vx-underground
Oh yeah? Santa isn't real? Then who comes down the chimney, eats the cookies, and gives the carrots to the reindoor? You seriously think nearly every person on the planet is hiding the truth and is involved in this conspiracy? Uh huh, sure. Santa non-believersβ¦
iF sAnTa iS rEaL hOw cOmE hE doEsnT go To pOoR cOuNtriEs
Santa doesn't go to "poor" countries because he's several hundred years old and overflowing with CLASSISM.
He's real, but he is steaming with prejudice against the poor. He's a real jerk.
Santa doesn't go to "poor" countries because he's several hundred years old and overflowing with CLASSISM.
He's real, but he is steaming with prejudice against the poor. He's a real jerk.
β€110π€£73π8π6β€βπ₯2π1
December 21st, 2025, Vince Zampella, co-founder of Call of Duty, passed away. It has been confirmed by Electronic Arts and people closely associated with him.
Mr. Zampella tragically passed away while traveling at a high rate of speed in his 2026 Ferrari 296 GTS in Los Angeles, California, United States.
The incident occured at a location known as Angeles Crest.
Mr. Zampella exited a tunnel traveling at an estimated 105mph (169kph). It is suspected Mr. Zampella failed to anticipate the vision impairment which would occur while exiting a dark tunnel back into regular daylight, hence temporarily blinding and/or disorienting his vision.
Mr. Zampella was unable to see the sharp turn approaching, failed to decelerate, and crashed into a barrier.
Several bystanders recorded the incident. Per video evidence, Mr. Zampella's Ferrari immediately compressed inward, similar to an accordion, due to the high rate of speed. The car immediately became engulfed in flames.
Per police records, Mr. Zampella had a passenger in the vehicle. The passenger has not been identified to the public.
The Mr. Zampella was pronounced DOA (Dead on Arrival) by medical first responders. Per police records, Mr. Zampella was trapped inside the vehicle while it became engulfed in flames. It is unknown if Mr. Zampella was conscious or not while it occurred. Police scanner archivists (people who actively listen and discuss police radio conversations) documented first responders as stating "the driver is burnt to a crisp". The driver was later identified as Mr. Zampella.
The unknown passenger was ejected from the vehicle. Per police reports, the passengers lower torso remainder in the vehicle from his vehicle compressing inward, while his upper torso went through the windshield of the vehicle. First responders documented the passenger had "effectively amputated his legs". Bystanders dragged the unknown passengers upper body from the flames and made an attempt at saving his life. Bystanders attempted to use a seat belt from a bystanders vehicle as a tourniquet to prevent the person from bleeding to death.
The unknown passenger was transported via helicopter to a nearby hospital due to the severity of his injuries. He was officially pronounced deceased at the hospital.
Mr. Zampella is survived by his three children
Mr. Zampella tragically passed away while traveling at a high rate of speed in his 2026 Ferrari 296 GTS in Los Angeles, California, United States.
The incident occured at a location known as Angeles Crest.
Mr. Zampella exited a tunnel traveling at an estimated 105mph (169kph). It is suspected Mr. Zampella failed to anticipate the vision impairment which would occur while exiting a dark tunnel back into regular daylight, hence temporarily blinding and/or disorienting his vision.
Mr. Zampella was unable to see the sharp turn approaching, failed to decelerate, and crashed into a barrier.
Several bystanders recorded the incident. Per video evidence, Mr. Zampella's Ferrari immediately compressed inward, similar to an accordion, due to the high rate of speed. The car immediately became engulfed in flames.
Per police records, Mr. Zampella had a passenger in the vehicle. The passenger has not been identified to the public.
The Mr. Zampella was pronounced DOA (Dead on Arrival) by medical first responders. Per police records, Mr. Zampella was trapped inside the vehicle while it became engulfed in flames. It is unknown if Mr. Zampella was conscious or not while it occurred. Police scanner archivists (people who actively listen and discuss police radio conversations) documented first responders as stating "the driver is burnt to a crisp". The driver was later identified as Mr. Zampella.
The unknown passenger was ejected from the vehicle. Per police reports, the passengers lower torso remainder in the vehicle from his vehicle compressing inward, while his upper torso went through the windshield of the vehicle. First responders documented the passenger had "effectively amputated his legs". Bystanders dragged the unknown passengers upper body from the flames and made an attempt at saving his life. Bystanders attempted to use a seat belt from a bystanders vehicle as a tourniquet to prevent the person from bleeding to death.
The unknown passenger was transported via helicopter to a nearby hospital due to the severity of his injuries. He was officially pronounced deceased at the hospital.
Mr. Zampella is survived by his three children
π’92β€20π«‘11π8π±4π€£4π₯°1π€1
vx-underground
December 21st, 2025, Vince Zampella, co-founder of Call of Duty, passed away. It has been confirmed by Electronic Arts and people closely associated with him. Mr. Zampella tragically passed away while traveling at a high rate of speed in his 2026 Ferrariβ¦
tldr do not speed.
