40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Did your slop Python script accidentally transfer $10,000,000 to a stranger?
Did your vibe coded app accidentally leaked 300,000 peoples phone numbers, e-mail addresses, and passport?
Don't worry, fam. The folks over there at ... Corgi ... now provide AI insurance.
I also got a shit load of DMs but I don't have the willpower to read and reply. Some of you write GIANT messages and it makes my brain hurt (I'm dumb as hell)
Читать полностью…
> new cpanel cve thingie
> proof of concept released
> neat
> check on internet degenerates
> tons of united states gov thingies compromised
> tax places compromised
> another day of internet schizophrenia
CVE-2026-31431 a/k/a CopyFail
> Linux LPE
> Description sounds like AI slop
> Exploit is legit
> Impacts every Linux kernel from 2017 - Now
> Proof-of-concept released
> It's Wednesday?
https://copy.fail/
Hello,
If you're one of the many little people who lives inside my phone, and enjoy malware, I have good news: I have more malware for you.
The bad news is I forgot to sync the update log. I'll do it tomorrow, maybe later tonight, I don't know.
Pic unrelated
Telegram nerds, I've decided this Saturday I'm going to make Windows posts and see how Linux users on social media react.
Will they rage? Will they get the joke? It's science
I made an intentionally hyperbolic joke poking at all of the Linux posts on social media, some people were not happy about it
Here is what I've learned:
- I'm stuck in the clutches of Windows
- Linux is about freedom, or something
- My Mom
- I don't do anything technical (anymore?)
- People are tired of my whining
- I'm mad
- I'm a Winblows cock sucker
- I'm on a computer
Chat, do NOT tell Linux users to build a computer in the forest with a hatchet.
> be malware
> try to be evasive
> "I know! I'll put in backup domains!"
> "I'll also put in fake domains!"
> "It'll be brilliant!"
> "This strategy will bypass everything!"
> Look inside
> 4786 DNS requests
Wow, so subtle bro
Meanwhile in Bug Bounty:
AI slop bug reports overflowing vendors. Vendors can't handle the slop. Slop code, slop exploits, and slop write-ups result in vendor exiting program.
AI slop is choking Bug Bounty
Hello everyone,
I see your DMs and stuff. I'm sorry I haven't replied.
I've been experiencing a deep burn out. I have been struggling to juggle vx-underground, a 1 year old, and work. I under estimated the cognitive load a 1 year old would require, it is significantly more challenging than I initially anticipated.
I am behind on basically everything. I am struggling to keep my head above water. I don't possess the energy to do much.
Also, I've seen some people be like, "pffft, you THINK ONE KID IS HARD? Trying having N!".
Okay pal, it's not a contest. I get it, you're cool and badass and I'm soft blooded. I'm trying my best.
Anyway, sorry for all the slow stuff. I'll bounce back eventually, as I always have.
Love you
- smelly
I am so incredibly tired of hearing about AI
Everytime I look up anything cybersecurity related it's all a big ass fuck off circus discussing AI
It's not even like, an explanation on AI, or some sort of deep dive, or nuanced perspective. It's all superficial and more akin to a sales pitch than an actual discussion topic.
O gracious Lord, if Thou hearest me, pray let this great uproar be stilled.
What are you going to do? Can't do ClickFix on a FUCKING SQUIRREL to make him leave your house
Читать полностью…
Normal programs are like straight-A students who go to church on Sunday and respect their parents and elders.
Malware is like the kid who skips school, smokes marijuana, and has pre-marital sex.
Malware is BAD. Malware, not even once
Here's the thing no one wants to tell you about AI:
1. It's the worlds largest Python script
2. It runs on Linux, Windows Defender slows it down
3. It uses lots of numbers (nobody knows why)
4. It requires a bunch of GPUs (for gaming)
5. No, you can't have sex with it
I've been extremely busy. Haven't been able to malware as much.
Here is what I saw:
- Linux security nerds big angry at some dude named Eric because he has been ignoring security things, or something, I don't know. Some drama about CopyFail and some Android stuff
- cPanel CVE destroying normies, botnets, compromises, spam spamming stuff
- Google not wanting to bug bounty as much because of AI slop. Bug bounty nerds throwing hands everywhere
- A bunch of nerds arguing about the WeezerOSINT guy, saying he's a criminal, others saying he is cool and badass
- A bunch of nerds angry at the Lunduke guy
- Will Dormann going ham sandwich on CopyFail
- More updates on those dorks who were in ALPHV but also cybersecurity negotiation people, they're cooked
- 15 year old arrested for cybercrime in France (stuff with Breached, I guess, I don't know).
- Everyone yapping about Fast16 still
- China tests spooky deep sea oceanic internet cable cutter thingy
- More NPM malware
- Apple Claude md thingie oopsie doopsie
Did I miss anything?
One of the most frequent questions I'm asked is "how do you stay up to date on malware stuff?"
Okay, here is a pro tip:
1. Google OTX AlienVault
2. Make account
3. Look at latest
4. Scroll until you find posts from a guy named Petr something-something (has numbers in his name).
4. Follow his account
He monitors all the big malware places and shares the URL, hashes, etc. from malware vendors. I've been following this random ass dude for years and getting updates on everything.
I have no idea who he is. I don't know where he's from. All I know is his setup is absolute fire and he keeps you up to date on literally everything malware related 24/7 365. He also has stuff from vendors in China, Russia, Japan, etc.
Every morning I log into OTX and check up on my boy Petr to see what fire he's bringing me. I love him.
