vx-underground
Kido Schools, an international nursery business, which is "for parents, by parents", is a fucking nightmare come alive. 6,000 pre-school kids PII being extorted. 20,000 parents PII being extorted. Look at this fucking slop piece of shit https://github.com/kidoβ¦
The fucking developers accidentally exposed some of the internal software suite, left hardcoded SMTP credentials in the code.
This is the fucking slop shit that's protecting children online? Fire everyone immediately
This is the fucking slop shit that's protecting children online? Fire everyone immediately
π50π―19β€10π₯9π8π’3
vx-underground
The fucking developers accidentally exposed some of the internal software suite, left hardcoded SMTP credentials in the code. This is the fucking slop shit that's protecting children online? Fire everyone immediately
Parents: if you can't find a family member to watch your kids, bring them to a local mom-n-pop nursery type place. Don't bring them to a for-profit international business trying to monetize your children
π63π―25β€9π’1
Previously I shared some footage of 3 individuals raiding a home in the United Kingdom. In the video two of the men begin destroying the elderly woman's home. The video concludes with one of the masked men physically striking the elderly woman.
New details have emerged online as to why this event occurred.
One of the occupants of that home was believed to be a member of "CVLT", an online group which produces CSAM and other nefarious material.
Unfortunately for myself, some individuals have come forward and shared some footage with me which I regret seeing.
The footage I saw, and regret seeing, shows one of the home inhabitants producing zoophilia pornography with a canine that is believed to also reside in that home.
There is no indication on whether or not the elderly woman from the video is aware someone in her home is producing zoophilia pornography.
Violence is never the answer. These individuals should not have raided this home and physically assaulted the elderly woman. The footage was sickening and I wish I never saw it.
New details have emerged online as to why this event occurred.
One of the occupants of that home was believed to be a member of "CVLT", an online group which produces CSAM and other nefarious material.
Unfortunately for myself, some individuals have come forward and shared some footage with me which I regret seeing.
The footage I saw, and regret seeing, shows one of the home inhabitants producing zoophilia pornography with a canine that is believed to also reside in that home.
There is no indication on whether or not the elderly woman from the video is aware someone in her home is producing zoophilia pornography.
Violence is never the answer. These individuals should not have raided this home and physically assaulted the elderly woman. The footage was sickening and I wish I never saw it.
π±52π23β€12π€3π€£2π€2π«‘2π1π1π1π―1
vx-underground
Previously I shared some footage of 3 individuals raiding a home in the United Kingdom. In the video two of the men begin destroying the elderly woman's home. The video concludes with one of the masked men physically striking the elderly woman. New detailsβ¦
People on Telegram were unsurprised about this news. I, however, was very surprised.
π±56π€£22π10β€4π’2
Hello, I have arrived and I am bringing gifts. It is malwares.
Each VirusSign block contains 3,000 malwares. Each InTheWild block contains 25,000 malwares.
If my math is correct this is approx. 98,000 malwares.
- Virussign.2025.09.07
- Virussign.2025.09.08
- Virussign.2025.09.09
- Virussign.2025.09.10
- Virussign.2025.09.11
- Virussign.2025.09.12
- Virussign.2025.09.13
- Virussign.2025.09.14
- Virussign.2025.09.15
- Virussign.2025.09.16
- Virussign.2025.09.17
- Virussign.2025.09.18
- Virussign.2025.09.19
- Virussign.2025.09.20
- Virussign.2025.09.21
- Virussign.2025.09.22
- InTheWild.0211
- InTheWild.0212
Please download the malwares and stare at them longly and passionately.
Each VirusSign block contains 3,000 malwares. Each InTheWild block contains 25,000 malwares.
If my math is correct this is approx. 98,000 malwares.
- Virussign.2025.09.07
- Virussign.2025.09.08
- Virussign.2025.09.09
- Virussign.2025.09.10
- Virussign.2025.09.11
- Virussign.2025.09.12
- Virussign.2025.09.13
- Virussign.2025.09.14
- Virussign.2025.09.15
- Virussign.2025.09.16
- Virussign.2025.09.17
- Virussign.2025.09.18
- Virussign.2025.09.19
- Virussign.2025.09.20
- Virussign.2025.09.21
- Virussign.2025.09.22
- InTheWild.0211
- InTheWild.0212
Please download the malwares and stare at them longly and passionately.
