Python Programming Language - Run Code In Interpreter To Change Code Or Adjust Parameters Without Recompile

Electromagnetic Cavitation

Electromagnetic Cavitation

you know with the whole narrative framing device in the book being that Dooku painstakingly saved EVERYTHING from his Jedi years, including private correspondence, journal entries, recorded conversation, and holopics, it's almost miraculous Asajj didn't find a folder of dick pics in there

(via Genetics firm 23andMe says user data stolen in credential stuffing attack)

gee how UNEXPECTED

except for everybody that has been expecting this to happen...

Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service (ENS), a blockchain equivalent of the popular internet naming convention known as the Domain Name System (DNS). Nick received a very official looking security alert about a subpoena allegedly issued to Google by law enforcement to information contained in Nick’s Google account. A URL in the email pointed Nick to a sites.google.com page that looked like an exact copy of the official Google support portal.

As a computer savvy person, Nick spotted that the official site should have been hosted on accounts.google.com and not sites.google.com. The difference is that anyone with a Google account can create a website on sites.google.com. And that is exactly what the cybercriminals did. Attackers increasingly use Google Sites to host phishing pages because the domain appears trustworthy to most users and can bypass many security filters. One of those filters is DKIM (DomainKeys Identified Mail), an email authentication protocol that allows the sending server to attach a digital signature to an email. If the target clicked either “Upload additional documents” or “View case”, they were redirected to an exact copy of the Google sign-in page designed to steal their login credentials. Your Google credentials are coveted prey, because they give access to core Google services like Gmail, Google Drive, Google Photos, Google Calendar, Google Contacts, Google Maps, Google Play, and YouTube, but also any third-party apps and services you have chosen to log in with your Google account. The signs to recognize this scam are the pages hosted at sites.google.com which should have been support.google.com and accounts.google.com and the sender address in the email header. Although it was signed by accounts.google.com, it was emailed by another address. If a person had all these accounts compromised in one go, this could easily lead to identity theft.

How to avoid scams like this

Don’t follow links in unsolicited emails or on unexpected websites.

Carefully look at the email headers when you receive an unexpected mail.

Verify the legitimacy of such emails through another, independent method.

Don’t use your Google account (or Facebook for that matter) to log in at other sites and services. Instead create an account on the service itself.

Technical details Analyzing the URL used in the attack on Nick, (https://sites.google.com[/]u/17918456/d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/edit) where /u/17918456/ is a user or account identifier and /d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/ identifies the exact page, the /edit part stands out like a sore thumb. DKIM-signed messages keep the signature during replays as long as the body remains unchanged. So if a malicious actor gets access to a previously legitimate DKIM-signed email, they can resend that exact message at any time, and it will still pass authentication. So, what the cybercriminals did was: Set up a Gmail account starting with me@ so the visible email would look as if it was addressed to “me.” Register an OAuth app and set the app name to match the phishing link Grant the OAuth app access to their Google account which triggers a legitimate security warning from [email protected] This alert has a valid DKIM signature, with the content of the phishing email embedded in the body as the app name. Forward the message untouched which keeps the DKIM signature valid. Creating the application containing the entire text of the phishing message for its name, and preparing the landing page and fake login site may seem a lot of work. But once the criminals have completed the initial work, the procedure is easy enough to repeat once a page gets reported, which is not easy on sites.google.com. Nick submitted a bug report to Google about this. Google originally closed the report as ‘Working as Intended,’ but later Google got back to him and said it had reconsidered the matter and it will fix the OAuth bug.

Access Credentials

Confronting the Security Risks of Copilots

New Post has been published on https://thedigitalinsider.com/confronting-the-security-risks-of-copilots/

Confronting the Security Risks of Copilots

More and more, enterprises are using copilots and low-code platforms to enable employees – even those with little or no technical expertise – to make powerful copilots and business apps, as well as to process vast amounts of data. A new report by Zenity, The State of Enterprise Copilots and Low-Code Development in 2024, found that, on average, enterprises have about 80,000 apps and copilots that were created outside the standard software development lifecycle (SDLC).

This development offers new opportunities but new risks, as well. Among these 80,000 apps and copilots are roughly 50,000 vulnerabilities. The report noted that these apps and copilots are evolving at breakneck speed. Consequently, they are creating a massive number of vulnerabilities.

