vxdb

follow @vxgiveaways for free stuff

FBI disrupts the largest IoT botnets, including Aisuru, Kimwolf, Jackskid, and MossadIOT Together, Law Enforcement estimates around 315,000 DDOS attacks from these botnets alone justice.gov/usao-ak/pr/aut…

Every new feature an AI company releases, they kill like 5 startups

@Dexerto @vxunderground

The cat behind multiple TikTok memes has gone viral after his owner shared the original images Ganymede is 15 years old and blind

@osintnewsletter @arkham @Dune @internetarchive @censysio @shodanhq

🚨 Launching: The OSINT Tools Library A curated, investigator-first directory of tools used in real cases. → Tools.OSINTNewsletter.com We’re building the largest and best maintained OSINT tools resource and need your help. Reply and tag a tool we should add 👇

@deobfuscately Next is banana botnet?

Potassium Botnet Installer: http://169[.]40[.]135[.]69/1000mgofpotassiumaday/arm7 C2: potassium[.]vitacocoyougolocobecauseyouaresodamndeliciocobarampam[.]st #ioc #hunting #mirai

@1Password Oh hell nah

Today we’re introducing 1Password® Unified Access. As AI agents start operating inside real production environments, organizations need visibility into how credentials and access are actually used. Unified Access helps security teams discover, secure, and audit access across humans, machines, and AI agents. 🔗 More here: bit.ly/4dq2pjO

My friends at Flare are hosting a Webinar on March 24th, where they will be chatting about bulletproof hosting providers Their trainings and webinars are actually good, and I've been to almost every single one over the past year Sign up here: flare.registration.goldcast.io/webinar/44fb2a…

famous last words "no security issues"

Just wait until it deletes all of your emails and leaks API keys on X

When tf did this drop

Everyone please go read my friends new blog post on the Russian Market

@vxunderground Try new platforms either mac or linux, or maybe get into anti-virus stuff. Start tinkering around with new things and see what you like.

I want to share something. I don't expect anyone to care. I just want to scream into the void. I've accomplished everything I've ever wanted to do with malware. There isn't really a malware thingy that's popped up that I haven't seen or done. My malware code repository of stuff I've written dates back to like, 2009. I've released dozens upon dozens of never before seen (at least publicly) malware snippets and ideas. I'm standing at this weird cross road where I'm standing at the peak and I'm kind of looking around like ???. What do I do now? Options: 1. Keep finding new stuff for usermode Windows malware 2. Venture outside usermode to kernel mode malware 3. Switch focus, focus on initial access or stager stuff, not final payload 4. Switch focus, focus outside Windows to different platforms 5. Switch to defense, develop ways to detect malware 6. ??? There is always more to learn and do. But, I've been climbing vertically for like, 20 years, and in order to keep climbing I need to find a different path.

Hi if you work at a tech company and want to collaborate on a giveaway please reach out to @vxgiveaways or message me directly via Email or Signal Weather it be merch, trainings, certificates, free subscriptions, literally anything cool :)

@EricParker 👀

FBI is seeking information from victims related to the Steam Malware incident over the last 2 years, including the BlockBlasters / Rastaland situation.

The FBI needs to investigate @vxunderground there’s way more malware on their platform

@vxunderground @BleepinComputer Can’t wait to see a 1pb torrent and have my ISP scream at me

Today @BleepinComputer published a story on a company named Telus Digital being compromised by a Threat Group operating under the moniker "ShinyHunters', a reference to Pokemon. GTIG (Google Threat Intelligence Group) has been tracking ShinyHunters under the label UNC6395. UNC6395 has been targeting enterprise organizations since at least August, 2025 by exploiting compromised OAuth tokens to gain access to company SalesForce instances. Upon successful compromise, UNC6395 attempts vertical or horizontal movement by combing through the compromised SalesForce data. At a currently unknown time, UNC6395 successfully compromised Telus' SalesForce instance which allowed them to pivot elsewhere within the organization. The amount of data UNC6395 claims to have compromised is astronomical. They claim to have exfiltrated over ONE PETABYTE of data (compressed as .tar.xz). While Telus has confirmed the compromise, the exfiltration of ONE PETABYTE of data indicates the compromise may have occurred weeks, possibly months, ago. Telus as of this writing has not given additional details on the compromise (more on that later). I am unable to confirm the validity of the data, primarily because I do have the means to reliably comb through a petabyte of data. However, "snippets" and "samples" have been shared. Based off data seen, the compromised appears authentic. Here is a high-level overview of what was allegedly compromised and successfully exfiltrated. - Employee Full Legal Name - Employee National ID Number and/or SSN - Telus hashed passwords, API keys, OAuth tokens - Call record details - Call meta data - Telecom customer PII (First Name, Last Name, Address) - HR records - Agent performance records - SalesForce accounts, contacts, leads, and records - Financial records (ACH routing numbers, etc) - GitHub repository access to an additional 20 organizations adjacent to Telus (20,000 internal source code projects) - Customer and Agent call records in .wav - 14,139 customer database instances, all containing customer PII (unspecified) - GLEAN TELUS background check files. UNC6395 has access to FBI, RCMP, and CISA background checks. - GLEAN TELUS confidential reports on investigations - GLEAN TELUS confidential reports on tax filings (?) - ... just search "GLEAN" on Google If what UNC6395 states is true, this breach impacts approx. 230M companies across the globe. Based on information seen publicly, ... it looks bad. However, as of this writing, Telus has not done anything other than confirm the compromise with some journalists. I suspect they're currently performing a DFIR (Digital Forensics and Incident Response) and forming a strategy to combat this technologically, legally, logistically, and PR-wise. Is UNC6395 telling the truth? Is this compromise as severe as it appears to be? When will TELUS provide more details? Will impacted customers be notified? Is law enforcement mad their background checks are allegedly compromised? Find out next time on Dragon Ball Z

Yesterday, Europol, along with other global Law Enforcement shutdown the SocksEscort proxy provider as part of Operation Lightning. SocksEscort, allegedly compromised over 369,000 routers and had around 35,000 customers over the years Law Enforcement seized 34 domains, 23 servers located in seven countries, and froze a total of USD 3.5 million in cryptocurrency during the takedown

Another ransomware negotiator at DigitalMint was named, working as an insider with ALPHV to help conduct attacks on a number of victims. Martino shared confidential information regarding ongoing negotiations with ALPHV/BlackCat operators. On Tuesday, Angelo Martino was charged with one count of conspiracy to interfere with interstate commerce by extortion.

In before this thing has a major security vulnerability this has the same vibe as "military grade encryption"