Just got done talking at Georgia Institute of Technology.
I was introduced to a bunch of cybersecurity students as "cybercrime TMZ", a person who "collects pictures of cats", "fills computers with mayonnaise", and discusses things with "Dragon Ball Z" references.
On paper this shit makes me look like a lunatic.
The entire room was dead silent as I vaped and spoke schizophrenic nonsense.
Chat, I DO NOT think they'll be inviting me back
Toronto Police launched Project Lighthouse in November, 2025 after police were tipped off about an unknown person(s) operating an SMS Blaster in downtown Toronto.
Watch the video for an actual explanation. The fancy Detective lady gives a run down on what happened.
tl;dr three chinese dudes some how built a custom made portable cell phone tower thingie in a van, drove around toronto with it. peoples cell phones automagically connected it to (its literally a cell phone tower thingie). when a cell phone connected to their portable cell tower thingie it would automatically send the connected phone a text which appeared to be from their bank or somewhere important. they interupted real cell phone towers 13m times lmfao. they were trying to steal passwords and stuff. no details released on how three random nerds managed to do this
Now we wait and see.
https://x.com/vxunderground/status/2048126003185172890
This is why it's important to NEVER use Linux. Linux is ILLEGAL and for NERDS. Use Windows, enable ALL telemetry, and use Copilot. It's the only safe option.
Читать полностью…
I'm so tired of all the Linux larps bro
Nobody gives a fuck that you use Linux. It's just an OS bro.
Want to impress people? Go into the forest with a hatchet and make a computer from dead insects, tree bark, and your feces
OS?
Windows 11
Browser?
Chrome
Password Manager?
Passwords.txt
Antivirus?
Defender
VPN?
Nord
All telemetry features enabled to improve the products listed.
I need to scream into the void of the internet. I don't expect any of you to give a shit. I just want to share an observation I've had.
Since I've had a kid I've noticed some parents unironically ego others about their children. I'm not sure what it is, maybe it's some sort reflection of their personalities, but I think it's super fucking weird.
Like, my son was an objectively large baby. He was born in the 100th percentile, meaning he is statistically larger than 100 percent of babies. This doesn't mean he's destined to be a freak athlete, it doesn't mean he's going to be walking giant, it means almost nothing because the cause of large babies is either the Mother is diabetic ... or it's genetics. In our case it was genetics. It's totally possible he will be large now and by the time he's 10 he will be BELOW average. The size of a baby at birth doesn't reflect anything about their future.
When I tell someone my son was born large, I'll always have one person interject and say something akin to "MY SON WAS BIGGER" ... even though I know they're lying or exaggerating.
Alternatively, I'll say something like, "I think my son is doing really good, he eats a lot". Suddenly some parent will be like "MY DAUGHTER EATS MORE. SHE EATS EVERYTHING".
I've seen parents blatantly LIE about their children's abilities. I've had parents tell me their children began walking completely unassisted at 5 months old. That sort of development is virtually impossible. Babies at that age do not possess the coordination skills to walk yet. LITERALLY their BRAIN isn't physiologically PREPARED for movement of that sort yet. Early-early-EARLY walking babies is like, 7 months old. However, this is freakishly rare, it's an anomaly.
I've seen parents exaggerate or lie about:
- Height
- Weight
- Eating habits
- Coordination
- Intelligence
- Learning speed
- Academic skills
- ???
It's a really, really, really weird one-up thing with their children. I have no idea why people do it.
I've also noticed some parents AGGRESSIVELY try to shove their ideas down your throat and assert THEY ARE right and YOU are wrong about literally anything.
It's the weirdest shit bro. I get it, you love your children and you're proud of them, but they turn it into a competition. God damn
I'm a big fan of old ass shit discussing religion. I'm an Atheist, but I respect the impact religion has brought to this planet and how it's shaped our culture.
I've been reading and researching the Divine Comedy (Dante's Inferno, Purgatory, and Paradiso). I initially began reading the original text (closest possible English translation) but it was really, really, really challenging. I didn't know what the fuck bro was yapping about.
Part of the issue is weird grammatical structure and archaic vocabulary, but also the pop-culture references from the year 1321 (release date, but technically was written much earlier, whatever).
I decided then to find a book that has "updated" verbage and a break down of what's actually being discussed. I ended up settling on "The Inferno" by John Ciardi
Ciardi and others spent years translating the original poem. He and his colleagues traveled to Italy and met with Italian historians and academics to break down the text further to really emphasize the "pop-culture" references and demystify what Dante Alighieri was yapping about.
As I was trying to find a book to read on it, I found dozens of AI slop "books" on The Divine Comedy. The introduction unironically contains shit like, "Why The Divine Comedy Matters" and uses arrows to break down segments.
AI slop in a book for sale makes me physically sick to my stomach. John Ciardi and others spent years of their lives working to convey the literature masterpiece the Divine Comedy is, and some fuckin schmuck tries to AI slop it and sell it on Amazon.
I hate it so much it's unreal
Oh my God...
The SQUIRREL is the ClickFix... but we've LAW ENFORCEMENT ON OUR SIDE
(send in a kitty cat to fuck up squirrel)
I'd love to see a cyber criminal deal with real-world problems.
Oh yeah, you're tough online? Get wind damage on your roof that homeowners insurance refuses to cover. Get a bunch of different quotes on your roof damage, then realize a fucking SQUIRREL lives in your attic
I just really, really, really dislike theatrics in cybersecurity. Our ecosystem is already a walking nightmare. We don't need to sensationalize news.
Basically, I'm grumpy