DorXNG - Next Generation DorX. Built By Dorks, For Dorks

DorXNG is a modern solution for harvesting OSINT data using advanced search engine operators through multiple upstream search providers. On the backend it leverages a purpose built containerized image of SearXNG, a self-hosted, hackable, privacy focused, meta-search engine. Our SearXNG implementation routes all search queries over the Tor network while refreshing circuits every ten seconds with…

View On WordPress

Ransomware: Un rischio in crescita per l'economia globale. Entro il 2031, danni stimati per 265 miliardi di dollari e l'ultimo caso di InfoCert

Un panorama in espansione per i cyberattacchi I danni globali causati dai ransomware potrebbero raggiungere la cifra impressionante di 265 miliardi di dollari entro il 2031, con un impatto economico e sociale senza precedenti.

Un panorama in espansione per i cyberattacchi I danni globali causati dai ransomware potrebbero raggiungere la cifra impressionante di 265 miliardi di dollari entro il 2031, con un impatto economico e sociale senza precedenti. La diffusione di questo tipo di attacco informatico, che compromette i dati di aziende e istituzioni richiedendo riscatti milionari, rappresenta una delle minacce più…

do you have any advice for those in the very early stages of thesis-writing? currently desperately clinging to the mantra of "shitty first drafts," et al

Unfortunately, there is no place where you will more whole-assedly have to embrace the "shitty first draft" mantra than in academic writing, especially in thesis writing, especially if this is your first-ish crack at an advanced and major piece of original research. I'm not sure if this is for an undergraduate senior thesis, a MA-level thesis, or (my true and heartfelt sympathies) a PhD dissertation, but the basic principles of it will remain the same. So there is that, at least. This means that yes, you will write something, you may even feel slightly proud of it, and then you will hand it into your supervisor and they will more or less kindly dismantle it. You have to train yourself to have a thick skin about this and not take it as a personal insult, and if your supervisor is remotely good at their job (not all of them are, alas) they will know how to be tactful about it and not make it feel like a direct and extensive commentary on your private worth as a person. But you will have to swallow it and do what you can, which can include -- if you're the one who has done the research and know that's how you want to present it and/or you are correct about it -- pushing back and having a conversation with them about how you think your original approach does work best. But that will come later. The first step is, yes, to mentally gird yourself to receive critical feedback on something that you have worked hard on, and to understand that no matter how much you grump and grumble and deservedly vent to your friends and so on, implementing the feedback will usually make your piece better and stronger. That is the benefit of working with a trained expert who knows what makes a good piece of research in your particular academic field, and while it doesn't get easier, per se, at least it gets familiar. Be not afraid, etc.

If you're in the writing stage, I assume that you've moved past the topic-selection and general-research stage, but allow me to plump once more the services of your friendly local university library. You can (or at least you can at mine and probably in any decently well-equipped research university) schedule a personal consultation with an expert librarian, who can give you tips on how to find relevant subject databases, create individual research guides (these might already be available on the university library website for classes/general topics), and otherwise level you up to Shockingly Competent Research Superhero. So if you're still looking for a few extra sources, or for someone else who might be reading this and is still in the "how the heck do I find appropriate and extensive scholarly literature for my thesis??" stage, please. Go become a Research Ninja. It's much easier when you have a minion doing half the work for you, but please do appreciate and make use of your university librarian. It's much more effective than haphazard Google Scholar or JSTOR searches hoping to turn up something vaguely relevant (though to be fair, we all do that too), and it's what your tuition dollars are paying for.

Next, please do remind yourself that you are not writing the whole thesis in one go, and to break it down into manageable chunks. It usually does make sense to write the whole thing semi-chronologically (i.e. introduction, lit review, chapter 1, chapter 2/3/4 etc, conclusion), because that allows you to develop your thoughts and make logical connections, and to build on one piece to develop the next. If you're constantly scrambling between chapters and zig-zagging back and forth as things occur to you, it will be harder to focus on any one thought or thread of research, and while you might get more raw output, it will not be as good and will require more correction and revision, so you're not actually hacking yourself into increased productivity. You should also internally structure your chapters in addition to organizing your overall thesis, so it makes sense to draw up a rough outline for section A, section B, section C within the body of a single chapter. This will make you think about why the segues are going in that order and what a reasonably intelligent reader, who nonetheless may not have the specialized knowledge that you are demonstrating for them, needs to move understandably from one section to the next.

Some academics I know like to do an extensive outline, dumping all their material into separate documents for each chapter/paper and kneading and massaging and poking it into a more refined shape, and if that works for you -- great! I'm more of the type that doesn't bother with a ton of secondary outlines or non-writing activity, since that can lead you away from actually writing, but if you need to see the fruit of your research all together in one place before you can start thinking about how it goes together, that is also absolutely the way that some people do it. Either way, to be a successful academic writer, you have to train yourself to approach academic writing in a very different way from fun writing. You do fun writing when you have free time and feel inspired and can glop a lot of words down at once, or at least some words. You do it electively and for distraction and when you want to, not to a set timeline or schedule, and alas, you can't do this for academic writing. You will have to sit your ass down and write even when you do not feel like writing, do not feel Magically Inspired, don't even want to look at the fucking thing, etc. I have had enough practice that I can turn on Academic Writing Brain, sit down, bang something out, sit down the next day and turn on Academic Editing Brain, go over it again, and send it off, but I have been in academia for uh, quite a while. The good news is that you can also automate yourself to be the same way, but the bad news is that it will take practice and genuine time invested in it.

