James Matchett 🔜 bsky

A bit of news, I’m making the big leap from Belfast to London Really grateful for all the friends, family, cyber geeks and my work for supporting me ❤️ If you’re devastated by the thought of me not being around, you’ve not gotten away that easily, I’m back once a month! 😁

@vxgiveaways @vxunderground Yes please I love vouchers :))

Hi, since we still have like 370 vouchers for the CyberWarfareLab Infinity Pro Plan we are going to use this tweet to pick winners. I was using the old tweet on the main account but a lot of people didn't respond. So please comment below if you want to win. Thank you

@vxunderground The first question is who could afford that, second question is who has data they’d value at that amount

WHO THE FUCK DID THEY RANSOM FOR 964 BTC

Chat, I'm not a crypto nerd. In this Scattered Spider court document, they state Mr. Jubair a/k/a Earth2Star received approx. 920.16BTC from performing ransomware attacks. How difficult is it to safely launder 920.16BTC? (approx. $108,062,646 as of this writing)

Meta and Russian Yandex engaged in unprecedented internet tracking practices, likely illegal with EU data protection law. Companies designed tracking systems that exploited Android's localhost socket permissions to create covert communication channels between websites and native mobile apps, bypassing Android's app sandboxing protections. Android allows any app with internet permission to listen on localhost ports without user consent, and web browsers can access these localhost interfaces. When users visit websites containing Meta Pixel or Yandex Metrica scripts, the JavaScript tracking code sends data directly to specific localhost ports (Meta uses UDP ports 12580-12585 via WebRTC, Yandex uses TCP ports 29009-30103 via HTTP). Facebook, Instagram, and Yandex apps run background services that actively listen on these predetermined ports to receive tracking data, then link this anonymous web activity to authenticated user accounts and transmit the combined data to company servers. This technique affects billions of Android users and renders privacy protections like incognito mode, VPNs, and cookie clearing completely ineffective. Meta Pixel attempted localhost communications on over 17,000 of the top 100,000 websites, with 78% doing so without user consent. The method allows comprehensive profile building linking anonymous browsing to real identities, tracking everything from shopping to sensitive site visits. It also creates vulnerabilities where malicious apps could eavesdrop on browsing history by listening on the same localhost ports. This surveillance operated without disclosure. Following public disclosure, Meta immediately ceased the practice and removed related code while browser vendors scrambled to implement protections. The practice violates multiple GDPR and ePrivacy principles. The technique transforms supposedly anonymous first-party cookies into cross-site tracking identifiers without explicit consent, violating ePrivacy Directive requirements for cookie consent and GDPR's lawful basis for processing. By secretly linking web browsing to app-based identities, it constitutes undisclosed profiling that undermines user expectations and data minimization principles. This is a material for max #GDPR fine. localmess.github.io

@GettinsMathew @BSidesDublin None yet I’m afraid!

@JMMatchett @BSidesDublin Any luck @JMMatchett I am also looking for one

Anyone in the infosec sphere potentially selling a ticket for @BSidesDublin May procrastination has once again come to bite me 😁😁 Thanks all!

Our fundraising quiz is proving to be popular! Thanks to everyone who came along - we had to find more chairs! Huge thanks to @larianstudios for gifting us keys to @baldursgate3 for our raffle! Also to @comicbookguysni and @replaybangor - thank you 🎮♥️ #IVGO #vgm #gaming

We should do some kind of weird impromptu malware meetup. Like, we all show up at an anime store or something and exchange our favorite pictures of cats.

Meet the new team. We’re delighted to welcome three new leaders to scale and solidify our support for the enterprise market. Welcome to the team! #SoftwareSupplyChain #ArtifactManagement #DevOps

@vxunderground TLDR; malware on big screen good! 👍 Malware on tiny screen in short form content bad 👎

In all seriousness, we've had a few people link us YouTube videos covering popular compromises by Threat Actors in a YouTube video essay-like format. It's really cool stuff — we're glad people are creating cool content designed for everyday normal people so they can get a glimpse in the cybersecurity ecosystem. However, from our perspective, we can't watch these cybersecurity and/or malware related videos. It's like, we post about malware online, we do malware stuff for work-work, we do VXUG work, we research malware, collect malware, discuss malware, write malware, reverse malware, meme malware, cover malware news. Malware is our lives. If malware seeps into our tiny little safe space of YouTube brain rot, we might all collectively end up in a psychiatric facility. tl;dr malware all day, want to watch 30 second clips of cats on internet, need escape from malware when sleepy time

tldr yt videos

@lukOlejnik Fascinated to find out more about the error rates of photon reads and average time for key derivation over such a long distance

Poland now has the largest quantum key distribution network in Europe, and second after China. Pionier-Q – 1 770 km.

London. A meaningful and warm meeting with Prime Minister @Keir_Starmer. During our talks, we discussed the challenges facing Ukraine and all of Europe, coordination with partners, concrete steps to strengthen Ukraine’s position, and ending the war with a just peace, along with robust security guarantees. A principled statement of support from the Prime Minister and an important decision: today, in our presence, Ukraine and the United Kingdom signed a Loan Agreement. This loan will enhance Ukraine’s defense capabilities and will be repaid using revenues from frozen Russian assets. The funds will be directed toward weapons production in Ukraine. This is true justice – the one who started the war must be the one to pay. I thank the people and government of the United Kingdom for their tremendous support from the very beginning of this war. We are happy to have such strategic partners and to share the same vision of what a secure future should look like for all. 🇺🇦🇬🇧

@h4x0r_dz You could say safe has kicked the bucket

Breaking Update on the ByBit Hack 🚨🚨🚨🚨 It has been confirmed that the Lazarus Group compromised Safe{Wallet}’s AWS S3 bucket and injected malicious javascript code that resulted in a $1,400,000,000 loss. If you report this to Safe, you might get a $500 bounty.

City Hall will be illuminated in blue & yellow this evening to show solidarity & support for Ukraine on the three-year anniversary of the Russian invasion. #BelfastLightsAtNight

Last Chance for Early 🐤 Tickets – Offer Ends This Friday 🎟️❗ Book online 👉 beltech.co #BelTech25

defending freedom and not going anywhere. thank you to everyone who is standing with us.

@AnnaMonaghan12 @NIfoodanddrink Congratulations!

Absolutely delighted to share my new position as Business Development Executive with @NIfoodanddrink! Excited for the opportunities, challenges and learnings ahead 🙏😊nifda.co.uk/about-nifda/pe…

It was a pleasure serving on the @CISAgov Technical Advisory Council, which has now officially been shut down 🫡

wow. Upon Court order, incriminating exhibits were unsealed at 3:30am in an AI lawsuit against Meta. Once past a 'fake privilege,' it appears Zuckerberg approved the use of a highly controversial, pirated dataset. Note OpenAI, too? AI companies with no ethics or guardrails. /1

@vxunderground @whid_ninja 🤞

Hello, we're doing a giveaway because we missed 1 giveaway from December. Our friend @whid_ninja hooked us up with their Offensive Hardware Hacking Training course. This is self-paced and comes with an exam voucher. It also comes with a hardware hacking kit and other cool gadgets. Using this course requires you signing an NDA with WhidNinja, you have to pinky promise not to leak the material, or something. See subsequent post for more details. If you want to become a cool and badass hardware hacking nerd, leave a comment below for a chance to win. - Winners will be selected randomly in the next 24 hours. - We will DM winners. - If you do not confirm your win in 24 hours a new winner will be selected - If your DMs are closed, you automatically forfeit your prize