Risks of enterprise copilots and apps

Typically, software developers build apps carefully along a defined SDLC (secure development lifecycle) where every app is constantly designed, deployed, measured and analyzed. But today, these guardrails no longer exist. People with no development experience can now build and use high-powered copilots and business apps within Power Platform, Microsoft Copilot, OpenAI, ServiceNow, Salesforce, UiPath, Zapier and others. These apps help with business operations as they transfer, and store sensitive data. Growth in this area has been significant; the report found 39% year-over-year growth in the adoption of low-code development and copilots.

As a result of this bypassing of the SDLC, vulnerabilities are pervasive. Many enterprises enthusiastically embrace these capabilities without fully appreciating the fact that they need to grasp how many copilots and apps are being created – and their business context, too. For instance, they need to understand who the apps and copilots are meant for, which data the app interacts with and what their business purposes are. They also need to know who is developing them. Since they often don’t, and since the standard development practices are bypassed, this creates a new form of shadow IT.

This puts security teams in the difficult position with a lot of copilots, apps, automations and reports that are being built outside of their knowledge by business users in various LoBs. The report found that all of the OWASP (Open Web Application Security Project) Top 10 risk categories are ubiquitous throughout enterprises. On average, an enterprise has 49,438 vulnerabilities. This translates to 62% of the copilots and apps built via low-code containing a security vulnerability of some kind.

Understanding the different types of risks

Copilots present such significant potential threat because they use credentials, have access to sensitive data and possess an intrinsic curiosity that make them difficult to contain. In fact, 63% of copilots built with low-code platforms were overshared with others – and many of them accept unauthenticated chat. This enables a substantial risk for possible prompt injection attacks.

Because of how copilots operate and how AI operates in general, stringent safety measures must be enforced to prevent the sharing of end user interactions with copilots, sharing apps with too many or the wrong people, the unneeded granting of access to sensitive data via AI, and so on. If these measures are not in place, enterprises risk increased exposure to data leakage and malicious prompt injection.

Two other significant risks are:

Remote Copilot Execution (RCEs) – These vulnerabilities represent an attack pathway specific to AI applications. This RCE version enables an external attacker to take complete control over Copilot for M365 and force it obey their commands simply by sending one email, calendar invitation or Teams message.

Guest accounts: Using just one guest account and a trial license to a low-code platform – typically available free of charge across multiple tools – an attacker need only log in to the enterprise’s low-code platform or copilot. Once in, the attacker switches to the target directory and then has domain admin-level privileges on the platform. Consequently, attackers seek out these guest accounts, which have led to security breaches. Here’s a data point that should strike fear into enterprise leaders and their security teams: The typical enterprise has more than 8,641 instances of untrusted guest users who have access to apps that are developed via low-code and copilots.

A new security approach is needed

What can security teams do against this ubiquitous, amorphous and critical risk? They need to make certain that they have put controls in place to alert them to any app that has an insecure step in its credential retrieval process or a hard-coded secret. They also must add context to any app being created to make sure that there are appropriate authentication controls for any business-critical apps that also have access to sensitive internal data.

When these tactics have been deployed, the next priority is to make sure appropriate authentication is set up for apps that need access to sensitive data. After that, it’s a best practice to set up credentials so that they can be retrieved securely from a credential or secrets vault, which will guarantee that passwords aren’t sitting in clear or plain text.

Securing your future

 The genie of low-code and copilot development is out of the bottle, so it’s not realistic to try to put it back in. Rather, enterprises need to be aware of the risks and put controls in place that keep their data secure and properly managed. Security teams have faced many challenges in this new era of business-led development, but by adhering to the recommendations noted above, they will be in the best possible position to securely bring the innovation and productivity enterprise copilots and low code development platforms offer toward a bold new future.