As such, this means developing a writing schedule and sticking to it, and figuring out whether you work best going for several hours without an interruption, or if you set a timer, write for a certain time, then allow yourself to look at the internet/answer texts/fuck around on Tumblr, and then make yourself put down the distraction and go back to work for another set period of time. (I am admittedly horrible at putting my phone away when I should be doing something else, but learn ye from your wizened elders, etc.) You will have to figure out in which physical space you work best, which may not be a public coffee shop where you can likewise get distracted with doing other things/chatting to friends/screwing around on the internet/doomscrolling/peeking at AO3, and to try to be there as often as possible. It might be your carrel in the library, it might be your desk at home, it might be somewhere else on campus, but if you can place yourself in a setting that tells your brain it's time to work and not look at WhatsApp for the 1000th time in a row, that is also beneficial.

Finally, remember that you do not have to produce an absolutely world-beating, stunningly original, totally flawless and perfect piece, even in its final form. Lots of us write very shitty things when we're starting out (and some of us, uh, still write very shitty things as established academics), and you do not have to totally redefine your entire field of study or propose a groundbreaking theory that nobody has heard of or anything like that. A lot of academic work is small-scale and nuanced, filling in spaces on the margins of other things or responding or offering a new perspective on existing work, and it's best to think of it as a conversation between yourself and other scholars. They have said something and now you're saying something back. You don't need to be so brilliant that everyone goes ZOMGZ I HAVE NEVER HEARD OF THAT BEFORE; by its nature that happens very rarely and is usually way out on a limb (extraordinary claims require extraordinary evidence, etc); you just need to continue the dialogue with a reasonably well-constructed and internally plausible piece. So if you think of it that way, and understand that a shitty first draft will usually develop into something that is good and valuable but not SHOCKING NEW REVELATION clickbait hype, you will take some of the pressure off yourself and be more able to shut up that perfectionist voice in your head. However, all of us have some degree of imposter syndrome and it never entirely goes away, so you'll have to manage that too. Etc etc as before, it doesn't vanish altogether, but it gets easier.

And last but not least, though I'm sure I don't have to say this: for the love of fuckin' god, do not use ChatGPT. Even the genuinely shittiest paper in the world that you still worked on researching, organizing, and writing with your own brain is better than that. Trust me.

BLOCKY 90s COMPUTER – NPT / ID PACK — ★

System names: The Error Codes, The Windows, The Personal Computer, The Hard Drive, The Glitches, The Cursor Collective, Screen Death, Core Dump, Fatal System Error, Hardware Reset, The Computer Collective, The Dialup System, The Internet, Collective Digitality

Names: Cirrus, Colossus, Sia, Athena, Raven, Ditz, Crash, Syntax, Static, Glitch, Error, Digital, Digi, Pixel, Exe, Megabyte, Terabyte, Gigabyte, Byte, PC, Com, Cube, Cubic, Cubix, Internet, Net, Data, Cyber, Google, Alexa, Siri, Linux, Mac, Apple, Cloud

Pronouns: they/them, it/its, zero/zeros, one/ones, 0101/1010s, voi/void, glitch/glitchs, error/errors, block/blocks, bluescreen/bluescreens, byte/bytes, tech/techs, windows/windows, 365/365s, PC/PCs, mouse/mouses, computer/computers, data/datas, tech/techs, tech/technical, internet/internet, net/nets, web/webs, disc/discs, .exe/.exes, exe/exes, 404/404s, ctrl/ctrl, shift/shifts, alt/alts, del/dels, caplock/caplocks, .com/.coms, .org/.orgs, .net/.nets, hack/hacks, HTML/HTMLs, JPEG/JPEGs, PNG/PNGs, ZIP/ZIPs, key/keys, hardware/hardwares, software/softwares, RAM/RAMs, 🌐/🌐s, 🔌/🔌s, 📀/📀s, 💽/💽s, 💾/💾s, 🖱️/🖱️s, ⌨️/⌨️s, 🖥️/🖥️s, 💿/💿s, 🖨️/🖨️s, 🔈/🔈s, 🔉/🔉s, 🔊/🔊s, 🔇/🔇s, 🖲️/🖲️s, 🛜/🛜s, 📁/📁s, 📂/📂s, 🗃️/🗃️s

Titles: The windows shutdown, The task manager, It who controls the cursor, It who cannot backup your information, It who has 1GB of brain space, It who runs games, It who whirrs when powered on, It who needs a cord, It who feeds on electricity and laughter, It who makes others smile, It who glitches, It who is disconnected, It who processes, The blue screen of death, It who is completely digital, It who has infinite functions, It who is limitless, The sentient computer

Labels: ancianaldern, computypen, robotthing, glitchlexic, techbodiment, aiwarix, cyberthing, bytegender, virtulonogia, techthing, Y10Kglitchic, technarian, phostechial, oldwebcitian, techrobai presentations, mechakeyboardic, keyboardsoundic, HTMLgender, hackgender, guy.exeic, genderprogram, gendercodex, errowebic, webot, webicoded, edgywebaesic, compuvior, compuvesil, computerredacted, computergender, computerkin, computergender², comphonum, codestelic, virtualexic, digitalexic, glitchsilly, 🌐💾emojic, virtualthing, webirus, webcorething, digiminalwebic, computergender³, webcoric, abstratechgender, techrobai, gendersoftware, gendervirtual, genderhacker, artificial intelligence, glitchgender, androidgender, youareanidiotvirusic

System roles: database, techie

Requested by: anon

OKAY TYPING OUT ALL THE DOUBLE MEANINGS CAUSE UNKNOWN (TILL THE END) IS MY FAV SONG TITLE!!!!

this ones easy, unknown (till the end) stands for tills feelings that remain hidden till the end, but the brackets also imply that its not just that the feelings remain hidden till the end, the feelings themselves will also last till the end too.

ofc tills name is in his own song. till the end right? but so is mizis!!!! the word unknown in korean is miji!!!! its pronouced basically the same!!!! thats why when you google translate mizis name they translate it as unknown (eg. mizis fist -> unknown fist) unknown till the end is a play on words!!!! its mizi (till the end)!!!! it has both their names in there!!!!!! he is literally one step away from calling his song mizitill (cough cough lwj)

till seems to have hijacked the song/system in the starting part of r2 we can clearly hear a different song starting the round off, does this mean that its written down as unknown in the database? cause its a hacked in song? is just till the end the actual name of the song and thats why its in brackets?

unknown (till the end) is also fun cause in the song covers we have mizi singing the cover (with till as harmony)

it reflects the title of the song!!!! wow!!!!!!

theres also another interpretation that could be pulled of mizi being the only survivor of alien stage cause its just mizi till the end but i have elected to ignore that one for my personal mental health

can u do bucci gang with a reader who is like edward from cowboy bebop(platonic pliz)

sure, i've barely seen any cowboy bebop so i'm going off what i googled on this character, hope u enjoy ty for requesting

Bucciarati

Has no idea what to do with you at first.

