The new AI powered Notepad on Windows 11 was found having a Remote Code Execution 0day
Hot take: text editors don't need network functionality
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Hot take: text editors don't need network functionality
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
π€£148π₯°13π10β€5π€1
vx-underground
The new AI powered Notepad on Windows 11 was found having a Remote Code Execution 0day Hot take: text editors don't need network functionality https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
X (formerly Twitter)
chen (@chen9918b) on X
ζιοΌ AIηΌθΎε¨ηAi代η εζεθ½ζ
η¨γδΌθ§¦εrce γε½εε·²η»ζ₯ιηΈε
³εεγι΅εΎͺ90倩εε δΌιε½ζ«ι²γ
#BugBounty
#BugBounty
π36π₯°3β€1
This media is not supported in your browser
VIEW IN TELEGRAM
π₯°64π€£14π―8π’5β€4π€2
Hello,
More updates being pushed to prod tomorrow. Also have some mildly interesting news to share related to something we sometimes do.
Additionally, my son will be turning 1 years old soon. Feel old yet?
Cheers,
-smelly smellington
More updates being pushed to prod tomorrow. Also have some mildly interesting news to share related to something we sometimes do.
Additionally, my son will be turning 1 years old soon. Feel old yet?
Cheers,
-smelly smellington
π96β€17π₯°7
vx-underground
Hello, More updates being pushed to prod tomorrow. Also have some mildly interesting news to share related to something we sometimes do. Additionally, my son will be turning 1 years old soon. Feel old yet? Cheers, -smelly smellington
In retrospect, the first three months of my son's life was like the dark ages. All I did was watch anime in complete silence, praying to any God that would answer my prayers, that my wife and I could sleep for just a few hours.
Nonstop anime for 90 days, per the recommendation of my peers and colleagues, was bad. I haven't watched anime ever since. I feel like I was trapped in some kind of CIA MK Ultra experiment. My brain is fried. I have this urge to move to a remote cabin and ... enjoy nature.
Nonstop anime for 90 days, per the recommendation of my peers and colleagues, was bad. I haven't watched anime ever since. I feel like I was trapped in some kind of CIA MK Ultra experiment. My brain is fried. I have this urge to move to a remote cabin and ... enjoy nature.
β€84π₯°22π―13π12
vx-underground
> see post online > us military offensive cyber warfare division > click profile > they follow me > wtf? > theyre following me? > is the us military using my website to study malware? > *follow back*
I like to imagine a bunch of military bros at some fuckin base wanting updates on malware and I'm just schizo ranting about my general distrust for the United States government and spamming cat pictures
π₯°87β€17π9π€5π₯3π€3π2π―1
Nerds have gotten access to the ICE subreddit (???) and archived it publicly.
1. Why is there an ICE subreddit
2. Why are ICE people using Reddit
3. Why was it even accessible
4. ???
I don't understand anything
1. Why is there an ICE subreddit
2. Why are ICE people using Reddit
3. Why was it even accessible
4. ???
I don't understand anything
π€£134β€14π6π€5π₯°2π2π€―1
Academics nerds published a research paper a few days about LLM malware and their argument for a new classification of malware dubbed "Promptware".
X fucks up links a lot, they don't display properly, so the link to their academic paper will be in the post subsequent to this one.
As is tradition, their academic paper is just a bunch of goobers being all philosophical about shit and including a bunch of fancy pictures and graphs.
I unironically sat here and read most of this paper.
Is there argument valid?
Yes, but some of the examples provided are theoretical and have not existed in-the-wild (yet?). They do however provide real-life examples of LLM payloads which have been successful. I personally have not seen these techniques described, but they provided citations and they are indeed real.
I do malware stuff everyday (collecting, reverse engineering, development) and I have not seen any of the papers they reference. This paper has demonstrated, unironically, there is a gap right now between LLM research and malware research. In essence, we are at the point now where LLM research is now bleeding into malware research and malware nerds may have to pay more attention.
I am now a believer. LLM malware is indeed real and will become a thing. I give these academic nerds two (2) cat pictures for this interesting paper. This is the first academic paper I've read in awhile that I actually think isn't complete dog shit.