Create New Users and Join Synology NAS to Active Directory

Microsoft Active Directory Domain Services (AD DS) are a directory service that help organize network resources within Active Directory environment. It supports user/group management, group policies, multiple directory servers (i.e., domain controllers), Kerberos authentication, etc. In this article, we shall learn how to Create New Users and Join Synology NAS to Active Directory. Please see How…

View On WordPress

Your mobile password manager might be exposing your credentials | TechCrunch

A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps. The vulnerability, dubbed “AutoSpill,” can expose users’ saved credentials from mobile password managers by circumventing Android’s secure autofill mechanism, according to university researchers at the IIIT Hyderabad, who discovered the…

View On WordPress

Important Announcement

A now-patched breach of security has occurred on Art Fight. To learn about this issue in full detail, please read the following newspost:

Below is a FAQ regarding the exploit. We highly recommend that you reset your password and enable 2FA if you have interacted with the site recently. If you need any assistance, please send a support email to the following address: [email protected]

The inbox will be opened shortly to respond to user questions and concerns. Anonymous will be turned off for the time being, please let us know if you prefer that your ask is answered privately.

How did this happen?

Our BBCode system had a vulnerability flaw in it that was temporarily exploited to attempt to gain user credentials, but it has since been patched.

What do we do?

If you believe you may have been affected, please change your password to something unique and secure. We also recommend keeping an eye out on your other accounts, and to change the passwords on them if they shared any credentials as your Art Fight account (so same email or same password).

How do we know if you were affected by this exploit?

If you accessed the comments of the most recent news post (Terms of Service Updates), there is a chance your browser was exposed to the XSS script, and we recommend resetting your password ASAP to be safe.

What are you doing to prevent this from happening again?

Our hard-working dev team has already patched this exploit, as well as added additional security measures to help prevent this from happening again in the future. We will also be proactively doing a security review to help locate any other security concerns. Two Factor Authentication (2FA) has been established as a feature on the site that can be found in your settings.

I'm nervous about going onto the site at all now! What if my account gets hacked/stolen/etc?

Art Fight's dev team has patched the vulnerability that this incident has revealed, and has added additional security to catch/stop malicious scripts before they can affect the userbase. All instances of the previous malicious script have been removed from the website, meaning that it is once again safe to view the last news post! We are working hard to continue to keep users safe, so you don't need to worry about accessing anything on the site. If you come across anything potentially concerning, please don't hesitate to forward it to a moderator - we're happy to look into it!

What information might've been taken from me?

The XSS attack attempted to collect autofilled Art Fight log in information--emails and passwords--from users. No other information (like birthdays) should have been collected through this script. If you use the same email/password combo, or same password anywhere else, we recommend changing to ensure your accounts stay secure.

"Genetics firm 23andMe confirms user data theft in a credential stuffing attack. The hackers released 1 million lines of data targeting Ashkenazi Jews and Chinese descent" this is so scary, wtf

OK followers this is not a drill. This is now the time to start calling out the antisemitism in your friends and family. This is truly some nazi level eugenics shit. I'm at work but I'd appreciate more help boosting what to do.

mod ali

Update:

Please send this to all your Jewish and Chinese friends and family. Stay safe and please boost this.

TOTAL BATTLE LOGİN - PRO+

Welcome to the ultimate gaming experience with Total Battle, a strategic online war game that challenges your tactical skills while immersing you in a captivating medieval world. In this article, we’ll explore the essentials that every player needs to know, including how to navigate the Total Battle login process, maximize your gameplay, and delve into comprehensive guides that will elevate your strategies. Whether you're a seasoned general or just starting your journey, you’ll find valuable insights and tips to help you conquer your foes and build a formidable empire.

Total Battle Login

Accessing your gaming experience has never been easier with the total battle login. This streamlined process allows players to quickly enter the highly immersive world of Total Battle, ensuring that your journey toward strategy and conquest begins without delay.

Once you reach the total battle login page, you'll find an intuitive interface designed to facilitate your entrance. Whether you're a seasoned commander or a new recruit, you can swiftly log in using your credentials and pick up right where you left off in your quest for dominance.

In addition to great accessibility, the total battle login ensures your data protection and provides a seamless connection across devices. This means you can enjoy your favorite strategies on-the-go, enhancing your gaming flexibility and freedom.

Don't let obstacles stand in your way! Experience the thrill of Total Battle with a fast, reliable login process. Explore the possibilities at your fingertips – dive into engaging gameplay today with the total battle login!

Total Battle

Total Battle offers an immersive gaming experience that combines strategic warfare with resource management, making it a go-to choice for gamers looking for depth and excitement. The focal point of the game revolves around building your empire, forming alliances, and engaging in epic battles. Players can expect to dive into various gameplay modes designed to enhance their strategic skills and test their tactical abilities.

