Top 10 most popular posts in vx-underground history. #1 changes everything.
10. July 11th, 2025:
- Mocking United States government for poorly handling Epstein data
- 33,000 likes
9. August 2nd, 2025:
- Memeing UK government for poor tech policy
- 40,000 likes
8. May, 10th, 2024:
- C programmers watching Python programmers work meme
- 42,000 likes
7. July 29th, 2025:
- Criticizing UK government for poor tech policy
- 49,000 likes
6. July 19th, 2025:
- Crowdstrike bootloop incident meme
- 51,000 likes
5. October 5th, 2022:
- Insert commas into your password meme
- 56,000 likes
4. October 21st, 2025:
- Mocking OpenAI web browser
- 63,000 likes
3. November 19th, 2025:
- Being rude to Microsoft
- 101,000 likes
2. November 1st, 2025:
- Password manager meme
- 106,000 likes
1. December 23rd, 2025:
- Picture of a cat
- 114,000 likes (still climbing)
10. July 11th, 2025:
- Mocking United States government for poorly handling Epstein data
- 33,000 likes
9. August 2nd, 2025:
- Memeing UK government for poor tech policy
- 40,000 likes
8. May, 10th, 2024:
- C programmers watching Python programmers work meme
- 42,000 likes
7. July 29th, 2025:
- Criticizing UK government for poor tech policy
- 49,000 likes
6. July 19th, 2025:
- Crowdstrike bootloop incident meme
- 51,000 likes
5. October 5th, 2022:
- Insert commas into your password meme
- 56,000 likes
4. October 21st, 2025:
- Mocking OpenAI web browser
- 63,000 likes
3. November 19th, 2025:
- Being rude to Microsoft
- 101,000 likes
2. November 1st, 2025:
- Password manager meme
- 106,000 likes
1. December 23rd, 2025:
- Picture of a cat
- 114,000 likes (still climbing)
β€106π₯15π€£14π₯°12π4
vx-underground
Top 10 most popular posts in vx-underground history. #1 changes everything. 10. July 11th, 2025: - Mocking United States government for poorly handling Epstein data - 33,000 likes 9. August 2nd, 2025: - Memeing UK government for poor tech policy - 40,000β¦
It's a beautiful thing seeing the most liked post in vx-underground history be a silly picture of a kitty cat.
π₯°159β€33β€βπ₯14π€£8
There are objective truths and emotional truths.
Sometimes people will (intentionally or unintentionally) overlook evidence because they want a story to be true.
tl;dr dumb made up story, probably AI slop, regarded as true by people all across the internet because it "feels" true.
In November, 2025 there was widespread coverage of "hundreds" of stray cats infiltrating a Bitcoin mining facility in Inner Mongolia* and allegedly costing the Bitcoin mine owner several million dollars. The original author of the post included a photo of a dozen or so cats sitting on so-called cryptomining hardware machines.
This story is not true. There is a lot of evidence to support this.
- Story originated from a Facebook page titled, "StoryTime"
- "StoryTime" shares a lot of AI art
- No company stated
- No additional information provided other than strange photo of cats
- Inaccurate depiction of cryptomining facility (see subsequent images)
- Story doesn't make sense
- Cryptomining is banned in Inner Mongolia
The original post asserts cats have some how broken into a cryptomining facility in Inner Mongolia. There they remained undetected for weeks, "multiplied", and comfortably nested on cryptomining machines. Inner Mongolia has banned cryptomining because there is a desire to reduce their carbon footprint.
While it's technically possible for all of these things to be true, it would be outrageous for an illegally operated Bitcoin cryptomining facility to be unaware of "hundreds" of cats in their facility for weeks. It amplifies the absurdity when you consider that this Mongolian facility decided to photograph their illegal operation and exclusively share the details on it with an English-speaking Facebook page which does not typically discuss cryptocurrency.
The "news report" concludes by writing the Bitcoin mine owner "loves cats" so he purchased "several hundred" warming beds for the cats.
If you take a moment to consider what I've just written, and review the information provided, it's pretty obvious this story is fake. Unfortunately, this completely made up story ended up in semi-large cryptocurrency news websites. It was shared all over Facebook, Reddit, and X. I had a dozen or so people tag me and suggest I share it online and comment about it. Out of the millions, upon millions, of engagements the story received, only a very small minority of people questioned the validity of the story.
