40630
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
I made a joke about asking Copilot to encrypt my files. Then I got curious and looked into if Copilot can launch files (it can). I've been able to pipe input directly to Copilot using COM, it's very silly (SendMessage doesn't work on it, it's their new fancy UI bullshit).
Читать полностью…
As a person who understands privacy is important I recommend all of my friends, family, colleagues, and followers to use ZORP: SAFER INTERNET VPN
1. It is FREE
2. It is ZORP
With a simple click of a button you're ZORP
(dont use this, this is satire*)
https://play.google.com/store/apps/details?id=com.github.zorp
BREAKING: Trump administration interested in purchasing Greenland.
Trump allegedly considering giving all Greenland residents:
- 1 year subscription to Crunchyroll
- 3 months of Discord Nitro
- Password to his Netflix account
- Raffle for TV
Just came up with a TRILLION dollar tech startup idea.
Microsoft Copilot for Microsoft Copilot
We put Copilot on Microsoft Copilot so Copilot can Copilot when you're using Microsoft Copilot to make Copilot easier to Copilot
Satya Nadella, call me bro let's get rich
My friend IceSolst has been doing incredibly dangerous research. She has enumerated EVERY version of Microsoft Copilot.
Viewer discretion is advised.
- Microsoft Copilot
- Microsoft Copilot Pro
- Microsoft Copilot Business
- Microsoft Copilot+ PC
- Microsoft Copilot Chat - Powered by WorkIQ
- Copilot Pages
- Copilot Studio
- Gaming Copilot
- Copilot Voice
- Copilot Labs
- Copilot for Windows
- Copilot in Bing
- Copilot for Microsoft 365
- Copilot for Word
- Copilot for Excel
- Copilot for PowerPoint
- Copilot for Outlook
- Copilot for Teams
- Copilot for OneNote
- Copilot for Loop
- Copilot for Sharepoint
- Copilot for Viva
- Copilot for Sales
- Copilot for Service
- Copilot for Security
- Copilot for Finance
- Copilot for HR (in Copilot for HR)
- Azure Copilot
- GitHub Copilot
- GitHub Copilot Chat
- Copilot for Microsoft Defender
- Copilot for Entra
- Copilot for Intune
- Copilot for Purview
- Copilot for Edge
- Copilot for Designer
- Copilot for Clipchamp
- Copilot for Photos
- Copilot for Dynamics 365 Sales
- Copilot for Dynamics 365 Customer Service
- Copilot for Dynamics 365 Marketing
- Copilot for Dynamics 365 Supply Chain
- PayPal Microsoft Copilot [NEW]
Microsoft is offering 43 different versions of Microsoft Copilot
Chen Zhi, that dude who made like, $75,000,000,000 from cryptoscamming and stuff, was extradited from Cambodia to China.
The Chinese government released footage of his arrest & are treating Chen Zhi like he's Bin Laden
Dawg, the Chinese government is going to KILL this guy
The video game was real, like, an actual porno video game thingie. It was just laced with malware.
More information: https://asec.ahnlab.com/ko/91835/
It's incomprehensible to me that Mr. Zhi was quite possibly one of the wealthiest people in the world from his crimes.
He had everything you could ever want. He was unfathomably wealthy, yet he still continued his scam empire.
It doesn't even make sense in my head
I unironically never imagined nerds would install Chrome Extensions to ... help you LLM from your web browser ... ? tf
https://www.ox.security/blog/malicious-chrome-extensions-steal-chatgpt-deepseek-conversations/
> get dm
> open
> "hey smelly, i wanna thank you. i found vxug when i was 14. youve taught me so much over the years. your website helped me with school and getting a job"
> click profile
> says 20 years old
> realize vxug is 6, about to be 7
> mfw the kids growing up on vxug
New research thingie.
Stupid callbacks
https://malwaresourcecode.com/home/my-projects/proof-of-concepts/stupid-callbacks-for-malware-evasion
Everyone sobbing and crying over the Razer Project AVA 3D Anime Waifu Hologram companion is being a big baby
The device Razer is selling requires a connection to a Windows device over USB. Hence, this device requires (in some capacity) drivers (kernel mode components). What I suspect (pure speculation) is when you purchase this device you'll need to install a Razer service (program running constantly) which will run as a service (Windows service, SYSTEM-level authority) somewhere on the machine. I suspect a user-mode component will be displayed which allows you to configure your 3D Waifu thingie.
I am profoundly curious what this looks like under the hood. "Hologram" technology aside, I want to look at the user mode components, the kernel mode components, the network requests it makes. I want to know what it's written in. Python compiled to .exe? Is it an Electron app (common now)? C/C++? Trendy and hip in Rust?