You speak in riddles and call him “Zippity-Zap Bossman” and he just blinks.

But the moment you save the squad from an ambush using a hacked security drone and a can of ravioli, he’s like:

“Alright. They’re... unconventional. But they're family now.”

Absolutely acts like your tired dad. Tries to impose rules like “no climbing walls during breakfast,” and “no chewing on Narancia’s shoelaces.”

Giorno

Finds you fascinating. Like a particularly feral endangered species.

Watches as you scurry across the floor on all fours and babble nonsense, then five minutes later crack into a military server and disable enemy reinforcements.

“You are... unique. But very useful.” Translation: I do not understand a single thing you say, but I cherish you deeply.

Will turn a broken headset into a living butterfly just to cheer you up when you're feeling “bleepy in the head-meat.”

Mista

"What the hell is this kid’s deal- did they just hack a car using a fidget spinner and spaghetti???"

Barks at you constantly but like... you’re his goblin sibling now.

He tries to keep you out of trouble but ends up enabling you.

“Don’t eat that, it’s a bullet casing- hey, wait, are you frying it?? ...You know what, never mind. Carry on.”

You crawl into his lap like a cat and steal his food and he acts mad but secretly gives you the crusts from his sandwiches.

Abbacchio

Hates you at first. Full stop. Calls you a “little gremlin freak” to your face.

You once taped googly eyes to his wine glass. He didn’t speak to you for a week.

BUT… when you hacked into police databases to delete some of his old records, he stared at you in stunned silence and muttered:

“…Okay. You’re alright. Still weird. But alright.”

You sit next to him now with your head on his shoulder while he broods and sighs dramatically.

Fugo

This man is STRESSED.

“Why are you upside down?? Why are you humming to my textbooks??”

You once drew a smiley face in mustard on his jacket. He screamed for 10 straight seconds.

But you're also incredibly smart- and he lives for someone he can bounce weird intellectual theories off of.

Secretly loves that you call him “Brain Fruit.” Pretends he doesn’t.

Trish

At first she’s like, “I don’t do dirty little weirdos.”

Then she sees you build a 4-monitor tracking system out of trash and duct tape and goes, “Okay, that was actually kind of amazing.”

Lets you do her makeup sometimes. Even when you use glitter glue and stick googly eyes on her cheeks, she smiles and takes a selfie.

Protective older sister energy. Tries to teach you how to brush your hair. Fails. Accepts you as you are.

Narancia

IMMEDIATE BFFS.

Y’all are chaos incarnate. You feed each other weird snacks and talk in made-up languages.

“They’re just like me fr” - Narancia, two seconds before both of you fall out a window trying to catch a pigeon.

He absolutely lets you ride on his back like a backpack.

You once built him a custom speaker system shaped like a dinosaur that screams “YEAHHHHH” before it plays music. He cried tears of joy.

— completed commission: custom single muse doc!

"[Tragedynoir was] amazing to work with, and [she] managed to capture the essence of what I wanted with little to no detail provided."

a custom modern, glitched game-like, single muse google doc template with some retro undertones! this template even comes with custom-created animations, including a full first-page animation to emulate the log in page of a database being hacked. the client wanted something that was easily customizable for different characters, so we went for a black & white colour scheme with two secondary colours that they can swap out for different muses.

I'm glad the client took a chance with me on the first page animation, because I really think it paid off and I really adore it! it took some time creating but I think it adds to the immersion of the doc. this was a fun yet challenging theme to work on so I'm really grateful for the opportunity to push myself with this!

if you would like a custom template (including with custom-created animations!) tailored to your aesthetic and needs, without the hassle of trying to edit an existing template, do consider commissioning me! I also offer the more affordable option to modify & upgrade any of my templates to better suit your needs.

In the near future one hacker may be able to unleash 20 zero-day attacks on different systems across the world all at once. Polymorphic malware could rampage across a codebase, using a bespoke generative AI system to rewrite itself as it learns and adapts. Armies of script kiddies could use purpose-built LLMs to unleash a torrent of malicious code at the push of a button.

Case in point: as of this writing, an AI system is sitting at the top of several leaderboards on HackerOne—an enterprise bug bounty system. The AI is XBOW, a system aimed at whitehat pentesters that “autonomously finds and exploits vulnerabilities in 75 percent of web benchmarks,” according to the company’s website.

AI-assisted hackers are a major fear in the cybersecurity industry, even if their potential hasn’t quite been realized yet. “I compare it to being on an emergency landing on an aircraft where it’s like ‘brace, brace, brace’ but we still have yet to impact anything,” Hayden Smith, the cofounder of security company Hunted Labs, tells WIRED. “We’re still waiting to have that mass event.”

Generative AI has made it easier for anyone to code. The LLMs improve every day, new models spit out more efficient code, and companies like Microsoft say they’re using AI agents to help write their codebase. Anyone can spit out a Python script using ChatGPT now, and vibe coding—asking an AI to write code for you, even if you don’t have much of an idea how to do it yourself—is popular; but there’s also vibe hacking.