Image 1. The "cats" in the illegally operated Bitcoin mining facility in Inner Mongolia
Image 2. An actual photograph of a Bitcoin mining facility
Sometimes people will (intentionally or unintentionally) overlook evidence because they want a story to be true.
tl;dr dumb made up story, probably AI slop, regarded as true by people all across the internet because it "feels" true.
In November, 2025 there was widespread coverage of "hundreds" of stray cats infiltrating a Bitcoin mining facility in Inner Mongolia* and allegedly costing the Bitcoin mine owner several million dollars. The original author of the post included a photo of a dozen or so cats sitting on so-called cryptomining hardware machines.
This story is not true. There is a lot of evidence to support this.
- Story originated from a Facebook page titled, "StoryTime"
- "StoryTime" shares a lot of AI art
- No company stated
- No additional information provided other than strange photo of cats
- Inaccurate depiction of cryptomining facility (see subsequent images)
- Story doesn't make sense
- Cryptomining is banned in Inner Mongolia
The original post asserts cats have some how broken into a cryptomining facility in Inner Mongolia. There they remained undetected for weeks, "multiplied", and comfortably nested on cryptomining machines. Inner Mongolia has banned cryptomining because there is a desire to reduce their carbon footprint.
While it's technically possible for all of these things to be true, it would be outrageous for an illegally operated Bitcoin cryptomining facility to be unaware of "hundreds" of cats in their facility for weeks. It amplifies the absurdity when you consider that this Mongolian facility decided to photograph their illegal operation and exclusively share the details on it with an English-speaking Facebook page which does not typically discuss cryptocurrency.
The "news report" concludes by writing the Bitcoin mine owner "loves cats" so he purchased "several hundred" warming beds for the cats.
If you take a moment to consider what I've just written, and review the information provided, it's pretty obvious this story is fake. Unfortunately, this completely made up story ended up in semi-large cryptocurrency news websites. It was shared all over Facebook, Reddit, and X. I had a dozen or so people tag me and suggest I share it online and comment about it. Out of the millions, upon millions, of engagements the story received, only a very small minority of people questioned the validity of the story.
Image 1. The "cats" in the illegally operated Bitcoin mining facility in Inner Mongolia
Image 2. An actual photograph of a Bitcoin mining facility
π€45β€9π9π’7π€£4
vx-underground
Is the United States government ran by a bunch of fucking morons? People on BlueSky discovered that some of the Epstein documents were visually redacted but remained selectable. In other words, using Python you can un-redact some of the Epstein files.
I don't know if I want to share the unredacted documents because I haven't reviewed them. I don't want to expose a person who has been a victim of sex trafficking.
If you want to look more into it yourself, go down the rabbit hole here: https://www.reddit.com/r/law/comments/1ptlms6/some_epstein_files_can_be_unredacted/
If you want to look more into it yourself, go down the rabbit hole here: https://www.reddit.com/r/law/comments/1ptlms6/some_epstein_files_can_be_unredacted/
Reddit
From the law community on Reddit: Some Epstein files can be unredacted
Posted by Thalesian - 34,420 votes and 1,576 comments
β€43π―16π₯°6π3π1
"To deliver gifts to every child, Santa must travel incredibly fast, roughly 4.7 to 5.4 million kilometers per hour (3 million mph), which is about 0.5% the speed of light, requiring him to visit ~1,900 houses per second, but using time zones and relativity allows for magical solutions, like stopping time or using multiple sleighs, otherwise, air resistance would vaporize him."
> travels 0.5% speed of light
> no fancy tech, just reindeer
> defies laws of physics
> visits 1900 homes per second
> no one knows how it's possible
> isn't instantly vaporized
> travels 0.5% speed of light
> no fancy tech, just reindeer
> defies laws of physics
> visits 1900 homes per second
> no one knows how it's possible
> isn't instantly vaporized
β€142π€£33π₯°19π10π₯9π5π€5β€βπ₯2π€©2π«‘1
Oh yeah? Santa isn't real? Then who comes down the chimney, eats the cookies, and gives the carrots to the reindoor?
You seriously think nearly every person on the planet is hiding the truth and is involved in this conspiracy?