I am also deeply curious on the pricing model they push.
This (in my opinion) is a really interesting piece of technology. I really, really, really want to poke it with a stick to see how it works internally. What happened to nerds being curious and excited about stuff? Jesus
HOLY SHIT. Razer has demoed Razer Project AVA, a 3D Hologram AI companion.
Dawg, it's a fucking AI HOLOGRAM DESKTOP WAIFU
Dawg, if you've received a fake letter in the mail from someone impersonating the government, and it's got a USB stick in it, that's a fucking bomb (probably not, I don't know)
Читать полностью…
I love Microslop
Copilot is enabled by default in the Microsoft Word 365 Copilot App. You have to go to settings and disable Microsoft Word 365 Copilot App Copilot
mfw I realize you can use C++ WINAPI COM IUIAutomation to communicate with Copilot directly and tell it do things like "execute this file" (Copilot is now Copiloting my malicious payload)
Читать полностью…
BREAKING: The 44th and 45th version of Microsoft Copilot has been identified.
Copilot for PowerBI
Dragon Copilot
Was Donald Trump trying to warn us?
The more I look into Chen Zhi the more my head spins. This guy was CRAZY
I would have to write a MASSIVE document on this guy to explain everything.
- Owned a BANK
- Owned a series of hotels and apartments
- Owned a series of casinos
- Owned a series of supermarkets
- Owned cryptomining facilities
- Owned a bunch of cigar stuff
- Owned a water purification company
- Had offices in the United States, United Kingdom, South Korea, Japan, China, Cambodia
- Thousands of employees
All of this was fueled by him doing HUMAN TRAFFICKING of women (including minors) to perform sextortion and scamming for cryptocurrency. The United States asserts he had as many as 100,000 SLAVES. His scamming was making (at its peak) $30,000,000 a day ($10,000,000,000 a year).
He won numerous awards for his businesses. He was friends with political elite in China and Cambodia. He was named a "Lord" in Cambodia. He was praised for his philanthropy.
The United States government tied his organization to torture and other violent crimes. He was responsible for a "cartel execution and brutal murder" of a 25 year old man. He worked with "14K Triad" to manage casinos and slaves where he worked (in some capacity) with their leader "Broken Tooth" for stuff surrounding prostitution, murder for hire, human trafficking, drug smuggling, etc.
His bank had assets of over $1,000,000,000. He had a series of apartment complexes and resorts that invested over $10,000,000,000 into. He purchased a large portion of cigar stocks, investing over $1,500,000,000. He donated over $2,000,000,000 to various places in Cambodia.
In 2025 the United States seized his BTC worth $15,000,000,0000. The estimation of all of his assets, crime, employees, etc. passes $75,000,000,000, possibly higher.
He had a collection of super cars, yachts, mansions....
- Copilot for HR (in Copilot for Viva)*
Sorry, I saw "Copilot for ____" so many times my head started spinning.
- Black bag over his face
- Private flight to China
- Surrounded by armed guards
- Arms and legs shackled
- Private bus of armed guards
He is so fucked bro, he's going to magically "disappear".
Lots of discussion by more traditional mainstream media outlets discussing the Chinese government allegedly compromising United States government official e-mails.
Non-nerds going full panic schizo mode.
For nerds: they're discussing Salt Typhoon
This isn't really a surprising compromise, in my opinion (if even true, I haven't seen an official write-up yet). The Chinese government (or rather, their state-sponsored contractors who do their bidding) have done things like this before in the past. Salt Typhoon is discussed damn near everyday.
I don't follow Chinese state-sponsored stuff too much, so I'm out the loop (it's for nerds), but Salt Typhoon has been a menace for a few years now. If you do a simple Google search of "Salt Typhoon" you'll see a massive list of everything they've done.
I'm in the United States. I love my country.
With that being said, if you're curious, you should take a moment to search "APT-Q-95". APT-Q-95 is (allegedly) the United States government and (allegedly) has performed several high profile compromises (allegedly). These (alleged) high profile compromises include the Chinese military, Chinese think-tanks (allegedly), and universities (allegedly). APT-Q-95 (allegedly) uses novel Microsoft Windows 0days (allegedly) which the Chinese government assert the United States government (allegedly) told Microsoft not to patch (allegedly) so the United States government could (allegedly) easily compromise high-profile Chinese targets (allegedly).
The United States (allegedly) performs hack-backs against the Chinese government. Although, the United States government asserts they're innocent. Likewise, the Chinese government asserts they've never compromised the United States and they're innocent.