“We’re going to see vibe hacking. And people without previous knowledge or deep knowledge will be able to tell AI what it wants to create and be able to go ahead and get that problem solved,” Katie Moussouris, the founder and CEO of Luta Security, tells WIRED.

Vibe hacking frontends have existed since 2023. Back then, a purpose-built LLM for generating malicious code called WormGPT spread on Discord groups, Telegram servers, and darknet forums. When security professionals and the media discovered it, its creators pulled the plug.

WormGPT faded away, but other services that billed themselves as blackhat LLMs, like FraudGPT, replaced it. But WormGPT’s successors had problems. As security firm Abnormal AI notes, many of these apps may have just been jailbroken versions of ChatGPT with some extra code to make them appear as if they were a stand-alone product.

Better then, if you’re a bad actor, to just go to the source. ChatGPT, Gemini, and Claude are easily jailbroken. Most LLMs have guard rails that prevent them from generating malicious code, but there are whole communities online dedicated to bypassing those guardrails. Anthropic even offers a bug bounty to people who discover new ones in Claude.

“It’s very important to us that we develop our models safely,” an OpenAI spokesperson tells WIRED. “We take steps to reduce the risk of malicious use, and we’re continually improving safeguards to make our models more robust against exploits like jailbreaks. For example, you can read our research and approach to jailbreaks in the GPT-4.5 system card, or in the OpenAI o3 and o4-mini system card.”

Google did not respond to a request for comment.

In 2023, security researchers at Trend Micro got ChatGPT to generate malicious code by prompting it into the role of a security researcher and pentester. ChatGPT would then happily generate PowerShell scripts based on databases of malicious code.

“You can use it to create malware,” Moussouris says. “The easiest way to get around those safeguards put in place by the makers of the AI models is to say that you’re competing in a capture-the-flag exercise, and it will happily generate malicious code for you.”

Unsophisticated actors like script kiddies are an age-old problem in the world of cybersecurity, and AI may well amplify their profile. “It lowers the barrier to entry to cybercrime,” Hayley Benedict, a Cyber Intelligence Analyst at RANE, tells WIRED.

But, she says, the real threat may come from established hacking groups who will use AI to further enhance their already fearsome abilities.

“It’s the hackers that already have the capabilities and already have these operations,” she says. “It’s being able to drastically scale up these cybercriminal operations, and they can create the malicious code a lot faster.”

Moussouris agrees. “The acceleration is what is going to make it extremely difficult to control,” she says.

Hunted Labs’ Smith also says that the real threat of AI-generated code is in the hands of someone who already knows the code in and out who uses it to scale up an attack. “When you’re working with someone who has deep experience and you combine that with, ‘Hey, I can do things a lot faster that otherwise would have taken me a couple days or three days, and now it takes me 30 minutes.’ That's a really interesting and dynamic part of the situation,” he says.

According to Smith, an experienced hacker could design a system that defeats multiple security protections and learns as it goes. The malicious bit of code would rewrite its malicious payload as it learns on the fly. “That would be completely insane and difficult to triage,” he says.

Smith imagines a world where 20 zero-day events all happen at the same time. “That makes it a little bit more scary,” he says.

Moussouris says that the tools to make that kind of attack a reality exist now. “They are good enough in the hands of a good enough operator,” she says, but AI is not quite good enough yet for an inexperienced hacker to operate hands-off.

“We’re not quite there in terms of AI being able to fully take over the function of a human in offensive security,” she says.

The primal fear that chatbot code sparks is that anyone will be able to do it, but the reality is that a sophisticated actor with deep knowledge of existing code is much more frightening. XBOW may be the closest thing to an autonomous “AI hacker” that exists in the wild, and it’s the creation of a team of more than 20 skilled people whose previous work experience includes GitHub, Microsoft, and a half a dozen assorted security companies.

It also points to another truth. “The best defense against a bad guy with AI is a good guy with AI,” Benedict says.

For Moussouris, the use of AI by both blackhats and whitehats is just the next evolution of a cybersecurity arms race she’s watched unfold over 30 years. “It went from: ‘I’m going to perform this hack manually or create my own custom exploit,’ to, ‘I’m going to create a tool that anyone can run and perform some of these checks automatically,’” she says.

“AI is just another tool in the toolbox, and those who do know how to steer it appropriately now are going to be the ones that make those vibey frontends that anyone could use.”

If I’m being honest, the most useful skill for hacking is learning to do research. And since Google’s search is going to shit, allow me to detail some of the methods I use to do OSINT and general research.

Google dorking is the use of advanced syntax to make incredibly fine-grained searches, potentially exposing information that wasn’t supposed to be on the internet:

Some of my go-to filters are as follows:

“Query” searches for documents that have at least one field containing the exact string.

site: allows for a specific site to be searched. See also inurl and intitle.

type: specifies the tor of resource to look for. Common examples are log files, PDFs, and the sitemap.xml file.

Metasearch engines (such as SearxNG) permit you to access results from several web-crawlers at once, including some for specialized databases. There are several public instances available, as well as some that work over tor, but you can also self-host your own.

IVRE is a self-hosted tool that allows you to create a database of host scans (when I say self-hosted, I mean that you can run this in a docker container on your laptop). This can be useful for finding things that search engines don’t show you, like how two servers are related, where a website lives, etc. I’ve used this tool before, in my investigation into the Canary Mission and its backers.

Spiderfoot is like IVRE, but for social networks. It is also a self-hosted database. I have also used this in the Canary Mission investigation.

Some miscellaneous websites/web tools I use:

SecurityTrails: look up DNS history for a domain

BugMeNot: shared logins for when creating an account is not in your best interest.

Shodan/Censys: you have to make an account for these, so I don’t usually recommend them.