Uh huh, sure. Santa non-believers make me SICK
You seriously think nearly every person on the planet is hiding the truth and is involved in this conspiracy?
Uh huh, sure. Santa non-believers make me SICK
β€105π22π―14π€£7π±4π₯°3π2
vx-underground
Oh yeah? Santa isn't real? Then who comes down the chimney, eats the cookies, and gives the carrots to the reindoor? You seriously think nearly every person on the planet is hiding the truth and is involved in this conspiracy? Uh huh, sure. Santa non-believersβ¦
iF sAnTa iS rEaL hOw cOmE hE doEsnT go To pOoR cOuNtriEs
Santa doesn't go to "poor" countries because he's several hundred years old and overflowing with CLASSISM.
He's real, but he is steaming with prejudice against the poor. He's a real jerk.
Santa doesn't go to "poor" countries because he's several hundred years old and overflowing with CLASSISM.
He's real, but he is steaming with prejudice against the poor. He's a real jerk.
β€110π€£73π8π6β€βπ₯2π1
December 21st, 2025, Vince Zampella, co-founder of Call of Duty, passed away. It has been confirmed by Electronic Arts and people closely associated with him.
Mr. Zampella tragically passed away while traveling at a high rate of speed in his 2026 Ferrari 296 GTS in Los Angeles, California, United States.
The incident occured at a location known as Angeles Crest.
Mr. Zampella exited a tunnel traveling at an estimated 105mph (169kph). It is suspected Mr. Zampella failed to anticipate the vision impairment which would occur while exiting a dark tunnel back into regular daylight, hence temporarily blinding and/or disorienting his vision.
Mr. Zampella was unable to see the sharp turn approaching, failed to decelerate, and crashed into a barrier.
Several bystanders recorded the incident. Per video evidence, Mr. Zampella's Ferrari immediately compressed inward, similar to an accordion, due to the high rate of speed. The car immediately became engulfed in flames.
Per police records, Mr. Zampella had a passenger in the vehicle. The passenger has not been identified to the public.
The Mr. Zampella was pronounced DOA (Dead on Arrival) by medical first responders. Per police records, Mr. Zampella was trapped inside the vehicle while it became engulfed in flames. It is unknown if Mr. Zampella was conscious or not while it occurred. Police scanner archivists (people who actively listen and discuss police radio conversations) documented first responders as stating "the driver is burnt to a crisp". The driver was later identified as Mr. Zampella.
The unknown passenger was ejected from the vehicle. Per police reports, the passengers lower torso remainder in the vehicle from his vehicle compressing inward, while his upper torso went through the windshield of the vehicle. First responders documented the passenger had "effectively amputated his legs". Bystanders dragged the unknown passengers upper body from the flames and made an attempt at saving his life. Bystanders attempted to use a seat belt from a bystanders vehicle as a tourniquet to prevent the person from bleeding to death.
The unknown passenger was transported via helicopter to a nearby hospital due to the severity of his injuries. He was officially pronounced deceased at the hospital.
Mr. Zampella is survived by his three children
Mr. Zampella tragically passed away while traveling at a high rate of speed in his 2026 Ferrari 296 GTS in Los Angeles, California, United States.
The incident occured at a location known as Angeles Crest.
Mr. Zampella exited a tunnel traveling at an estimated 105mph (169kph). It is suspected Mr. Zampella failed to anticipate the vision impairment which would occur while exiting a dark tunnel back into regular daylight, hence temporarily blinding and/or disorienting his vision.
Mr. Zampella was unable to see the sharp turn approaching, failed to decelerate, and crashed into a barrier.
Several bystanders recorded the incident. Per video evidence, Mr. Zampella's Ferrari immediately compressed inward, similar to an accordion, due to the high rate of speed. The car immediately became engulfed in flames.
Per police records, Mr. Zampella had a passenger in the vehicle. The passenger has not been identified to the public.
The Mr. Zampella was pronounced DOA (Dead on Arrival) by medical first responders. Per police records, Mr. Zampella was trapped inside the vehicle while it became engulfed in flames. It is unknown if Mr. Zampella was conscious or not while it occurred. Police scanner archivists (people who actively listen and discuss police radio conversations) documented first responders as stating "the driver is burnt to a crisp". The driver was later identified as Mr. Zampella.