β€60π₯°23π₯7π1π’1
vx-underground
Hello, I have arrived and I am bringing gifts. It is malwares. Each VirusSign block contains 3,000 malwares. Each InTheWild block contains 25,000 malwares. If my math is correct this is approx. 98,000 malwares. - Virussign.2025.09.07 - Virussign.2025.09.08β¦
I gotta add some more papers n shit too. Add some other stuff too, or something. I've got a bottle of Tylenol extra strength. Gonna lock in tomorrow and push some crazy updates.
Love you all
- smelly smellington
Love you all
- smelly smellington
π₯°43π―6β€5π€5π’1
Also, I'm surprised X still uses the Twitter authentication subdomain for Okta. But I guess, "X.Okta-dot-com" wasn't available.
π€£59β€5π4π’2
One time some SANS nerds low-key talked to me about doing SANS stuff
They told me I couldn't be a degenerate with the constant swearing, weird cat memes, chain smoking, dark jokes, looking homeless, etc
I can't change who I am dawg. I guess I'm a loser forever
They told me I couldn't be a degenerate with the constant swearing, weird cat memes, chain smoking, dark jokes, looking homeless, etc
I can't change who I am dawg. I guess I'm a loser forever
β€74π€£12π₯°8π€7π―5π’3π₯2π«‘1
vx-underground
One time some SANS nerds low-key talked to me about doing SANS stuff They told me I couldn't be a degenerate with the constant swearing, weird cat memes, chain smoking, dark jokes, looking homeless, etc I can't change who I am dawg. I guess I'm a loser forever
At the end of the day all I have is my son, my wife, my family, and my soul
Can't sell my soul for money. Can't pretend to be something I'm not just for money (I'm a degenerate nerd)
That's why still don't monetize this shit and just beg for money like a bum
Can't sell my soul for money. Can't pretend to be something I'm not just for money (I'm a degenerate nerd)
That's why still don't monetize this shit and just beg for money like a bum
β€112π«‘23π€£12π―6π’4β€βπ₯3
Earlier today I made a post about the United States Federal Bureau of Investigation performing an offensive security operation against Telegram.
This was incorrect. I'll explain why.
The document begins with the FBI Philadelphia office requesting permission from the United States Federal Courts to perform a "remote access search", which typically, for a lack of a better word, is "hacking". This coincided with what the report later described as Telegram not cooperating with them.
However, this is misleading and/or partially incorrect. I can't tell if maybe the FBI agent is inaccurately describing what they intend on doing, or if they're vastly over simplifying to the courts their objective, but basically they want to decrypt the Telegram messages... or maybe this is the court legal nomenclature for analyzing encrypted data? I don't know.
Anyway
The paperwork says the FBI will remotely retrieve messages... But the messages are local ... Are they not?
In the court paperwork some individuals were distributing CSAM (Child Sexual Abuse Material). The court documents go into horrific details on the footage discovered. It is sickening. The people distributing the content have already been arrested. Over 1,100 CSAM videos have been retrieved from social media profiles and the perpetrators MEGA.
Included in this is CSAM on infant children.
It concludes with them describing software suites, such as Cellebrite, to analyze the Telegram message content. This conflicts with headlines and initial court documents which suggest this is "remote".
I'll have to read it closer to understand what the fuck they're talking about because it confused me. I'll also share the official court document later on too
This was incorrect. I'll explain why.
The document begins with the FBI Philadelphia office requesting permission from the United States Federal Courts to perform a "remote access search", which typically, for a lack of a better word, is "hacking". This coincided with what the report later described as Telegram not cooperating with them.
However, this is misleading and/or partially incorrect. I can't tell if maybe the FBI agent is inaccurately describing what they intend on doing, or if they're vastly over simplifying to the courts their objective, but basically they want to decrypt the Telegram messages... or maybe this is the court legal nomenclature for analyzing encrypted data? I don't know.
Anyway
The paperwork says the FBI will remotely retrieve messages... But the messages are local ... Are they not?
