Media is too big
VIEW IN TELEGRAM
Toronto Police launched Project Lighthouse in November, 2025 after police were tipped off about an unknown person(s) operating an SMS Blaster in downtown Toronto.
Watch the video for an actual explanation. The fancy Detective lady gives a run down on what happened.
tl;dr three chinese dudes some how built a custom made portable cell phone tower thingie in a van, drove around toronto with it. peoples cell phones automagically connected it to (its literally a cell phone tower thingie). when a cell phone connected to their portable cell tower thingie it would automatically send the connected phone a text which appeared to be from their bank or somewhere important. they interupted real cell phone towers 13m times lmfao. they were trying to steal passwords and stuff. no details released on how three random nerds managed to do this
Watch the video for an actual explanation. The fancy Detective lady gives a run down on what happened.
tl;dr three chinese dudes some how built a custom made portable cell phone tower thingie in a van, drove around toronto with it. peoples cell phones automagically connected it to (its literally a cell phone tower thingie). when a cell phone connected to their portable cell tower thingie it would automatically send the connected phone a text which appeared to be from their bank or somewhere important. they interupted real cell phone towers 13m times lmfao. they were trying to steal passwords and stuff. no details released on how three random nerds managed to do this
π₯°88π€―49π€£36β€13π₯7π6π―3π€3π2π1π±1
Hello,
If you're one of the many little people who lives inside my phone, and enjoy malware, I have good news: I have more malware for you.
The bad news is I forgot to sync the update log. I'll do it tomorrow, maybe later tonight, I don't know.
Pic unrelated
If you're one of the many little people who lives inside my phone, and enjoy malware, I have good news: I have more malware for you.
The bad news is I forgot to sync the update log. I'll do it tomorrow, maybe later tonight, I don't know.
Pic unrelated
π₯°141β€55π13π4β€βπ₯3π₯2π€1
Just got done talking at Georgia Institute of Technology.
I was introduced to a bunch of cybersecurity students as "cybercrime TMZ", a person who "collects pictures of cats", "fills computers with mayonnaise", and discusses things with "Dragon Ball Z" references.
On paper this shit makes me look like a lunatic.
The entire room was dead silent as I vaped and spoke schizophrenic nonsense.
Chat, I DO NOT think they'll be inviting me back
I was introduced to a bunch of cybersecurity students as "cybercrime TMZ", a person who "collects pictures of cats", "fills computers with mayonnaise", and discusses things with "Dragon Ball Z" references.
On paper this shit makes me look like a lunatic.
The entire room was dead silent as I vaped and spoke schizophrenic nonsense.
Chat, I DO NOT think they'll be inviting me back
π€£319π₯40β€32π6π5π―4π€4π₯°3π±3π3π«‘2
CVE-2026-31431 a/k/a CopyFail
> Linux LPE
> Description sounds like AI slop
> Exploit is legit
> Impacts every Linux kernel from 2017 - Now
> Proof-of-concept released
> It's Wednesday?
https://copy.fail/
> Linux LPE
> Description sounds like AI slop
> Exploit is legit
> Impacts every Linux kernel from 2017 - Now
> Proof-of-concept released
> It's Wednesday?
https://copy.fail/
Xint
Copy Fail β 732 Bytes to Root
CVE-2026-31431. 100% Reliable Linux LPE β no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
π130π€―57π’24β€11π₯10π₯°4π2π«‘1
One of the most frequent questions I'm asked is "how do you stay up to date on malware stuff?"
Okay, here is a pro tip:
1. Google OTX AlienVault
2. Make account
3. Look at latest
4. Scroll until you find posts from a guy named Petr something-something (has numbers in his name).
4. Follow his account
He monitors all the big malware places and shares the URL, hashes, etc. from malware vendors. I've been following this random ass dude for years and getting updates on everything.
I have no idea who he is. I don't know where he's from. All I know is his setup is absolute fire and he keeps you up to date on literally everything malware related 24/7 365. He also has stuff from vendors in China, Russia, Japan, etc.
Every morning I log into OTX and check up on my boy Petr to see what fire he's bringing me. I love him.
Okay, here is a pro tip:
1. Google OTX AlienVault
2. Make account
3. Look at latest
4. Scroll until you find posts from a guy named Petr something-something (has numbers in his name).
4. Follow his account
He monitors all the big malware places and shares the URL, hashes, etc. from malware vendors. I've been following this random ass dude for years and getting updates on everything.