The unknown passenger was ejected from the vehicle. Per police reports, the passengers lower torso remainder in the vehicle from his vehicle compressing inward, while his upper torso went through the windshield of the vehicle. First responders documented the passenger had "effectively amputated his legs". Bystanders dragged the unknown passengers upper body from the flames and made an attempt at saving his life. Bystanders attempted to use a seat belt from a bystanders vehicle as a tourniquet to prevent the person from bleeding to death.
The unknown passenger was transported via helicopter to a nearby hospital due to the severity of his injuries. He was officially pronounced deceased at the hospital.
Mr. Zampella is survived by his three children
π’92β€20π«‘11π8π±4π€£4π₯°1π€1
vx-underground
December 21st, 2025, Vince Zampella, co-founder of Call of Duty, passed away. It has been confirmed by Electronic Arts and people closely associated with him. Mr. Zampella tragically passed away while traveling at a high rate of speed in his 2026 Ferrariβ¦
tldr do not speed.
π«‘91π―33π€5β€2π1
The Nigerian government put out a press release saying they partnered with the United States Federal Bureau of Investigation to perform a sweeping law enforcement takedown, and crackdown, on scammers and various other cybercrime things.
Pretty much no one cared, I don't even think the FBI cared. I can't even remember if it was Nigeria or a different county from that region.
Basically, it was a smaller country riddled with corruption and crime from both politicians and citizens. The entire comment section was people being skeptical of reform or OnlyFans spam.
Pretty much no one cared, I don't even think the FBI cared. I can't even remember if it was Nigeria or a different county from that region.
Basically, it was a smaller country riddled with corruption and crime from both politicians and citizens. The entire comment section was people being skeptical of reform or OnlyFans spam.
π₯°36π€£30π8β€5π€4π’4π€1
Insert generic religious greeting and/or celebratory saying here
Insert generic family appreciation message here
Append generic photograph of religious thing which appeals to most demographics
Insert generic family appreciation message here
Append generic photograph of religious thing which appeals to most demographics
π₯°78β€25π€£21π9π€1π«‘1
Yeah, so pretty much I saw that dudes proof-of-concept and them writing "execute powershell in-memory" and went full autistic.
They meant "execute powershell without a script on disk", not "manually reconstruct powershell from scratch".
My dumb ass has been sitting here in the dark, on Christmas, reverse engineering Windows to be able to programmatically execute Powershell scripts in-memory (no script on disk, no spawning Powershell.exe), while also being as minimal as possible with dependencies and headers.
I'm at over 1,000 lines of code just getting the current CLR version (I'm dumb, don't do this, there is literally ZERO reason to do this)
They meant "execute powershell without a script on disk", not "manually reconstruct powershell from scratch".
My dumb ass has been sitting here in the dark, on Christmas, reverse engineering Windows to be able to programmatically execute Powershell scripts in-memory (no script on disk, no spawning Powershell.exe), while also being as minimal as possible with dependencies and headers.
I'm at over 1,000 lines of code just getting the current CLR version (I'm dumb, don't do this, there is literally ZERO reason to do this)
β€βπ₯78π€21π₯°8π₯6π€£6β€5π2π€2π2
This media is not supported in your browser
VIEW IN TELEGRAM
Oh. My. God.
Santa (a/k/a Cuzie13) was a little late this Christmas, but bro still delivered. We got malicious AI generated advertisements on Snapchat
tl;dr fake windows activation, running command shown executes malicious powershell script that downloads malware
Santa (a/k/a Cuzie13) was a little late this Christmas, but bro still delivered. We got malicious AI generated advertisements on Snapchat
tl;dr fake windows activation, running command shown executes malicious powershell script that downloads malware
π₯°77π€£50β€9π₯6π5π1
vx-underground
Oh. My. God. Santa (a/k/a Cuzie13) was a little late this Christmas, but bro still delivered. We got malicious AI generated advertisements on Snapchat tl;dr fake windows activation, running command shown executes malicious powershell script that downloadsβ¦
Guess that Pokemon! It's...
Vidar Information Stealer! Yay! It uses Telegram, and some weird Ukrainian domain, as a C2. Yay! Free information stealer malware campaign payload!
