HackNoGood

@grok video generation is fun to play with.

@IanCarrollShow @DiligentDenizen If the “good guys” resign won’t they wrong people fill the slots? The corrupt system will need to be eatin from the inside out.

Do it Tulsi!!! 🇺🇸🇺🇸🇺🇸 You legitimately have an opportunity to help save the world. A responsibility even.

W1RETAP BRIEF – 19 March 2026 Zero-days are moving faster than patches. In the last 24 hours the threat landscape just hit the accelerator: A ransomware crew (Interlock) has been living inside unpatched Cisco Secure Firewall Management Centers since January — exploiting a CVSS 10.0 unauthenticated RCE that only got fixed on March 4. A brand-new iOS exploit kit called DarkSword is chain-attacking iPhones 18.4–18.7 with six zero-days. One malicious link = full device takeover, data exfil, and self-cleaning. Up to 270 million devices in the crosshairs. CISA just added two more actively exploited bugs (SharePoint deserialization RCE + Zimbra stored XSS) to the KEV catalog with aggressive deadlines. And a hacker going by “Internet Yiff Machine” claims they just walked out with 8+ million confidential U.S. police and Crime Stoppers tips spanning nearly four decades. If you run enterprise firewalls, carry an iPhone, or touch law-enforcement tech infrastructure… this one’s personal. Buckle up. Here’s everything you need to know. 1. Interlock ransomware actively exploits critical Cisco Secure FMC zero-day (CVE-2026-20131, CVSS 10.0)The Interlock gang has been using this unauthenticated remote code execution flaw (insecure deserialization leading to root access) in Cisco Firewall Management Center since at least January 26 — over a month before Cisco patched it on March 4. Amazon Threat Intelligence spotted the campaign targeting enterprise firewalls. 2. New “DarkSword” iOS exploit kit (6 vulnerabilities, multiple zero-days) hits iPhonesThis full-chain JavaScript-based kit enables complete device takeover on iOS 18.4–18.7 (affecting up to ~270 million devices) simply by visiting a malicious site. It’s linked to a suspected Russian state actor (UNC6353) targeting Ukraine, plus commercial spyware vendors. It steals messages, call logs, crypto wallets, Wi-Fi passwords, health data, and more before self-cleaning. Coordinated disclosures came from Google Threat Intelligence, Lookout, and iVerify. 3. CISA adds actively exploited SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog Microsoft SharePoint deserialization RCE (CVE-2026-20963) — federal agencies must patch by March 21. Zimbra Collaboration stored XSS (CVE-2025-66376) — deadline April 1. Urgent patching advised for government and enterprise users. 4. Hacker claims massive breach of U.S. police/Crime Stoppers tip platform. The hacker “Internet Yiff Machine” says they stole 8+ million confidential anonymous tips (93 GB of data spanning 1987–2024) from P3 Global Intel (part of Navigate360). Access was gained via social engineering on a customer account + exploiting a vulnerability. This affects law enforcement hotlines nationwide and could expose tipsters and ongoing investigations. Reported by Reuters and others. Other notable mentions Aura breach: ~900k marketing contacts (names, emails) exposed. Minor updates: New Perseus Android malware, ConnectWise ScreenConnect patch for hijacking risk, and ongoing DPRK IT worker sanctions. The Bottom Line The attackers aren’t waiting for Patch Tuesday. They’re already inside. Interlock owned your firewalls for over a month. DarkSword is live on hundreds of millions of iPhones right now. 8+ million police tips spanning decades? Already gone. Do this today, no excuses: • Patch Cisco Secure FMC immediately (or isolate it) • Force iOS updates on every device you control • Knock out the new CISA KEV entries (SharePoint + Zimbra) • If you touch law enforcement or tip-line systems: assume breach and start damage control Zero-days don’t sleep. Neither can you. Stay wired. I’ll be back in your inbox tomorrow with the next W1RETAP BRIEF. HackNoGood OUT!

@elonmusk Mr @realDonaldTrump if you could just give us all our taxes back that would be great. I don’t really want to fund fraud or terrorist.

Wow

@MikeBenzCyber Afro Mufukin M-A-N! This my dude.