I have no idea who he is. I don't know where he's from. All I know is his setup is absolute fire and he keeps you up to date on literally everything malware related 24/7 365. He also has stuff from vendors in China, Russia, Japan, etc.
Every morning I log into OTX and check up on my boy Petr to see what fire he's bringing me. I love him.
π₯°184π₯56β€32π12β€βπ₯8π4π―2π€2π«‘2π€©1π1
This media is not supported in your browser
VIEW IN TELEGRAM
> new cpanel cve thingie
> proof of concept released
> neat
> check on internet degenerates
> tons of united states gov thingies compromised
> tax places compromised
> another day of internet schizophrenia
> proof of concept released
> neat
> check on internet degenerates
> tons of united states gov thingies compromised
> tax places compromised
> another day of internet schizophrenia
π141β€30π₯°12π₯10π6π2π’1
I've been extremely busy. Haven't been able to malware as much.
Here is what I saw:
- Linux security nerds big angry at some dude named Eric because he has been ignoring security things, or something, I don't know. Some drama about CopyFail and some Android stuff
- cPanel CVE destroying normies, botnets, compromises, spam spamming stuff
- Google not wanting to bug bounty as much because of AI slop. Bug bounty nerds throwing hands everywhere
- A bunch of nerds arguing about the WeezerOSINT guy, saying he's a criminal, others saying he is cool and badass
- A bunch of nerds angry at the Lunduke guy
- Will Dormann going ham sandwich on CopyFail
- More updates on those dorks who were in ALPHV but also cybersecurity negotiation people, they're cooked
- 15 year old arrested for cybercrime in France (stuff with Breached, I guess, I don't know).
- Everyone yapping about Fast16 still
- China tests spooky deep sea oceanic internet cable cutter thingy
- More NPM malware
- Apple Claude md thingie oopsie doopsie
Did I miss anything?
Here is what I saw:
- Linux security nerds big angry at some dude named Eric because he has been ignoring security things, or something, I don't know. Some drama about CopyFail and some Android stuff
- cPanel CVE destroying normies, botnets, compromises, spam spamming stuff
- Google not wanting to bug bounty as much because of AI slop. Bug bounty nerds throwing hands everywhere
- A bunch of nerds arguing about the WeezerOSINT guy, saying he's a criminal, others saying he is cool and badass
- A bunch of nerds angry at the Lunduke guy
- Will Dormann going ham sandwich on CopyFail
- More updates on those dorks who were in ALPHV but also cybersecurity negotiation people, they're cooked
- 15 year old arrested for cybercrime in France (stuff with Breached, I guess, I don't know).
- Everyone yapping about Fast16 still
- China tests spooky deep sea oceanic internet cable cutter thingy
- More NPM malware
- Apple Claude md thingie oopsie doopsie
Did I miss anything?
β€103π8π€8π«‘7π₯°3π1
vx-underground
I've been extremely busy. Haven't been able to malware as much. Here is what I saw: - Linux security nerds big angry at some dude named Eric because he has been ignoring security things, or something, I don't know. Some drama about CopyFail and some Androidβ¦
I also got a shit load of DMs but I don't have the willpower to read and reply. Some of you write GIANT messages and it makes my brain hurt (I'm dumb as hell)
β€75π22π₯°9π5π₯3
Here's the thing no one wants to tell you about AI:
1. It's the worlds largest Python script
2. It runs on Linux, Windows Defender slows it down
3. It uses lots of numbers (nobody knows why)
4. It requires a bunch of GPUs (for gaming)
5. No, you can't have sex with it
1. It's the worlds largest Python script
2. It runs on Linux, Windows Defender slows it down
3. It uses lots of numbers (nobody knows why)
4. It requires a bunch of GPUs (for gaming)
5. No, you can't have sex with it
π€£191π€35β€13π±13π5π2π’2π₯°1π€1π1
This media is not supported in your browser
VIEW IN TELEGRAM
Did your slop Python script accidentally transfer $10,000,000 to a stranger?
Did your vibe coded app accidentally leaked 300,000 peoples phone numbers, e-mail addresses, and passport?
Don't worry, fam. The folks over there at ... Corgi ... now provide AI insurance.
Did your vibe coded app accidentally leaked 300,000 peoples phone numbers, e-mail addresses, and passport?
Don't worry, fam. The folks over there at ... Corgi ... now provide AI insurance.
π152π€22π±16β€4π₯°3π2π€£2π’1
Someone used AI prompt injection to crypto drain $150,000... from a tweet.