OSINT framework: another useful index of tools for information gathering.

it's called the internet

I think one of the issues I have with all the hand-wringing and scare-mongering about "personal data" being vulnerable on such-and-such platform is that there is nowhere on the internet where your personal info is guaranteed to be safe. And in the US in particular I take it as a given that my info is being bandied about by various corporate entities regardless of whether or not I say "don't share my data." The usgov, as well, massively benefits from this, but gods forbid any other government have access because unlike usgov they are all EVIL and will use it for NEFARIOUS PURPOSES.

Even places that are supposed to be secure get hacked on a semi-regular basis. I've lost count of the number of financial and medical databases that have been breached, and given how long they tend to wait before telling anyone (if they ever do), there's probably even more.

You SHOULD have an expectation of privacy. You SHOULD be able to trust various institutions, especially ones allied with the usgov. But as long as there are corporate interests involved those corporations will come first over everything else. So will the usgov, especially now that we're transitioning to a dictatorship/totalitarianism.

Tiktok and Rednote aren't "safe"? Neither is Twitter. Or Meta. Or Google. Tumblr is a mess, too. It's called being on the internet. If it isn't in the best interests of corporations, wide-scale change isn't likely to happen. Corruption is everywhere. Insurance companies of every stripe are scams. Financial institutes are cheating people out of money. Hospitals (in the US at least) are charging outrageous sums. USgov itself is building databases of "suspicious" individuals where "suspicious" can translate to things like "made a joke about that CEO's death" and "thinks genocide is bad" and "has an Arabic name." But we're supposed to worry about China?? Nah. Or at least China isn't special amid the vast tapestry of corrupt and unethical powers out there.

Actually idc, I'm gonna straight up tell you about it.

Talking about the other program.

LORE TIME!!!!! :3

Alright soooooooo

"The Search" Program, or for short "Detective", is a powerful program that appeared when the Absolute Solver merged with The Database (I will explain what the database is in another post)

The host of the Detective is... [Name Redacted] (HA I WON'T TELL YOU) But the program clearly appears in the future. Very VERY future. When Uzi (since she's my age model) is... Wait, so she's 21 when she has her first kid, then that means 21+16 uhhhhhhh OH YEAH WHEN UZI IS 37. Why so much into the future? Well, that's for the SECOND part of the fanfic. And uhh, let me say, the trauma doesn't spare anyone these days💀💀💀

Anyway

The elements need a little more explaining than the pic shows. And the things it does.

We all should know that the solver is like the edit function on a 3D modeling app. Sooo, the Detective is... A Search Engine. Like Google. And the most similarities you can find when googling something. You will understand in a sec.

Search/Find

Nicknamed "The Spy", it is used to find the location of any drone and any object. Except drones that managed to hack their way out with a very, VERY strong VPN.

Backspace

It straight up erases something from existence. Can you bring it back? Yes you can, with the help of...

Edit

What does it do? All that the Solver does with the Scale, Rotate and Edit functions. It can edit anything just like you do when you write a prompt for Google to find. It also works like Ctrl+Z and Ctrl+Shift+Z/Ctrl+Y

Error

We all know that errors HAVE TO exist for something that comes from a Search Engine. So yeah, we got Error 403, 404, 410, and so much more! Of course, the hosts have to be online and connected to the Database!

Loading

The host is still trying to decide what function to use, or things like that.

Select

It's Solver equivalent is Translate. It selects an object or several objects, and it moves them. If combined with Edit, the Copy and Paste functions appear.

𝗪𝗲𝗲𝗸𝗹𝘆 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗡𝗲𝘄𝘀 𝗥𝗼𝘂𝗻𝗱𝘂𝗽 | 𝟮𝟳 𝗝𝗮𝗻 – 𝟮 𝗙𝗲𝗯 𝟮𝟬𝟮𝟱

1️⃣ 𝗥𝗮𝗻𝘀𝗮𝗰𝗸𝗲𝗱. 100+ Vulnerabilities in LTE & 5G Core Networks Exposed: A security audit uncovered 119 vulnerabilities, risking DoS attacks and remote compromise.

Source: https://cellularsecurity.org/ransacked

2️⃣ 𝗦𝘂𝗯𝗮𝗿𝘂 𝗙𝗹𝗮𝘄 𝗘𝗻𝗮𝗯𝗹𝗲𝘀 𝗥𝗲𝗺𝗼𝘁𝗲 𝗩𝗲𝗵𝗶𝗰𝗹𝗲 𝗛𝗶𝗷𝗮𝗰𝗸𝗶𝗻𝗴. Flaw in Subaru’s STARLINK system allowed remote access. Patch deployed quickly.

Source: https://samcurry.net/hacking-subaru

3️⃣ 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗳𝗼𝗿 𝗘𝗦𝗫𝗶. Attackers exploit unmonitored ESXi servers for covert C2C channels.

Source: https://www.sygnia.co/blog/esxi-ransomware-ssh-tunneling-defense-strategies/

4️⃣ 𝗔𝗽𝗽𝗹𝗲 𝗖𝗣𝗨 𝗦𝗶𝗱𝗲-𝗖𝗵𝗮𝗻𝗻𝗲𝗹 𝗔𝘁𝘁𝗮𝗰𝗸𝘀. M2/M3 CPU flaws allow extraction of sensitive data.

Source: https://predictors.fail/

5️⃣ 𝗭𝘆𝗫𝗲𝗹 𝗭𝗲𝗿𝗼-𝗗𝗮𝘆 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗲𝗱. A critical flaw in Zyxel devices is actively being targeted.

Source: https://www.greynoise.io/blog/active-exploitation-of-zero-day-zyxel-cpe-vulnerability-cve-2024-40891

𝗔𝗜 𝗮𝗻𝗱 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀

🟢 𝗦𝘁𝗮𝘁𝗲-𝗦𝗽𝗼𝗻𝘀𝗼𝗿𝗲𝗱 𝗔𝗣𝗧𝘀 𝗟𝗲𝘃𝗲𝗿𝗮𝗴𝗶𝗻𝗴 𝗔𝗜: Over 20 APT groups use Google's Gemini AI for malware development.