Meanwhile in South Korea: AhnLab (South Korean cybersecurity company) warns people about pornographic video games spreading malware.
1. How popular was this game to make a cybersecurity do an official write up?
2. I don't know Korean, but this is probably degenerate stuff
The Cambodian government has arrested and extradited Cambodian and Chinese duel-citizen Chen Zhi back to China for his alleged cryptocurrency scam empire.
Chen Zhi is also wanted in the United States for his crimes.
According to the Cambodian government, and United States government, Zhi acted as a Founder and Chairman of a luxury real estate conglomerate in Cambodia. However, it is alleged this was a money laundering front and Zhi was a scamming kingpin.
According to the United States government Zhi was scamming at a mass scale, stealing as much as $30,000,000 in cryptocurrency a day.
In October, 2025, the United States seized over $15,000,000,000 from Zhi. He was summoned to court but never appeared.
The United Kingdom government seized Zhi's $15,600,000 mansion and $130,000,000 office in London
The Taiwanese government seized dozens of luxury cars totaling over $130,000,000, such as Bugatti's, Lamborghini's, and Ferraris.
The Hong Kong government seized $353,000,000 in cash, stocks, and bonds
The Singapore government seized Zhi's yacht, and various other assets, totaling $114,000,000
It is believed Zhi's scam empire stole as much as $75,000,000,000 in cryptocurrency.
Some nerds made a fake LLM AI slop Google Chrome extension. It barely worked, stole your stuff from ChatGPT, Claude, etc.
It got so popular with LLM nerds it got featured on the Google Chrome extension store place thingie
600,000 LLM nerds had their shit stolen. It's all ogre
Archived post, thing, on reverse engineering Microsoft Copilot
https://malwaresourcecode.com/home/my-projects/write-ups/some-quick-notes-on-microsoft-copilot
When everyone was crying about Copilot on Windows, I didn't see anyone (to my knowledge, I dunno) actually try to poke it with a stick to see what it was doing under the hood. I poked it and people read about it (and got some super cool feedback too). What happened to your curiosity? Why is everyone so fucking grumpy now? It's interesting stuff, dawg.
Читать полностью…
Dawg, the split second I saw I could have that niche Japanese internet celebrity lady living in a fucking jar on my desk, I immediately pre-ordered this fucking thing
Читать полностью…
The unfortunate reality is that I know dozens of people who have tried to notify vendors, or government agencies, of vulnerabilities or potential problems. For reasons I do not understand, sometimes things are brushed aside, or forgotten, or mishandled, and nothing is resolved.
Interestingly, and for reasons I do not understand, if they (the person who found the potential problem or vulnerability) notify me of the problem and I make a post on social media about it (to nearly 400,000 people), suddenly the issue is far more important and it is magically resolved.
I hate to say it, but sometimes you kind of have to bully and/or shame places into fixing things. I don't necessarily blame the security teams, I think it is a bureaucracy issue and/or management issue.
No, Ubisoft was not compromised from their "anti-cheat".
No, Ubisoft was not compromised by a rogue agent.
No, Ubisoft was not compromised as a result of a Threat Actor infecting an employee with information stealer malware.
Ubisoft technically* wasn't "compromised" (hacked) in the traditional usage of the word. I can't go into too much detail, because I don't want my knee caps broken with a baseball bat, but the event we all witnessed was the result of API abuse
In simpler terms, nerds discovered an exposed API endpoint (computer where instructions are sent to) and abused the poop out of it. This endpoint received commands for all sorts of stuff (bans, credits, etc). Normally another program sends instructions to this endpoint.
Under normal conditions, this endpoint requires authentication with a "key" (instead of using a username and password), but nerds ... sort of ... found a way to bypass the API key requirement. I'm using the word bypass here extremely liberally. What happened was extremely silly.
Ubisoft is aware of what happened. They're not dumb. The fix for the issue they're encountering is kind of a pain in the ass to fix, it'll take some time, I'm not surprised nerds managed to metaphorically kick in the door (abuse the API endpoint) again.
Ubisoft itself was not compromised. No employee data was stolen. No customer data was stolen. Nerds basically beat Siege servers with a stick until it did stuff.
It should be noted that each vendor, or government, releases research which is tailored to them or their audience.
As you could probably assume, Microsoft rarely discusses MacOS malware.
Another interesting quirk is each vendor tailors research to their region. Vendors in China or Russia will discuss threats to the country they reside in. Hence, you can get unique insight into what is targeting countries outside the United States or NATO.
Believe it or not, while the United States says Russia and China launch offensive cybersecurity operations, China and Russia also accuse the United States (and allies) of targeting them as well! Strange stuff!