Smash that download button, fam
Vidar Information Stealer! Yay! It uses Telegram, and some weird Ukrainian domain, as a C2. Yay! Free information stealer malware campaign payload!
Smash that download button, fam
π92π₯16β€9π₯°4π€2π«‘2π€―1π€£1
vx-underground
Guess that Pokemon! It's... Vidar Information Stealer! Yay! It uses Telegram, and some weird Ukrainian domain, as a C2. Yay! Free information stealer malware campaign payload! Smash that download button, fam
For malware analysts, or nerds who care:
Initial access script SHA256:
aa3a9ed1e3b21845a6a0dfd5cef12661becbdb738e2a78adecbb2421785795c9
Payload SHA256:
58ed7f9d65b10b2501e5d080217ae79cd0d88ae0d784896ceac67abda03ab3ed
Delivery domain:
mscfg[.]cfd
C2:
hov[.]kievholod[.]kiev[.]ua
t[.]me/gal17d
Initial access script SHA256:
aa3a9ed1e3b21845a6a0dfd5cef12661becbdb738e2a78adecbb2421785795c9
Payload SHA256:
58ed7f9d65b10b2501e5d080217ae79cd0d88ae0d784896ceac67abda03ab3ed
Delivery domain:
mscfg[.]cfd
C2:
hov[.]kievholod[.]kiev[.]ua
t[.]me/gal17d
π₯52π21π«‘12β€7π₯°4π€―1π€1
Big drama on the internet today as several high-profile tarkov players had their account compromised.
Mass hysteria has erupted online. However, in an interesting twist of fate, the individual who claims responsibility for the compromises has come forward and explained how they exploited Escape From Tarkov's authentication system and effectively bypassed it.
The person responsible is (based on information they've provided) from Argentina. Their explanation is in Spanish. Here is the tl;dr and in English
"The Steam (OpenID) authentication system does not appear to be correctly validating the digital signature (openid.sig) or the response_nonce returned by the Steam servers. This allows an attacker to impersonate any user account simply by manually modifying the openid.identity and openid.claimed_id parameters in the return URL.
Vulnerable Endpoint example:
https://profile.tarkov.com/login/steam?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=id_res&openid.op_endpoint=https://steamcommunity.com/openid/login&openid.claimed_id=
Vulnerable Parameter: openid.identity / openid.claimed_id
Steps to reproduce (Proof of concept):
- Start a legitimate Steam login process.
- Before the page loads the profile, intercept or modify the Steam response URL.
- Replace the SteamID64 at the end of the openid.claimed_id and openid.identity parameters with that of any other user.
- The server grants access to the profile of the user whose ID was entered, without having gone through the real login process of that account.
The individual goes on criticism the game company for their lack of security. He says all Steam users are impacted, including game developers.
The person responsible shared photos as proof
tl;dr Tarkov devs are going to have to do big work over the Holiday break to patch this before things get worse
Mass hysteria has erupted online. However, in an interesting twist of fate, the individual who claims responsibility for the compromises has come forward and explained how they exploited Escape From Tarkov's authentication system and effectively bypassed it.
The person responsible is (based on information they've provided) from Argentina. Their explanation is in Spanish. Here is the tl;dr and in English
"The Steam (OpenID) authentication system does not appear to be correctly validating the digital signature (openid.sig) or the response_nonce returned by the Steam servers. This allows an attacker to impersonate any user account simply by manually modifying the openid.identity and openid.claimed_id parameters in the return URL.
Vulnerable Endpoint example:
https://profile.tarkov.com/login/steam?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=id_res&openid.op_endpoint=https://steamcommunity.com/openid/login&openid.claimed_id=
Vulnerable Parameter: openid.identity / openid.claimed_id
Steps to reproduce (Proof of concept):
- Start a legitimate Steam login process.
- Before the page loads the profile, intercept or modify the Steam response URL.
- Replace the SteamID64 at the end of the openid.claimed_id and openid.identity parameters with that of any other user.
- The server grants access to the profile of the user whose ID was entered, without having gone through the real login process of that account.
The individual goes on criticism the game company for their lack of security. He says all Steam users are impacted, including game developers.
The person responsible shared photos as proof
tl;dr Tarkov devs are going to have to do big work over the Holiday break to patch this before things get worse
π€£50π₯°37β€13π₯3π±2