40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
People asking me for the anime lore on this LiteLLM compromise.
I'll do it tomorrow. It's got some filler episodes, but they're still lowkey important for later references.
The first episode is kind of cool, it slows down, but then toward the end of the anime it gets crazy.
In extreme summary, nerds compromised a thingie, used it to compromise other thingies, used that to compromise other thingies, then did the big thingie with LiteLLM
It's a big cluster fuck because now you're like, what did they steal? Do they have access to anything else? How long is season 1 of this anime? It's wild stuff
Big news for Threat Actors
Windows 11 powering the Nuclear Power Plant
Nuclear Copilot
> malware analyst goes on x
> says supply chain attack failed
> everyone calms down
> supply chain was actually a success
> panic intensified by 150%
More information
https://www.theverge.com/news/899172/fcc-foreign-router-ban
> be cow
> cow, but online
> IoT? IoC
> Internet of Cow
> no security
> cows compromised
> cow botnet
> use cows for ddos attacks
> critical infrastructure taken down by cows
> hijack cow sensor
> tell cows to attack at dawn
> open front door
> 1000 cows pooping outside house
Hello,
Thank you to the many people who have given me malware to poke with a stick. Unfortunately right now I am extremely busy with a one year old and my work-work.
Between juggling a big stinky baby, my many malware development and research projects, work-work, malware archive stuff, and people requests to bonk stuff with a big stick, I am busy and with very limited time.
I will get around to stuff eventually... or I won't, I don't know. Whatever.
Pic unrelated
🚨‼️ BREAKING: Crunchyroll breached through outsourcing partner in India.
A threat actor exfiltrated data from Crunchyroll's ticketing system and also managed to pull 100 GB of personally identifiable customer analytics data.
We've analyzed sample data and it includes IP addresses, email addresses, credit card details, and more.
An employee of their outsourcing partner Telus had executed malware on his system, which gave a threat actor access to Crunchyroll's environment.
The threat actor told us the breach happened on March 12, 2026. Crunchyroll revoked their access after 24 hours.
They also said Crunchyroll is ignoring all messages and still hasn't publicly disclosed the breach.
Meanwhile in San Francisco: random startup nerd thinks he ran into CEO of YCombinator at Chipotle, was actually just some random Asian guy. Random Asian guy apparently goes along with it. CEO of YCombinator breaks the bad news
Читать полностью…
> be IT
> new hardware comes in
> need to image 2000 new DELLs
> protect kids from pedos law drops
> id verification at OS level
> enter my ID for 2000 PCs
> FBI raids office building
> everyone arrested
> everyone was using pc with my ID
> all arrested for identity theft
November, 2024 weight:
285lbs
129.2kg
March, 2026
226lbs
102.5kg
After my son was born I fell off the weight loss wagon due to sleep deprivation and exhaustion from baby stuff. I got back on it.
I feel a lot better since losing so much weight. Health and science and stuff
RIP Chuck Norris
I'll never forget all the goofy jokes you inspired
Malware defense stuff is pretty much just standing by the front door with a really big stick waiting for someone to walk in, bonking them on the head with it, and then throwing their unconscious body back outside ... forever and ever ... until you're dead or retire.
Читать полностью…
I wish I was joking. I didn't understand the political banter I saw on social media. I had to use AI slop machine explain it to me.
I didn't understand what the fuck the Levin guy was talking about and I didn't understand why the most liked repost was talking about the dudes military credentials. It didn't make sense in my dumb little brain.
tl;dr robot better human than me
To avoid confusion, I'm not positioning myself as like, the authority figure on who is an expert and who isn't an expert in cybersecurity.
My point is that cybersecurity tends to be very close and tight-knit and you would expect someone world-renowned to be immediately identifiable by someone else who works in the industry.
My post is meant to be funny and criticize TV people
Chat, I'll tell you one thing right now, this LiteLLM supply-chain attack is one big stinky mess.
No information has been released publicly (yet) on vendors impacted, but the stink I've been sniffing suggests this is very serious shenanigans and DFIR nerds are not happy
> be me
> crash out over LiteLLM supply chain attack
> get dm
> look inside
You are correct. It was a success. I apologize. I was wrong. You have indeed committed aggravated identify theft at an international level.
Whoa whoa whoa. Everyone CLAM down for a second.
Earlier today someone broke the news that there was a supply chain attack impacting LiteLLM which had over 97 MILLION installs. Initially it was reported the payload was vibe coded which resulted in the payload failing.