I would share the write-up and more information on it, but the person who did the write-up blocked me (I have no idea who they are).
Instead, have a picture of the write-up so you can look them up.
I would share the write-up and more information on it, but the person who did the write-up blocked me (I have no idea who they are).
Instead, have a picture of the write-up so you can look them up.
π€£108π21π10β€4π₯°4π1π€―1
vx-underground
Someone used AI prompt injection to crypto drain $150,000... from a tweet. I would share the write-up and more information on it, but the person who did the write-up blocked me (I have no idea who they are). Instead, have a picture of the write-up so youβ¦
It's always interesting to scroll social media and find an account who blocked me.
I'm like, "dayum, this person HATES ME and I have no idea who they are or what I did".
In all fairness, I do post some dumb shit, so it's completely understandable.
I'm like, "dayum, this person HATES ME and I have no idea who they are or what I did".
In all fairness, I do post some dumb shit, so it's completely understandable.
π₯°86π18π6β€4π―4β€βπ₯1
> be insurance, but for ai slop
> in case ai sends money to stranger or nukes prod
> fast forward
> "ai is conscious, bro"
> man goes on social media
> beep boop to grok
> grok (totally conscious) transfers $150,000 to stranger
ITS AS THE PROPHECY FROM CORGI FORTOLD
> in case ai sends money to stranger or nukes prod
> fast forward
> "ai is conscious, bro"
> man goes on social media
> beep boop to grok
> grok (totally conscious) transfers $150,000 to stranger
ITS AS THE PROPHECY FROM CORGI FORTOLD
π₯°89π40π8π€£8β€5π₯3π2π1
I've got a really silly idea for malware.
Windows 11 now have Windows.Graphics from the Windows Runtime API.
You can use it for taking screenshots. It's supposed to be better than the native WINAPI method because something about GPU rendering stuff, I don't know, I can't remember.
Anyway
Windows 11 also ships with an OCR library from the Windows-something-something in the WinRT as part of their AI stuff.
The point being: I think I can take a fancy screenshot of an application, like Slack, Microsoft Teams, or Discord, using WinRT then use WinRT to OCR it into readable and parseable text from C/C++
It is basically a really convoluted way to do keylogging or espionage, or whatever.
For extra flavor, use WinRT to upload the OCRd text to a remote host. Why do this instead of WinHTTP or Windows Sockets? Literally no reason other than curiosity. I have no idea how this would appear under the scope of an EDR.
Sometimes you need to try silly things.
Windows 11 now have Windows.Graphics from the Windows Runtime API.
You can use it for taking screenshots. It's supposed to be better than the native WINAPI method because something about GPU rendering stuff, I don't know, I can't remember.
Anyway
Windows 11 also ships with an OCR library from the Windows-something-something in the WinRT as part of their AI stuff.
The point being: I think I can take a fancy screenshot of an application, like Slack, Microsoft Teams, or Discord, using WinRT then use WinRT to OCR it into readable and parseable text from C/C++
It is basically a really convoluted way to do keylogging or espionage, or whatever.
For extra flavor, use WinRT to upload the OCRd text to a remote host. Why do this instead of WinHTTP or Windows Sockets? Literally no reason other than curiosity. I have no idea how this would appear under the scope of an EDR.
Sometimes you need to try silly things.
π₯°71π€£30π12β€6π―5π€4π3π₯1
One of these days remind me to show you my folder of shame.
I have probably a hundred or more failed malware ideas. When I have a malware idea I don't even label it correctly anymore. I have project names like "aaaaa", "aaaaa(1)", "dsthingie", "firewallstuff", "tmpproject".
It's mountains of failed code. I am the grand emperor of failure.
I have probably a hundred or more failed malware ideas. When I have a malware idea I don't even label it correctly anymore. I have project names like "aaaaa", "aaaaa(1)", "dsthingie", "firewallstuff", "tmpproject".
It's mountains of failed code. I am the grand emperor of failure.
π₯°100β€32π€12π«‘11π€£7π7π₯4π€3π€3π1π―1
GitHub is for nerds.
Share your code as a text file on some shitty HTML site.
It's what God would want
Share your code as a text file on some shitty HTML site.
It's what God would want
π161π€£50π―14π8π₯7β€6π5π€4π€4π«‘3π₯°1
This media is not supported in your browser
VIEW IN TELEGRAM
i use arch btw
β€97π₯°34π€£22π₯5π1π’1