We were under the impression, based on scarce details we received, this was a remote-code-execution 1337 exploit. This is not a super 1337 bug. This is... probably one of the silliest things we've seen in awhile...

Translation:

lmfao if u make an accnt or something named like, "420 Trigger Bot 420" n send ur ops a friend request the anticheat thinks they got a cheat loaded cuz of the "Trigger Bot" word. LMFAO 💀💀💀.theyll get banned n then u just tell everyone theyre cheaters. ez W

Anytime we hear about a big hack, or exploit, or some crazy news, 99.9% of the time its something ridiculously simple.

> cod exploits?
> "Trigger Bot"

> MGM hacked?
> called helpdesk, ask for password reset

> Trump hacked?
> login password request from aol account

Today following the disclosure of a Call of Duty Ricochet vulnerability which allows the arbitrary banning of users, another researcher operating under the moniker "Timoxa5651" disclosed a method to arbitrarily banning users under the BattleEye anticheat

https://www.unknowncheats.me/forum/anti-cheat-bypass/667333-bannleeye-banning-arbitrary-players-using.html#post4228108

Threat Actors: our malware is FUD, completely evasive, and is cutting edge.

Also Threat Actors: Hardcoded string letting analysts know how they feel about the new Google Chrome updates, also inadvertently making it easier to identify them.

Image via RussianPanda9xx

Stole the format from this cat meme.

> go to doctors office
> nurse comes in
> logs into room PC
> talks
> leaves room
> doesn't lock PC

fighting intrusive thoughts 🙏

Yesterday it was reported via TechCrunch and GossiTheDog that Microsoft has made, as what we describe, an oopsie doopsie.

Microsoft lost customer security logs for their cloud product from September 2nd - September 19th.

¯\_(ツ)_/¯

More information: https://techcrunch.com/2024/10/17/microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products/

Hello,

We were unaware the cute wizard cat image we used was associated with a cryptocurrency. We are not shilling cryptocurrencies, we just think it's a cute kitty cat. In other news, thanks to this discovery, we have found more cute wizard kitty cats.

Let's discuss university degrees and whether or not they're required for cybersecurity.

This may come as a shocker to some people, but universities are higher education institutions. Universities are not job fairs. If you attend a university your primary objective is to get an education and hope that this can directly transform into getting a career where you can apply this knowledge. A university does not necessarily mean you're being taught cutting edge material and it does not guarantee a job anywhere.

An education is not the same as on the job experience and it does not directly correlate to what is (or is not) trending in the market place. Some employers discriminate against people who do not hold a degree because they believe the person may lack sufficient educational requirements for the position, but fail to realize on the job experience may be superior to a traditional higher education route.

If you've got a degree, that is very cool. Congratulations.

If you do not have a degree, that is very cool. Congratulations.

Cybersecurity is a unique career field in that there is no traditional career path to reach the 'end goal'. It is a flexible career field and can accommodate essentially anyone regardless of how they tailored their skills.

Having a degree does not make you a superior person. Not having a degree does not make you a superior person. We are all colleagues. Be nice to each other.

Enjoy your weekend.

> post we might charge companies to get access to vxug so they stop leeching
> companies actually contact us asking for pricing and legal agreements to use for commercial usage

mfw didnt think wed get this far and actually have vendors contact us

We thought us posting bullshit online and memeing was like, whatever. Today we learned actual large cybersecurity vendors do indeed actually pay attention to us. Now we wonder how many of you are actually feds.

Hello,

We are aware that someone has created a BlueSky named "vx-undergroundre". The account notes it is not official — it is essentially a repost bot.

We don't know who this person is, but it's not uncommon for people to do community off-shoots of our work.

We are aware of projects such as "vx-playground" and "vxchat tmp(3)" which act as small community groups to discuss malware.

We're super happy we inspire people to do stuff. We have no problem with it.

> afk all saturday
> get home
> check emails and messages
> *scroll* *scroll*
> cat pics
> *scroll* *scroll*
> schizophrenic messages
> *scroll* *scroll*
> message from someone on fbi most wanted

Normal weekend

We've also had someone sending us the N-word every single day in protest of us not having a chatroom. They've sent us the N-word every single day since July.

Their persistence is impressive

The Internet Archive users are reporting to have received this e-mail just moments ago.

It appears that the person(s) who compromised The Internet Archive still maintain some form of persistent access and are trying to send a message.

Information and photo courtesy of zenullfur