I don’t even understand how this situation is possible to get into

This Afroman trial is bar none the best content on the Internet right now

🚨 SCAM ALERT: Heads up everyone, there is a clever phishing campaign hitting GitHub right now. Scammers are mass-tagging users in fake repository discussions, claiming you have a "$CLAW" or OpenClaw crypto airdrop waiting. Because of the mass tags, the emails actually come from GitHub's official notification system and bypass spam filters. The link in the email (often a share.google redirect) points to a phishing site designed to drain your crypto wallet. Do NOT click the link, do NOT connect your wallet. If you get tagged, please report the repository to GitHub Trust & Safety! Stay safe out there. 🛡️ #CyberSecurity #Phishing #ScamAlert #GitHub #Infosec

@steipete not sure if you need to be aware of this 🫡

Afro mufukin MAN ! I hope you win man, fuck Adams county.

@RoKhanna @RepThomasMassie @RepNancyMace @mtgreenee You act like the questions will be answered, I mean have you seen the DOW?

.@RepThomasMassie @RepNancyMace @mtgreenee & I are showing that you can stand for accountability of the Epstein class by working across the aisle and putting the American people before party. What questions do you think Bondi must answer under oath?

@DarkWebInformer Dude I love these terminal tools, so neat. I’ll eventually make my own when I have more time.

FBI Watchdog 3.0.0: A multi-layered domain monitoring tool that detects law enforcement seizures, DNS changes, HTTP fingerprint shifts, WHOIS record mutations, and IP address changes across clearnet domains and Tor onion sites. github.com/DarkWebInforme…

@dom_lucre Legendary YouTube rapper? Bruh this guy is a legend regardless lol he’s no “YouTube rapper” lol

🔥🚨BREAKING: Legendary YouTube rapper Afroman dropped a hit song a banger before his highly anticipated lawsuit against him goes to court Monday in Adams County, Ohio. Afroman can be seen calling many officers pedophiles and exposing the alleged corruption. Afroman just released “Batteram Hymns of the Police Whistle Blower” a day before the lawsuit heads to court. Afroman (aka Joseph Foreman) just dropped his new track Batteram Hymn of the Police Whistle Blower” only a day before his defamation trial kicks off in court. Adams County sheriff's deputies are suing him for defamation, invasion of privacy, and intentional infliction of emotional distress. The claims stem from music videos (including the viral "Lemon Pound Cake") that incorporated footage from the night deputies raided his home—allegedly causing vandalism and property damage while searching for drugs (finding nothing and charging no one), and supposedly walking away with around $400 of his cash. In this fresh release, Afroman directly names the deputies involved, weaves in raid photos and videos as evidence, and layers on some AI-generated comedy to roast the situation and highlight his side of the story.

Anybody else getting the run around with chatting with AI?

@tryhackme Privacy

Which cyber security topic do you think is becoming more important every year? Drop yours in one word or ten, would love to see where people's heads are at 👇

Can’t wait to see this 👀 @NVIDIAAI #NemoClaw

DRILLAPP BACKDOOR TARGETS UKRAINE Russia linked actors are pushing DRILLAPP, a JavaScript backdoor wrapped in judicial and charity themed lures aimed at Ukrainian entities. It abuses Microsoft Edge debugging flags for stealth ops, pulling files, recording mic audio, snapping webcam shots, and grabbing screen data. Ties back to prior Laundry Bear activity against defense forces. Keep hunting anomalous Edge processes and flag those lures fast.

@vxunderground Have you tried turning it off and back on?

I want to share something. I don't expect anyone to care. I just want to scream into the void. I've accomplished everything I've ever wanted to do with malware. There isn't really a malware thingy that's popped up that I haven't seen or done. My malware code repository of stuff I've written dates back to like, 2009. I've released dozens upon dozens of never before seen (at least publicly) malware snippets and ideas. I'm standing at this weird cross road where I'm standing at the peak and I'm kind of looking around like ???. What do I do now? Options: 1. Keep finding new stuff for usermode Windows malware 2. Venture outside usermode to kernel mode malware 3. Switch focus, focus on initial access or stager stuff, not final payload 4. Switch focus, focus outside Windows to different platforms 5. Switch to defense, develop ways to detect malware 6. ??? There is always more to learn and do. But, I've been climbing vertically for like, 20 years, and in order to keep climbing I need to find a different path.

Why am I getting a notification like this when doing a driver update from the @nvidia desktop app?

So where are these documents on UFOs and aliens at?

FBI Steam malware alert - NOT Steam's fault! The investigation targets 7 indie games with hidden infostealer malware (May 2024–Jan 2026). They stole logins, crypto wallets & more. Affected games: • BlockBlasters • Chemia • Dashverse (DashFPS) • Lampy • Lunara • PirateFi • Tokenova

@sarahadams We got our eye on them? Go get them then. Du fuq lol

What!?