Church of Malware

19 posts

Church of Malware

Church of Malware

@ChurchofMalware

https://t.co/bSURMLdwPR

Katılım Mayıs 2026
28 Takip Edilen41 Takipçiler
International Cyber Digest
International Cyber Digest@IntCyberDigest·
Last month I took Nightmare-Eclipse out for dinner. He's the person behind all those Windows zero-day PoC drops. He wanted to eat fish — a specific kind of fish. I'm not really fond of fish, so I had no idea where you could even get it; it's always something my brain skips over when reading a menu. I took him to a restaurant where he could have fish and I could have steak. When he took his first bite, he almost choked — he hadn't expected the bones to still be in it. I'd forgotten to warn him. After that, he started picking the fish apart with nothing but his knife. He went at it so methodically you'd think he ate fish like this for a living. He's a bright young fella, to say the least: very calm and professional. And after hearing his story, it sounds to me like Microsoft really screwed him over and sent him off the rails. I'm not allowed to say more, but this story still hasn't ended — that's for sure. Things will keep going like this for a while.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
49
59
1.1K
64K
Church of Malware retweetledi
b0t 👽🏴‍☠️
b0t 👽🏴‍☠️@bot59751939·
Local models Encrypted chats Physical media
English
0
2
10
532
Church of Malware
Church of Malware@ChurchofMalware·
Summer time is for bikinis GitHub has already banned our summer fun So The Church has resurrected it xo https://git.churchofmalware[dot]org/bikini_mirror/EXPLOITARIUM/src/branch/main
Church of Malware tweet mediaChurch of Malware tweet media
English
0
0
0
97
Church of Malware
Church of Malware@ChurchofMalware·
@ChaoticEclipse0 That’s what I’m sayin too homie haha Let’s set something up for you on our server xo Ttyl
English
0
0
0
21
Nightmare Eclipse
Nightmare Eclipse@ChaoticEclipse0·
Can't a person have a slight disagreement with a multitrillion dollar corporation ?
English
4
15
402
7K
Nightmare Eclipse
Nightmare Eclipse@ChaoticEclipse0·
Welp it's official, blogger started removing my posts as well, crazy how even google is hating me now. Is that like supposed to make stop ? Kinda feeling even more motivated.
English
51
132
1.6K
50.7K
Church of Malware retweetledi
Nightmare Eclipse
Nightmare Eclipse@ChaoticEclipse0·
Two zerodays this month, hope I can do more next month
English
52
95
1.8K
61.4K
Church of Malware
Church of Malware@ChurchofMalware·
Looks like our little Church is already making waves. @vxunderground got triggered. Cute. Go cry into your cat photos. We're not here for your approval, validation, or "industry standards." We don't need your permission to exist.
English
0
0
1
105
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs." The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can. Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept. He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
57
335
2.2K
279.5K
Nightmare Eclipse
Nightmare Eclipse@ChaoticEclipse0·
They forgot to add "We will only pursue legal action if you don't do it exactly like we told you to do it and even if you do it like we told you to, we will still sue you anyways." That public threat could've been just an email for me, but you know I don't care enough.
English
4
15
646
19.3K
Nightmare Eclipse
Nightmare Eclipse@ChaoticEclipse0·
Everyone except me ? We are in fact still in court over this.
Microsoft Security Response Center@msftsecresponse

Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously. To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate. We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them. Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow. The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.

English
36
243
2.6K
148.8K
Church of Malware
Church of Malware@ChurchofMalware·
MicroSLOP is a joke
Microsoft Security Response Center@msftsecresponse

Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously. To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate. We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them. Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow. The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.

English
0
0
2
217
Microsoft Security Response Center
Microsoft Security Response Center@msftsecresponse·
Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously. To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate. We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them. Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow. The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.
English
309
106
477
593.4K
Church of Malware
Church of Malware@ChurchofMalware·
@ChaoticEclipse0 We built you a gitea server that connects to our website 🦋 please email ek0ms or message us here for your login. We have your back 🏴‍☠️
English
0
0
0
20
b0t 👽🏴‍☠️
b0t 👽🏴‍☠️@bot59751939·
@Breaking911 whatever, mountain lions legitimately just leave you alone. i've come across one out in the mountains by myself, he just checked me out and noped out. they are actually very shy.
English
6
0
18
7.6K
Breaking911
Breaking911@Breaking911·
A Santa Monica homeowner says she was relaxing in her yard Friday when she noticed what she initially believed was a house cat—until she realized it was a mountain lion. She took shelter inside her home big cat calmly lounged just a few feet away.
English
332
916
8K
1.1M
Church of Malware
Church of Malware@ChurchofMalware·
@ChaoticEclipse0 Hello fren 🦋 the church of malware stands with you 🏴‍☠️ we host your code on our website. Let us know if you need anything or if we can help. We have your back.
English
0
0
1
422