My main criticism however is they kind of butcher some malware terminology. For example, they incorrectly refer to some of this LLM malware stuff as Polymorphic, but this is not polymorphic ... unless we get really, really, really flexible with definition of polymorphic malware and we make it more akin to high-level class inheritance polymorphism. It doesn't really matter that much though because I understand what they're trying to convey.
X fucks up links a lot, they don't display properly, so the link to their academic paper will be in the post subsequent to this one.
As is tradition, their academic paper is just a bunch of goobers being all philosophical about shit and including a bunch of fancy pictures and graphs.
I unironically sat here and read most of this paper.
Is there argument valid?
Yes, but some of the examples provided are theoretical and have not existed in-the-wild (yet?). They do however provide real-life examples of LLM payloads which have been successful. I personally have not seen these techniques described, but they provided citations and they are indeed real.
I do malware stuff everyday (collecting, reverse engineering, development) and I have not seen any of the papers they reference. This paper has demonstrated, unironically, there is a gap right now between LLM research and malware research. In essence, we are at the point now where LLM research is now bleeding into malware research and malware nerds may have to pay more attention.
I am now a believer. LLM malware is indeed real and will become a thing. I give these academic nerds two (2) cat pictures for this interesting paper. This is the first academic paper I've read in awhile that I actually think isn't complete dog shit.
My main criticism however is they kind of butcher some malware terminology. For example, they incorrectly refer to some of this LLM malware stuff as Polymorphic, but this is not polymorphic ... unless we get really, really, really flexible with definition of polymorphic malware and we make it more akin to high-level class inheritance polymorphism. It doesn't really matter that much though because I understand what they're trying to convey.
β€45π€£7π₯°4π―2π1π€1
vx-underground
Academics nerds published a research paper a few days about LLM malware and their argument for a new classification of malware dubbed "Promptware". X fucks up links a lot, they don't display properly, so the link to their academic paper will be in the postβ¦
Research paper: https://arxiv.org/pdf/2601.09625
β€29π₯°4
> be me
> have malware idea
> plug phone into pc
> malware detects phone
> automagically steals data off phone
> spend time working on it
> deal with all sorts of dumb shit c winapi
> fails
> ???
> fails
> look inside
> The phone must be in File Transfer (MTP) mode and authorized for WPD (Windows Portable Device) to work
guess who should have read the documentation before doing a bunch of work? (ill give you a hint, its me)
> have malware idea
> plug phone into pc
> malware detects phone
> automagically steals data off phone
> spend time working on it
> deal with all sorts of dumb shit c winapi
> fails
> ???
> fails
> look inside
> The phone must be in File Transfer (MTP) mode and authorized for WPD (Windows Portable Device) to work
guess who should have read the documentation before doing a bunch of work? (ill give you a hint, its me)
π₯°44π€£24π3π«‘2π±1
vx-underground
> be me > have malware idea > plug phone into pc > malware detects phone > automagically steals data off phone > spend time working on it > deal with all sorts of dumb shit c winapi > fails > ??? > fails > look inside > The phone must be in File Transfer (MTP)β¦
I can't even tell you how many times I've explored a malware concept to just:
1. Realize I should have read the documentation
2. Realize Google Project Zero already reversed it
3. Realize some schizo on UnknownCheats reversed it
4. Fail (successfully!)
1. Realize I should have read the documentation
2. Realize Google Project Zero already reversed it
3. Realize some schizo on UnknownCheats reversed it
4. Fail (successfully!)
β€40π―8π₯°6π1
Yeah, so pretty much, like, there is this really sketchy company in Israel named "Paragon". Paragon sells a "product" called GRAPHITE.
Let me explain the background and why this is very silly.
GRAPHITE spyware which allows "customers" to remotely access peoples cell phones and monitor their instant messaging applications such as WhatsApp
It is spyware. It is sometimes called Mercenary Spyware because it is primarily used by governments to spy on political enemies, journalists, and activists.
Very little is known about Paragon, GRAPHITE, and their "customers". However, it was publicly noted by the Trump administration in January, 2025, to be purchased by the United States government and to be used to aid ICE.
Furthermore, in September 2025 the Trump administration noted the usage of Graphite to aid the United States against "domestic terrorist organizations" such as "ANTIFA".
