people all across the internet because it "feels" true.
In November, 2025 there was widespread coverage of "hundreds" of stray cats infiltrating a Bitcoin mining facility in Inner Mongolia* and allegedly costing the Bitcoin mine owner several million dollars. The original author of the post included a photo of a dozen or so cats sitting on so-called cryptomining hardware machines.
This story is not true. There is a lot of evidence to support this.
- Story originated from a Facebook page titled, "StoryTime"
- "StoryTime" shares a lot of AI art
- No company stated
- No additional information provided other than strange photo of cats
- Inaccurate depiction of cryptomining facility (see subsequent images)
- Story doesn't make sense
- Cryptomining is banned in Inner Mongolia
The original post asserts cats have some how broken into a cryptomining facility in Inner Mongolia. There they remained undetected for weeks, "multiplied", and comfortably nested on cryptomining machines. Inner Mongolia has banned cryptomining because there is a desire to reduce their carbon footprint.
While it's technically possible for all of these things to be true, it would be outrageous for an illegally operated Bitcoin cryptomining facility to be unaware of "hundreds" of cats in their facility for weeks. It amplifies the absurdity when you consider that this Mongolian facility decided to photograph their illegal operation and exclusively share the details on it with an English-speaking Facebook page which does not typically discuss cryptocurrency.
The "news report" concludes by writing the Bitcoin mine owner "loves cats" so he purchased "several hundred" warming beds for the cats.
If you take a moment to consider what I've just written, and review the information provided, it's pretty obvious this story is fake. Unfortunately, this completely made up story ended up in semi-large cryptocurrency news websites. It was shared all over Facebook, Reddit, and X. I had a dozen or so people tag me and suggest I share it online and comment about it. Out of the millions, upon millions, of engagements the story received, only a very small minority of people questioned the validity of the story.
Image 1. The "cats" in the illegally operated Bitcoin mining facility in Inner Mongolia
Image 2. An actual photograph of a Bitcoin mining facility
Top 10 most popular posts in vx-underground history. #1 changes everything.
10. July 11th, 2025:
- Mocking United States government for poorly handling Epstein data
- 33,000 likes
9. August 2nd, 2025:
- Memeing UK government for poor tech policy
- 40,000 likes
8. May, 10th, 2024:
- C programmers watching Python programmers work meme
- 42,000 likes
7. July 29th, 2025:
- Criticizing UK government for poor tech policy
- 49,000 likes
6. July 19th, 2025:
- Crowdstrike bootloop incident meme
- 51,000 likes
5. October 5th, 2022:
- Insert commas into your password meme
- 56,000 likes
4. October 21st, 2025:
- Mocking OpenAI web browser
- 63,000 likes
3. November 19th, 2025:
- Being rude to Microsoft
- 101,000 likes
2. November 1st, 2025:
- Password manager meme
- 106,000 likes
1. December 23rd, 2025:
- Picture of a cat
- 114,000 likes (still climbing)
The data is present on a website titled annas-archive.
Читать полностью…
inb4 no backups, everything is actually cooked
Читать полностью…
Ubisoft executives when they learn some nerds gifted more than the entire United States National Debt ($38,000,000,000,000) to a bunch of stinky gamers
Читать полностью…
I'd like to take a moment to give a big shout-out to my baby boy. I'm so proud of him.
He has begun crawling, kind of.
When placed on the floor he is capable of spinning 360degrees. He is capable of doing some kind of weird worm like maneuver and move backward.
Moving forward crawling continues to be challenging. He hasn't realized yet he can use his arms to move forward. He only uses his legs. Hence, he rests his face directly on the floor and uses his back legs to push forward. Instead of crawling he just slides his face on the floor while simultaneously screaming at the top of his lungs.
He's just like me, for real.
Guess that Pokemon! It's...
Vidar Information Stealer! Yay! It uses Telegram, and some weird Ukrainian domain, as a C2. Yay! Free information stealer malware campaign payload!
Smash that download button, fam
Yeah, so pretty much I saw that dudes proof-of-concept and them writing "execute powershell in-memory" and went full autistic.
They meant "execute powershell without a script on disk", not "manually reconstruct powershell from scratch".
My dumb ass has been sitting here in the dark, on Christmas, reverse engineering Windows to be able to programmatically execute Powershell scripts in-memory (no script on disk, no spawning Powershell.exe), while also being as minimal as possible with dependencies and headers.
I'm at over 1,000 lines of code just getting the current CLR version (I'm dumb, don't do this, there is literally ZERO reason to do this)
Insert generic religious greeting and/or celebratory saying here
Insert generic family appreciation message here
Append generic photograph of religious thing which appeals to most demographics
December 21st, 2025, Vince Zampella, co-founder of Call of Duty, passed away. It has been confirmed by Electronic Arts and people closely associated with him.
Mr. Zampella tragically passed away while traveling at a high rate of speed in his 2026 Ferrari 296 GTS in Los Angeles, California, United States.
The incident occured at a location known as Angeles Crest.
Mr. Zampella exited a tunnel traveling at an estimated 105mph (169kph). It is suspected Mr. Zampella failed to anticipate the vision impairment which would occur while exiting a dark tunnel back into regular daylight, hence temporarily blinding and/or disorienting his vision.
Mr. Zampella was unable to see the sharp turn approaching, failed to decelerate, and crashed into a barrier.
Several bystanders recorded the incident. Per video evidence, Mr. Zampella's Ferrari immediately compressed inward, similar to an accordion, due to the high rate of speed. The car immediately became engulfed in flames.
Per police records, Mr. Zampella had a passenger in the vehicle. The passenger has not been identified to the public.
The Mr. Zampella was pronounced DOA (Dead on Arrival) by medical first responders. Per police records, Mr. Zampella was trapped inside the vehicle while it became engulfed in flames. It is unknown if Mr. Zampella was conscious or not while it occurred. Police scanner archivists (people who actively listen and discuss police radio conversations) documented first responders as stating "the driver is burnt to a crisp". The driver was later identified as Mr. Zampella.
The unknown passenger was ejected from the vehicle. Per police reports, the passengers lower torso remainder in the vehicle from his vehicle compressing inward, while his upper torso went through the windshield of the vehicle. First responders documented the passenger had "effectively amputated his legs". Bystanders dragged the unknown passengers upper body from the flames and made an attempt at saving his life. Bystanders attempted to use a seat belt from a bystanders vehicle as a tourniquet to prevent the person from bleeding to death.
The unknown passenger was transported via helicopter to a nearby hospital due to the severity of his injuries. He was officially pronounced deceased at the hospital.
Mr. Zampella is survived by his three children
Oh yeah? Santa isn't real? Then who comes down the chimney, eats the cookies, and gives the carrots to the reindoor?
You seriously think nearly every person on the planet is hiding the truth and is involved in this conspiracy?
Uh huh, sure. Santa non-believers make me SICK
This is the internet of the future.
Slop ChatGPT reply with slop OnlyFans spam replying
Is the United States government ran by a bunch of fucking morons?
People on BlueSky discovered that some of the Epstein documents were visually redacted but remained selectable. In other words, using Python you can un-redact some of the Epstein files.
It's a beautiful thing seeing the most liked post in vx-underground history be a silly picture of a kitty cat.
Читать полностью…
AI companies seeing 300TB of music "archived" publicly
Читать полностью…
Spotify confirmed today an unknown group of individuals, who describe themselves as activists, have programmatically scraped Spotify and copied 300TB of music off their platform.
https://www.billboard.com/business/streaming/spotify-music-library-leak-1236143970/