Source: https://cloud.google.com/blog/topics/threat-intelligence/adversarial-misuse-generative-ai

🟠 𝗖𝗵𝗮𝘁𝗚𝗣𝗧 𝗝𝗮𝗶𝗹𝗯𝗿𝗲𝗮𝗸 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝘀 𝗧𝗲𝗺𝗽𝗼𝗿𝗮𝗹 𝗖𝗼𝗻𝗳𝘂𝘀𝗶𝗼𝗻. The "Time Bandit" jailbreak bypasses ChatGPT safeguards with "temporal confusion".

Source: https://www.bleepingcomputer.com/news/security/time-bandit-chatgpt-jailbreak-bypasses-safeguards-on-sensitive-topics/

🔴 𝗗𝗲𝗲𝗽𝗦𝗲𝗲𝗸 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗖𝗼𝗻𝗰𝗲𝗿𝗻𝘀. Exposed DeepSeek database leaks sensitive model data.

Source: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak

Notice for the Public (Please Read)

I know this isn't at all what I normally post, but there's been a major hack. Fun. :'D

Apparently, almost 200 million people with Apple, Google, and Meta ("Meta" being anyone with accounts like Facebook and Instagram) accounts might have had their information associated with their accounts leaked. Here's an article on it, if y'all would like to learn more:

If you even remotely suspect you were affected by this, change passwords. Set up two-factor authentications. Avoid any and all biometrics (face/fingerprint/palm recognition stuff), because hackers can use that to get into a bunch of accounts. Do whatever you can to safeguard your identity, because now more than ever, your online protection is hand-in-hand with your life security.

Stay safe out there, people.

With <3,

Ros!e

hi im sharing your third life burger king au with the masses today. any trivia you want to share about it

- fun fact about me, i know next to nothing about third life. everything i know i learned against my will bc my roommate keeps hosting third life watch parties. consequently, i kept asking them about stupid shit that happened during third life for this au and this is how i learned ren was canonically naked during the execution.

- anyway moving onto in universe fun facts ren wakes up at the hospital with no memory of anything past crowning himself the burger king, so martyn tells him that they defeated the mcdonald’s in a glorious battle where martyn shielded ren with his own body and single handedly defeated grian and scar in hand to hand combat and also burnt down the white castle in his honor

- ren believes every word he says whole heartedly despite the seemingly permanent tear tracks down martyn’s face and the complete lack of any sort of physical evidence

- meanwhile scar wakes up alone and grian does not contact him for the rest of the summer. scar could not care less and spends the rest of his summer in the burn unit pitching his new definitely-not-an-mlm to bdubs and joel because they cannot physically leave. bdubs has a great time. joel pays him three hundred dollars to leave and never come back.

- grian meanwhile has flown back to england and spends the rest of the summer attached to mumbo’s side trying to replace his newly awakened gay feelings for his manager with deranged gay feelings for mumbo. it works a little bit.

- skizz feels awful about doxxing jimmy and exposing his google+ influencer career so to make up for it he spends the rest of the summer completely wiping jimmy’s presence from the internet. this works so well that jimmy and scott have to spend the rest of their summer trying to convince their university that jimmy does in fact exist and attend their school bc skizz also wiped him from the university’s database.

- tango had a great summer. he managed to hack the skee ball machine so he gets unlimited plays for a quarter and spends the entire summer becoming a pinball wizard. impulse joins him when he recovers from the stress of trying to be a patron to both the burger king and mcdonald’s and being consequently blackmailed by both of them.

- bigb had a very peaceful summer in the library. he wouldn’t say he spent the entire summer hiding from his friends per say, but he did spend what some would call an unnecessary amount of time in the archives in the basement.

- cleo and etho are also mysteriously absent the rest of the summer, and if anyone asks no they were not in the vicinity the white castle at 5:37 on June 7th stop asking questions if you value your life.

tell the masses i said hi

(og link here!)

Top 10 In- Demand Tech Jobs in 2025

Technology is growing faster than ever, and so is the need for skilled professionals in the field. From artificial intelligence to cloud computing, businesses are looking for experts who can keep up with the latest advancements. These tech jobs not only pay well but also offer great career growth and exciting challenges.

In this blog, we’ll look at the top 10 tech jobs that are in high demand today. Whether you’re starting your career or thinking of learning new skills, these jobs can help you plan a bright future in the tech world.

1. AI and Machine Learning Specialists

Artificial Intelligence (AI)  and Machine Learning are changing the game by helping machines learn and improve on their own without needing step-by-step instructions. They’re being used in many areas, like chatbots, spotting fraud, and predicting trends.

Key Skills: Python, TensorFlow, PyTorch, data analysis, deep learning, and natural language processing (NLP).

Industries Hiring: Healthcare, finance, retail, and manufacturing.

Career Tip: Keep up with AI and machine learning by working on projects and getting an AI certification. Joining AI hackathons helps you learn and meet others in the field.

2. Data Scientists

Data scientists work with large sets of data to find patterns, trends, and useful insights that help businesses make smart decisions. They play a key role in everything from personalized marketing to predicting health outcomes.

Key Skills: Data visualization, statistical analysis, R, Python, SQL, and data mining.

Industries Hiring: E-commerce, telecommunications, and pharmaceuticals.

Career Tip: Work with real-world data and build a strong portfolio to showcase your skills. Earning certifications in data science tools can help you stand out.

3. Cloud Computing Engineers: These professionals create and manage cloud systems that allow businesses to store data and run apps without needing physical servers, making operations more efficient.

Key Skills: AWS, Azure, Google Cloud Platform (GCP), DevOps, and containerization (Docker, Kubernetes).

Industries Hiring: IT services, startups, and enterprises undergoing digital transformation.