ICE acting director Todd Lyons noted using GRAPHITE to monitor anti-ICE protestors to track "ringleaders and professional agitators".
Citizen Lab and other civil rights organizations have documented the usage of GRAPHITE against individuals in Australia, Canada, Cyprus, Denmark, Israel, Singapore and (unsurprisingly) the United States. It is believed the Canadian government actively uses GRAPHITE in Ontario.
Okay, so why does all of this matter? Yeah, it's super fucked up. But today representatives from Paragon accidentally leaked GRAPHITE screenshots ... ON LINKEDIN. Dawg, that image in the background IS GOVERNMENT FUCKING SPYWARE
It shows phone numbers in Czechia, apps, accounts, media on the phone, "interception status", and phone numbers extracted. THEY LEAKED IT BY ACCIDENT ON LINKEDIN WHILE TAKING SELFIES
Let me explain the background and why this is very silly.
GRAPHITE spyware which allows "customers" to remotely access peoples cell phones and monitor their instant messaging applications such as WhatsApp
It is spyware. It is sometimes called Mercenary Spyware because it is primarily used by governments to spy on political enemies, journalists, and activists.
Very little is known about Paragon, GRAPHITE, and their "customers". However, it was publicly noted by the Trump administration in January, 2025, to be purchased by the United States government and to be used to aid ICE.
Furthermore, in September 2025 the Trump administration noted the usage of Graphite to aid the United States against "domestic terrorist organizations" such as "ANTIFA".
ICE acting director Todd Lyons noted using GRAPHITE to monitor anti-ICE protestors to track "ringleaders and professional agitators".
Citizen Lab and other civil rights organizations have documented the usage of GRAPHITE against individuals in Australia, Canada, Cyprus, Denmark, Israel, Singapore and (unsurprisingly) the United States. It is believed the Canadian government actively uses GRAPHITE in Ontario.
Okay, so why does all of this matter? Yeah, it's super fucked up. But today representatives from Paragon accidentally leaked GRAPHITE screenshots ... ON LINKEDIN. Dawg, that image in the background IS GOVERNMENT FUCKING SPYWARE
It shows phone numbers in Czechia, apps, accounts, media on the phone, "interception status", and phone numbers extracted. THEY LEAKED IT BY ACCIDENT ON LINKEDIN WHILE TAKING SELFIES
π€£70π±13π₯°8β€5π2π₯1π€―1
vx-underground
Yeah, so pretty much, like, there is this really sketchy company in Israel named "Paragon". Paragon sells a "product" called GRAPHITE. Let me explain the background and why this is very silly. GRAPHITE spyware which allows "customers" to remotely accessβ¦
If you want to read more about Paragon, GRAPHITE, and governments (illegally) using Mercenary Spyware, read this paper:
https://citizenlab.ca/research/a-first-look-at-paragons-proliferating-spyware-operations/
https://citizenlab.ca/research/a-first-look-at-paragons-proliferating-spyware-operations/
The Citizen Lab
Virtue or Vice? A First Look at Paragonβs Proliferating Spyware Operations - The Citizen Lab
In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon's mercenary spyware operations across the globe. This report includes an infrastructure analysisβ¦
π₯°20β€5π₯2
vx-underground
Yeah, so pretty much, like, there is this really sketchy company in Israel named "Paragon". Paragon sells a "product" called GRAPHITE. Let me explain the background and why this is very silly. GRAPHITE spyware which allows "customers" to remotely accessβ¦
Oh, I'm also really, really, really, sorry to DrWhax. This is his photo he took from LinkedIn and he was the first to note it. I got lost in the sauce and forgot to tag him and give him credit.
I'm sorry, DrWhax. That is 100% my bad. When I saw your post I lost my mind.
I'm sorry, DrWhax. That is 100% my bad. When I saw your post I lost my mind.
π₯°40π2
I was sitting here and I was like, "I wonder if those nerds have decoded more Epstein attachments".
Today mqudsi decoded legal documents sent between Epstein and his legal representative Alan Dershowitz.
He even got the original metadata back (time, date, computer)
Today mqudsi decoded legal documents sent between Epstein and his legal representative Alan Dershowitz.
He even got the original metadata back (time, date, computer)
π₯°38π10π₯6π±5β€3π1