In the court paperwork some individuals were distributing CSAM (Child Sexual Abuse Material). The court documents go into horrific details on the footage discovered. It is sickening. The people distributing the content have already been arrested. Over 1,100 CSAM videos have been retrieved from social media profiles and the perpetrators MEGA.
Included in this is CSAM on infant children.
It concludes with them describing software suites, such as Cellebrite, to analyze the Telegram message content. This conflicts with headlines and initial court documents which suggest this is "remote".
I'll have to read it closer to understand what the fuck they're talking about because it confused me. I'll also share the official court document later on too
π55β€9π€5π€5π’2π₯1π€£1
When you make an oopsie doopsies from not reading closely enough in front of 400,000 people it sucks
You get booed, people throw tomatoes at you, kids point and laugh at you, even my dog wont look at me. He said, "wow, you're so dumb, you need to be more careful with what you say online. You have a large audience and miscalculations and missteps like this can have real world ramifications."
I said wtf why is my dog speaking German
You get booed, people throw tomatoes at you, kids point and laugh at you, even my dog wont look at me. He said, "wow, you're so dumb, you need to be more careful with what you say online. You have a large audience and miscalculations and missteps like this can have real world ramifications."
I said wtf why is my dog speaking German
β€63π€£47π―7π2π€2π€2π’1
This media is not supported in your browser
VIEW IN TELEGRAM
π₯°63π€―20π’11π9β€βπ₯6β€5π₯3π€£2π±1π1
Security researcher "Bob da Hacker" has been doing more security research.
*This an expansion to a previous post because... it gets worse.
The following applications are all incorrectly configured and exposing user PII (Personal Identifiable Information) in various manners:
- Wimkin
- Reelster
- Cancel the Hate
- Date on the Right
Based on analysis from nerds, Wimkin and Reelster are hand-crafted. They are not vibe coded. "Cancel the Hate" and "Date on the Right" are vibe coded. Each application listed is believed to be made by the same group of individuals.
Very little effort is required to get user data. It is a simple POST request.
Over 500,000 peoples PII are being leaked across all 4 applications.
Data exposed includes:
- Email
- Date of Birth (if supplied)
- Phone number (if supplied)
- Longitude/Latitude (Reelster specific)
- Private messages (Wimkin, Reelster specific)
- User session tokens (Wimkin. Reelster specific)
- User preferences
*This an expansion to a previous post because... it gets worse.
The following applications are all incorrectly configured and exposing user PII (Personal Identifiable Information) in various manners:
- Wimkin
- Reelster
- Cancel the Hate
- Date on the Right
Based on analysis from nerds, Wimkin and Reelster are hand-crafted. They are not vibe coded. "Cancel the Hate" and "Date on the Right" are vibe coded. Each application listed is believed to be made by the same group of individuals.
Very little effort is required to get user data. It is a simple POST request.
Over 500,000 peoples PII are being leaked across all 4 applications.
Data exposed includes:
- Date of Birth (if supplied)
- Phone number (if supplied)
- Longitude/Latitude (Reelster specific)
- Private messages (Wimkin, Reelster specific)
- User session tokens (Wimkin. Reelster specific)
- User preferences
β€45π25π€£23π±4π’2
You don't have to write super sophisticated malware with 9000 different evasion techniques
Just name it important_file.pdf.exe and have it prompt for UAC. They'll probably allow it
Just name it important_file.pdf.exe and have it prompt for UAC. They'll probably allow it
β€90π€£41π―15π₯9π«‘5π₯°2π’2π1
Lots of drama on the internet today with Bug Bounty Nerds and HackOne
Bug Bounty Nerds are saying HackerOne is ran by Zionists, or something, and saying HackerOne is Islamophobic, or something
I don't know the whole lore behind this and I don't know the main characters arguing back and forth. It feels like I've walked into the shit show in the middle of season two of the anime.
Will report back if I understand what's going on (I probably won't report back, but people keeping tagging me).
Bug Bounty Nerds are saying HackerOne is ran by Zionists, or something, and saying HackerOne is Islamophobic, or something
I don't know the whole lore behind this and I don't know the main characters arguing back and forth. It feels like I've walked into the shit show in the middle of season two of the anime.
Will report back if I understand what's going on (I probably won't report back, but people keeping tagging me).
π34π26β€9π€―3π₯°1π’1