HOWEVER, this has been determined to be NOT TRUE. The payload was a SUCCESS. The payload failed in specific edge cases (currently unknown). The Threat Actor(s) managed to exfiltrate data from 500,000 infected machines (approx. 300gb of data).
I have confirmed this from three different sources. The initially news which is spreading all over social media is incorrect and this is actually a very big bamboozle.
They had one short, one opportunity, and did indeed seize it (but only failing in specific and unknown edge cases).
It's all over for LLM-dependency nerds. Also, in a bit of irony, LiteLLM is SOC2 certified by Delve.
This is very big shenanigans for a Tuesday.
Yesterday the United States government banned all non-US produced computer networking equipment from the United States over security concerns.
Network stuff currently in use can stay, however moving forward they must be produced in the United States or be given special approval ... or stop selling in the United States.
> download kali linux
> the mostest 1337 hacker tool
> super dangerous
> over 9000 hackinging tools
> can hack anything, even cows
> age verification at os level becomes law
> dont age verify 1337 hacker os
> arrested
Is hacking illegal and for nerds?
Leonid Radvinsky, founder of MyFreeCams and majority owner of OnlyFans, has died of cancer.
Читать полностью…
> wake up
> take a shit
> get out of bed
> baby screaming
> see whats wrong
> mad as hell cause hungry
> feed him
> hes eepy
> snuggle him
> headbutts face
> busts my lip
> ow
> calm down
> snuggle him
> rips glasses off my face
> bends my glasses
> laughs in my suffering
> get glasses back
> he shits his pants
> try to clean up
> angry at me because ???
> new fresh diaper on
> holding him
> slaps my face
> tries to put fingers in my nose
> put him down
> crawls to plants
> tries to eat dirt
> take away dirt
> mad as hell because wont let eat dirt
> calm him down
> shits pants again some how
> try to change him
> mad because ???
> rolls around bed
> poop stamps from ass cheeks on bed
> wrestle him
> calm him down
> new diaper again
> put him in walker to prepare breakfast
> runs over my toes
> ow
> pulls spatula off table
> chases dog around kitchen with spatula
> take away spatula
> mad as hell again
> pick him up to calm him down
> kicks me in testicles
anyway, thats been my sunday so far with a 1 year old
this is how i imagine ID verification at OS level working in enterprise environments. it haunts me (it makes me giggle)
Читать полностью…
Mildly Interesting:
Windows Defender 1.445.674.0 contains logic to detect malware designed to target "AIGen" threats.
It is titled "AIGen.Trojan.ClawHavoc".
Chuck Norris doesn’t read books.
He stares them down until he gets the information
Someone sent me a malware sample they found on Discord. I'll tell you one thing right now, Chat. StealIt is a colossal pain in the fucking ass to reverse engineer.
I was crashing out on Xitter for a second about it. This thing is soooo annoying. It is super evasive because of their GOD DAMN SEA BLOBS AND NODE JS BULLSHIT
Malware defense stuff is boring and I respect these AV and/or EDR nerds so much for working on this stuff.
I've spent the past few days really locking in on developing an ETW consumer and using the YARA static analysis engine in conjunction with it.
It is all documented. It is easy-ish to follow. It all makes sense. Even the more "hardcore" stuff like the kernel mode callback routines and minifilters are handed to you on a silver platter with tons of documentation and examples from Microsoft.
These AV and/or EDR nerds unironically have to spend their days monitoring microscopic potential edge cases for malware evasion and then making a tiny little change in code to account for it. If they don't account for this tiny little potential attack vector they're criticized and insulted endlessly.
Conversely, this tiny line of code they've added burns the hours of research I've placed into developing something.
tl;dr normie to big stinky nerd translator
I'm going to share something embarrassing, but this is true. I have found a good usage of AI (for me, at least).
I'm a big stinky nerd and I have a hard time understanding what people are saying to me. I am an extremely explicit communicator. I usually say exactly what I mean (for better or worse). I get very confused when people imply something, or lean heavily on emotional phrasing, to implicitly communicate.
I have been unironically using AI to explain what people are saying to me. I'll detail the conversation to the best of my ability if it was communicated verbally, if it was online I copy-paste my message and the persons response (or comment). The silly AI slop robot then translates what the person says into explicit communication for me so I understand better.
Basically, the dumb ass slop machine robot is better at understanding humans than me. Sometimes I have zero idea what someone is talking about or trying to convey.
Meanwhile in Brazil: Arch Linux has to suspend access from Brazil because kids could use Arch Linux, or something, and something about pedophiles.
I actually have no idea what the politicians are even saying anymore. It's all bullshit and it's fucking over FOSS.