π«‘91π―33π€5β€2π1
The Nigerian government put out a press release saying they partnered with the United States Federal Bureau of Investigation to perform a sweeping law enforcement takedown, and crackdown, on scammers and various other cybercrime things.
Pretty much no one cared, I don't even think the FBI cared. I can't even remember if it was Nigeria or a different county from that region.
Basically, it was a smaller country riddled with corruption and crime from both politicians and citizens. The entire comment section was people being skeptical of reform or OnlyFans spam.
Pretty much no one cared, I don't even think the FBI cared. I can't even remember if it was Nigeria or a different county from that region.
Basically, it was a smaller country riddled with corruption and crime from both politicians and citizens. The entire comment section was people being skeptical of reform or OnlyFans spam.
π₯°36π€£30π8β€5π€4π’4π€1
Insert generic religious greeting and/or celebratory saying here
Insert generic family appreciation message here
Append generic photograph of religious thing which appeals to most demographics
Insert generic family appreciation message here
Append generic photograph of religious thing which appeals to most demographics
π₯°78β€25π€£21π9π€1π«‘1
Yeah, so pretty much I saw that dudes proof-of-concept and them writing "execute powershell in-memory" and went full autistic.
They meant "execute powershell without a script on disk", not "manually reconstruct powershell from scratch".
My dumb ass has been sitting here in the dark, on Christmas, reverse engineering Windows to be able to programmatically execute Powershell scripts in-memory (no script on disk, no spawning Powershell.exe), while also being as minimal as possible with dependencies and headers.
I'm at over 1,000 lines of code just getting the current CLR version (I'm dumb, don't do this, there is literally ZERO reason to do this)
They meant "execute powershell without a script on disk", not "manually reconstruct powershell from scratch".
My dumb ass has been sitting here in the dark, on Christmas, reverse engineering Windows to be able to programmatically execute Powershell scripts in-memory (no script on disk, no spawning Powershell.exe), while also being as minimal as possible with dependencies and headers.
I'm at over 1,000 lines of code just getting the current CLR version (I'm dumb, don't do this, there is literally ZERO reason to do this)
β€βπ₯78π€21π₯°8π₯6π€£6β€5π2π€2π2
This media is not supported in your browser
VIEW IN TELEGRAM
Oh. My. God.
Santa (a/k/a Cuzie13) was a little late this Christmas, but bro still delivered. We got malicious AI generated advertisements on Snapchat
tl;dr fake windows activation, running command shown executes malicious powershell script that downloads malware
Santa (a/k/a Cuzie13) was a little late this Christmas, but bro still delivered. We got malicious AI generated advertisements on Snapchat
tl;dr fake windows activation, running command shown executes malicious powershell script that downloads malware
π₯°76π€£50β€9π₯6π5π1
vx-underground
Oh. My. God. Santa (a/k/a Cuzie13) was a little late this Christmas, but bro still delivered. We got malicious AI generated advertisements on Snapchat tl;dr fake windows activation, running command shown executes malicious powershell script that downloadsβ¦
Guess that Pokemon! It's...
Vidar Information Stealer! Yay! It uses Telegram, and some weird Ukrainian domain, as a C2. Yay! Free information stealer malware campaign payload!
Smash that download button, fam
Vidar Information Stealer! Yay! It uses Telegram, and some weird Ukrainian domain, as a C2. Yay! Free information stealer malware campaign payload!
Smash that download button, fam
π91π₯16β€9π₯°4π€2π«‘2π€―1π€£1
vx-underground
Guess that Pokemon! It's... Vidar Information Stealer! Yay! It uses Telegram, and some weird Ukrainian domain, as a C2. Yay! Free information stealer malware campaign payload! Smash that download button, fam
For malware analysts, or nerds who care:
Initial access script SHA256:
aa3a9ed1e3b21845a6a0dfd5cef12661becbdb738e2a78adecbb2421785795c9
Payload SHA256:
58ed7f9d65b10b2501e5d080217ae79cd0d88ae0d784896ceac67abda03ab3ed
Delivery domain:
mscfg[.]cfd
C2:
hov[.]kievholod[.]kiev[.]ua
t[.]me/gal17d
Initial access script SHA256:
aa3a9ed1e3b21845a6a0dfd5cef12661becbdb738e2a78adecbb2421785795c9
Payload SHA256:
58ed7f9d65b10b2501e5d080217ae79cd0d88ae0d784896ceac67abda03ab3ed
Delivery domain:
mscfg[.]cfd
C2:
hov[.]kievholod[.]kiev[.]ua
t[.]me/gal17d
π₯52π21π«‘12β€7π₯°4π€―1π€1
Big drama on the internet today as several high-profile tarkov players had their account compromised.
Mass hysteria has erupted online. However, in an interesting twist of fate, the individual who claims responsibility for the compromises has come forward and explained how they exploited Escape From Tarkov's authentication system and effectively bypassed it.