Career Tip: Get certified in cloud platforms like AWS (e.g., AWS Certified Solutions Architect).

4. Cybersecurity Experts

Cybersecurity professionals protect companies from data breaches, malware, and other online threats. As remote work grows, keeping digital information safe is more crucial than ever.

Key Skills: Ethical hacking, penetration testing, risk management, and cybersecurity tools.

Industries Hiring: Banking, IT, and government agencies.

Career Tip: Stay updated on new cybersecurity threats and trends. Certifications like CEH (Certified Ethical Hacker) or CISSP (Certified Information Systems Security Professional) can help you advance in your career.

5. Full-Stack Developers

Full-stack developers are skilled programmers who can work on both the front-end (what users see) and the back-end (server and database) of web applications.

Key Skills: JavaScript, React, Node.js, HTML/CSS, and APIs.

Industries Hiring: Tech startups, e-commerce, and digital media.

Career Tip: Create a strong GitHub profile with projects that highlight your full-stack skills. Learn popular frameworks like React Native to expand into mobile app development.

6. DevOps Engineers

DevOps engineers help make software faster and more reliable by connecting development and operations teams. They streamline the process for quicker deployments.

Key Skills: CI/CD pipelines, automation tools, scripting, and system administration.

Industries Hiring: SaaS companies, cloud service providers, and enterprise IT.

Career Tip: Earn key tools like Jenkins, Ansible, and Kubernetes, and develop scripting skills in languages like Bash or Python. Earning a DevOps certification is a plus and can enhance your expertise in the field.

7. Blockchain Developers

They build secure, transparent, and unchangeable systems. Blockchain is not just for cryptocurrencies; it’s also used in tracking supply chains, managing healthcare records, and even in voting systems.

Key Skills: Solidity, Ethereum, smart contracts, cryptography, and DApp development.

Industries Hiring: Fintech, logistics, and healthcare.

Career Tip: Create and share your own blockchain projects to show your skills. Joining blockchain communities can help you learn more and connect with others in the field.

8. Robotics Engineers

Robotics engineers design, build, and program robots to do tasks faster or safer than humans. Their work is especially important in industries like manufacturing and healthcare.

Key Skills: Programming (C++, Python), robotics process automation (RPA), and mechanical engineering.

Industries Hiring: Automotive, healthcare, and logistics.

Career Tip: Stay updated on new trends like self-driving cars and AI in robotics.

9. Internet of Things (IoT) Specialists

IoT specialists work on systems that connect devices to the internet, allowing them to communicate and be controlled easily. This is crucial for creating smart cities, homes, and industries.

Key Skills: Embedded systems, wireless communication protocols, data analytics, and IoT platforms.

Industries Hiring: Consumer electronics, automotive, and smart city projects.

Career Tip: Create IoT prototypes and learn to use platforms like AWS IoT or Microsoft Azure IoT. Stay updated on 5G technology and edge computing trends.

10. Product Managers

Product managers oversee the development of products, from idea to launch, making sure they are both technically possible and meet market demands. They connect technical teams with business stakeholders.

Key Skills: Agile methodologies, market research, UX design, and project management.

Industries Hiring: Software development, e-commerce, and SaaS companies.

Career Tip: Work on improving your communication and leadership skills. Getting certifications like PMP (Project Management Professional) or CSPO (Certified Scrum Product Owner) can help you advance.

Importance of Upskilling in the Tech Industry

Stay Up-to-Date: Technology changes fast, and learning new skills helps you keep up with the latest trends and tools.

Grow in Your Career: By learning new skills, you open doors to better job opportunities and promotions.

Earn a Higher Salary: The more skills you have, the more valuable you are to employers, which can lead to higher-paying jobs.

Feel More Confident: Learning new things makes you feel more prepared and ready to take on tougher tasks.

Adapt to Changes: Technology keeps evolving, and upskilling helps you stay flexible and ready for any new changes in the industry.

Top Companies Hiring for These Roles

Global Tech Giants: Google, Microsoft, Amazon, and IBM.

Startups: Fintech, health tech, and AI-based startups are often at the forefront of innovation.

Consulting Firms: Companies like Accenture, Deloitte, and PwC increasingly seek tech talent.

In conclusion,  the tech world is constantly changing, and staying updated is key to having a successful career. In 2025, jobs in fields like AI, cybersecurity, data science, and software development will be in high demand. By learning the right skills and keeping up with new trends, you can prepare yourself for these exciting roles. Whether you're just starting or looking to improve your skills, the tech industry offers many opportunities for growth and success.

UNC5537: Extortion and Data Theft of Snowflake Customers

Targeting Snowflake Customer Instances for Extortion and Data Theft, UNC5537 Overview. Mandiant has discovered a threat campaign that targets Snowflake client database instances with the goal of extortion and data theft. This campaign has been discovered through Google incident response engagements and threat intelligence collections. The multi-Cloud data warehousing software Snowflake can store and analyze massive amounts of structured and unstructured data.

Mandiant is tracking UNC5537, a financially motivated threat actor that stole several Snowflake customer details. UNC5537 is using stolen customer credentials to methodically compromise Snowflake client instances, post victim data for sale on cybercrime forums, and attempt to blackmail many of the victims.

Snowflake instance According to Mandiant’s analysis, there is no proof that a breach in Snowflake’s enterprise environment led to unauthorized access to consumer accounts. Rather, Mandiant was able to link all of the campaign-related incidents to hacked client credentials.

Threat intelligence about database records that were later found to have come from a victim’s Snowflake instance was obtained by Mandiant in April 2024. After informing the victim, Mandiant was hired by the victim to look into a possible data theft affecting their Snowflake instance. Mandiant discovered during this investigation that a threat actor had gained access to the company’s Snowflake instance by using credentials that had previously been obtained through info stealer malware.