The person responsible is (based on information they've provided) from Argentina. Their explanation is in Spanish. Here is the tl;dr and in English
"The Steam (OpenID) authentication system does not appear to be correctly validating the digital signature (openid.sig) or the response_nonce returned by the Steam servers. This allows an attacker to impersonate any user account simply by manually modifying the openid.identity and openid.claimed_id parameters in the return URL.
Vulnerable Endpoint example:
https://profile.tarkov.com/login/steam?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=id_res&openid.op_endpoint=https://steamcommunity.com/openid/login&openid.claimed_id=
Vulnerable Parameter: openid.identity / openid.claimed_id
Steps to reproduce (Proof of concept):
- Start a legitimate Steam login process.
- Before the page loads the profile, intercept or modify the Steam response URL.
- Replace the SteamID64 at the end of the openid.claimed_id and openid.identity parameters with that of any other user.
- The server grants access to the profile of the user whose ID was entered, without having gone through the real login process of that account.
The individual goes on criticism the game company for their lack of security. He says all Steam users are impacted, including game developers.
The person responsible shared photos as proof
tl;dr Tarkov devs are going to have to do big work over the Holiday break to patch this before things get worse
Mass hysteria has erupted online. However, in an interesting twist of fate, the individual who claims responsibility for the compromises has come forward and explained how they exploited Escape From Tarkov's authentication system and effectively bypassed it.
The person responsible is (based on information they've provided) from Argentina. Their explanation is in Spanish. Here is the tl;dr and in English
"The Steam (OpenID) authentication system does not appear to be correctly validating the digital signature (openid.sig) or the response_nonce returned by the Steam servers. This allows an attacker to impersonate any user account simply by manually modifying the openid.identity and openid.claimed_id parameters in the return URL.
Vulnerable Endpoint example:
https://profile.tarkov.com/login/steam?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=id_res&openid.op_endpoint=https://steamcommunity.com/openid/login&openid.claimed_id=
Vulnerable Parameter: openid.identity / openid.claimed_id
Steps to reproduce (Proof of concept):
- Start a legitimate Steam login process.
- Before the page loads the profile, intercept or modify the Steam response URL.
- Replace the SteamID64 at the end of the openid.claimed_id and openid.identity parameters with that of any other user.
- The server grants access to the profile of the user whose ID was entered, without having gone through the real login process of that account.
The individual goes on criticism the game company for their lack of security. He says all Steam users are impacted, including game developers.
The person responsible shared photos as proof
tl;dr Tarkov devs are going to have to do big work over the Holiday break to patch this before things get worse
π€£50π₯°37β€12π₯3π±2
vx-underground
Big drama on the internet today as several high-profile tarkov players had their account compromised. Mass hysteria has erupted online. However, in an interesting twist of fate, the individual who claims responsibility for the compromises has come forwardβ¦
inb4 argentina mentioned memes
π₯°41π€14β€4π₯1
vx-underground
Ubisoft executives when they hear the news someone has compromised Rainbow Six Siege and gifted $13,332,000 worth of in-game currency to roughly 30,000,000 active players, thus defrauding their company of an estimated $339,960,000,000,000
Ubisoft executives when they learn some nerds gifted more than the entire United States National Debt ($38,000,000,000,000) to a bunch of stinky gamers
π€£136π₯16β€βπ₯6β€2
vx-underground
Ubisoft executives when they hear the news someone has compromised Rainbow Six Siege and gifted $13,332,000 worth of in-game currency to roughly 30,000,000 active players, thus defrauding their company of an estimated $339,960,000,000,000
To those who are non-nerds,
Yes, the situation is funny. (Un)fortunately in this scenario everything in game is now worthless because everyone has everything. What will most likely happen is Ubisoft will sigh, do a massive database roll back, or mass undo inventory stuff for players.
This isn't going to destroy their company or revenue. It will however annoy the shit out of them (leadership) and the developers because they're going to have to work to fix the issue during the holiday season.
My post is meant to be funny. I enjoy mocking the absurdity of the situation and poking fun at large companies who have oopsies like this.
Yes, the situation is funny. (Un)fortunately in this scenario everything in game is now worthless because everyone has everything. What will most likely happen is Ubisoft will sigh, do a massive database roll back, or mass undo inventory stuff for players.
This isn't going to destroy their company or revenue. It will however annoy the shit out of them (leadership) and the developers because they're going to have to work to fix the issue during the holiday season.
My post is meant to be funny. I enjoy mocking the absurdity of the situation and poking fun at large companies who have oopsies like this.
π€£84π₯°13π11β€5π2π2π€1
vx-underground
To those who are non-nerds, Yes, the situation is funny. (Un)fortunately in this scenario everything in game is now worthless because everyone has everything. What will most likely happen is Ubisoft will sigh, do a massive database roll back, or mass undoβ¦
inb4 no backups, everything is actually cooked
π€£102π9β€5β€βπ₯2π±1