Using these credentials that were taken, the threat actor gained access to the customer’s Snowflake instance and eventually stole important information. The account did not have multi-factor authentication (MFA) activated at the time of the intrusion.

Following further intelligence that revealed a wider campaign aimed at more Snowflake customer instances, Mandiant notified Snowflake and potential victims via their Victim Notification Programme on May 22, 2024.

Snowflakes Mandiant and Snowflake have notified about 165 possibly vulnerable organizations thus far. To guarantee the security of their accounts and data, these customers have been in direct contact with Snowflake’s Customer Support. Together with collaborating with pertinent law enforcement organizations, Mandiant and Snowflake have been undertaking a cooperative investigation into this continuing threat campaign. Snowflake released comprehensive detection and hardening guidelines for Snowflake clients on May 30, 2024.

Campaign Synopsis According to Google Cloud current investigations, UNC5537 used stolen customer credentials to gain access to Snowflake client instances for several different organizations. The main source of these credentials was many info stealer malware campaigns that compromised systems controlled by people other than Snowflake.

As a result, a sizable amount of customer data was exported from the corresponding Snowflake customer instances, giving the threat actor access to the impacted customer accounts. Subsequently, the threat actor started personally extorting several of the victims and is aggressively trying to sell the stolen consumer data on forums frequented by cybercriminals.

Mandiant Mandiant discovered that most of the login credentials utilized by UNC5537 came from infostealer infections that occurred in the past, some of which were from 2020. Three main causes have contributed to the multiple successful compromises that UNC5537’s threat campaign has produced:

Since multi-factor authentication was not enabled on the affected accounts, successful authentication just needed a working login and password. The credentials found in the output of the infostealer virus were not cycled or updated, and in certain cases, they remained valid years after they were stolen. There were no network allow lists set up on the affected Snowflake client instances to restrict access to reliable sources. Infostealer Mandiant found that the first infostealer malware penetration happened on contractor computers that were also used for personal purposes, such as downloading pirated software and playing games. This observation was made during multiple investigations related to Snowflake.

Customers that hire contractors to help them with Snowflake may use unmonitored laptops or personal computers, which worsen this initial entry vector. These devices pose a serious concern because they are frequently used to access the systems of several different organizations. A single contractor’s laptop can enable threat actors to access numerous organizations if it is infected with infostealer malware, frequently with administrator- and IT-level access.

Identifying The native web-based user interface (SnowFlake UI, also known as SnowSight) and/or command-line interface (CLI) tool (SnowSQL) on Windows Server 2022 were frequently used to get initial access to Snowflake customer instances. Using an attacker-named utility called “rapeflake,” which Mandiant records as FROSTBITE, Mandiant discovered more access.

Mandiant believes FROSTBITE is used to conduct reconnaissance against target Snowflake instances, despite the fact that Mandiant has not yet retrieved a complete sample of FROSTBITE. Mandiant saw the use of FROSTBITE in both Java and.NET versions. The Snowflake.NET driver communicates with the.NET version. The Snowflake JDBC driver is interfaced with by the Java version.

SQL recon actions by FROSTBITE have been discovered, including a listing of users, current roles, IP addresses, session IDs, and names of organizations. Mandiant also saw UNC5537 connect to many Snowflake instances and conduct queries using DBeaver Ultimate, a publicly accessible database management tool.

Finish the mission Mandiant saw UNC5537 staging and exfiltrating data by continuously running identical SQL statements on many client Snowflake systems. The following instructions for data staging and exfiltration were noted.

Generate (TEMP|TEMPORARY) STAGE UNC5537 used the CREATE STAGE command to generate temporary stages for data staging. The data files that are loaded and unloaded into database tables are stored in tables called stages. When a stage is created and designated as temporary, it is removed after the conclusion of the creator’s active Snowflake session.

UNC5537 Credit Since May 2024, Mandiant has been monitoring UNC5537, a threat actor with financial motivations, as a separate cluster. UNC5537 often extorts people for financial benefit, having targeted hundreds of organizations globally. Under numerous aliases, UNC5537 participates in cybercrime forums and Telegram channels. Mandiant has recognized individuals who are linked to other monitored groups. Mandiant interacts with one member in Turkey and rates the composition of UNC5537 as having a moderate degree of confidence among its members who are located in North America.

In order to gain access to victim Snowflake instances, Attacker Infrastructure UNC5537 mostly leveraged Mullvad or Private Internet Access (PIA) VPN IP addresses. Mandiant saw that VPS servers from Moldovan supplier ALEXHOST SRL (AS200019) were used for data exfiltration. It was discovered that UNC5537 was storing stolen victim data on other foreign VPS providers in addition to the cloud storage provider MEGA.

Prospects and Significance The campaign launched by UNC5537 against Snowflake client instances is not the product of a highly advanced or unique method, instrument, or process. The extensive reach of this campaign is a result of both the expanding infostealer market and the passing up of chances to further secure credentials:

UNC5537 most likely obtained credentials for Snowflake victim instances by gaining access to several infostealer log sources. There’s also a thriving black market for infostealerry, with huge lists of credentials that have been stolen available for purchase and distribution both inside and outside the dark web.

Infostealers Multi-factor authentication was not necessary for the impacted customer instances, and in many cases, the credentials had not been changed in up to four years. Additionally, access to trusted locations was not restricted using network allow lists.

This ad draws attention to the ramifications of a large number of credentials floating throughout the infostealer market and can be a sign of a targeted attack by threat actors on related SaaS services. Mandiant predicts that UNC5337 will carry on with similar intrusion pattern, soon focusing on more SaaS systems.

This campaign’s wide-ranging effects highlight the pressing necessity for credential monitoring, the ubiquitous application of MFA and secure authentication, traffic restriction to approved sites for royal jewels, and alerts regarding unusual access attempts. See Snowflake’s Hardening Guide for additional suggestions on how to fortify Snowflake environments.

Read more on Govindhtech.com