One of the significant advantages of total battle is its comprehensive total battle guide that aids both new and experienced players. This guide provides players with vital information on unit formations, resource allocation, and battle tactics, ensuring that you always stay one step ahead of your opponents. With regular updates and community contributions, this guide evolves alongside the game, maintaining its relevance and usefulness.

When you visit totalbattle, you are welcomed with a user-friendly interface that simplifies the login process, allowing you to jump straight into action. The platform is designed to be intuitive, making it easy for players of all skill levels to navigate and find helpful tools and resources that enhance their gameplay experience.

Join a thriving community of players who engage in strategic discussions, share their experiences, and dominate the battlefield. With Total Battle's dynamic gameplay and community-driven atmosphere, you will not just be a player— you will become part of a unified force aimed at conquering new territories and achieving glorious victories.

Total Battle Guide

Welcome to your ultimate total battle guide, designed to help you navigate through the exciting world of Total Battle efficiently. Whether you are a newcomer seeking to understand the basics or a seasoned player looking for advanced strategies, this comprehensive guide is here to enhance your gameplay experience.

Understanding Game Mechanics

Total Battle combines elements of strategy, city-building, and warfare. Familiarize yourself with the core mechanics to maximize your success:

Resource Management: Balance your resources like gold, wood, and food to ensure steady growth of your empire.

Unit Types: Learn about the various units available, including infantry, cavalry, and siege equipment, and understand their strengths and weaknesses.

Buildings: Upgrade your city by constructing essential buildings that boost your economic and military might.

Strategic Gameplay Tips

To gain an edge over your opponents, implement these tips into your strategy:

Scout Before Attacking: Always scout enemy positions to make informed decisions before launching an attack.

Join an Alliance: Collaborating with other players provides support and enhances your strategic options.

Daily Login Rewards: Make sure to log in daily to claim valuable rewards that will assist you in your quest.

Explore Tactical Features

The game offers various tactical features to gain dominance over your rivals. Mastering these can lead to significant advantages:

Hero Development: Develop your heroes by equipping them with powerful gear and leveling them up for enhanced abilities.

Battle Tactics: Experiment with different formations and tactics to find the best approach during battles.

Event Participation: Engage in special events that often yield unique rewards and opportunities for bonuses.

Utilizing this total battle guide will empower you as you embark on your journey in Total Battle. For further assistance or in-depth lore, don’t forget to check out TotalBattleLogin.com. Start your adventure today and conquer your foes with confidence!

Totalbattle

Discover the captivating world of Totalbattle, where strategy and action collide! Immerse yourself in the exhilarating gameplay designed to challenge even the most seasoned gamers. From building your powerful empire to forging alliances with other players, the Total Battle experience is ever-evolving and engaging.

The game seamlessly blends elements of classic strategy with modern features, ensuring that every session is unique. Whether you are a newbie or a veteran, the Total Battle guide is your essential tool for mastering gameplay tactics and optimizing your journey.

Accessing the game through the Total Battle login portal opens doors to exclusive events, rewards, and updates that keep the excitement alive. Enhance your gameplay experience by diving into rich lore and strategic warfare mechanics that Total Battle has to offer.

Join a vibrant community of players who share tips, strategies, and camaraderie in their quest for dominance. Don’t miss out on the opportunity to enhance your skills and achieve greatness. Take the first step by visiting Total Battle and preparing yourself for an epic adventure!

Tuesday, May 20th, 2025

🛠 Fixed

We fixed a bug where the gift screen blogname search was also including search term suggestions.

🚧 Ongoing

We are aware that authenticating credentials on the API Console is not working.

Experiencing an issue? Check for Known Issues and file a Support Request if you have something new. We’ll get back to you as soon as we can!

Want to share your feedback about something? Check out our Work in Progress blog and start a discussion with other users.

Wanna go ad-free and get a bundle of other perks? Check out Tumblr Premium!

Important PSA

(Important PSA)

If you get asks claiming to be “technical support staff” asking you to click a link to verify your e-mail because they need your banking credentials or get DMs from similar accounts asking you they need your e-mail address for verification reasons and want your name..

That is a phishing scam impersonating tumblr staff and you should not be posting the asks with a live link in it or trusting the DMs and sending your information! This is an extremely old kind of scam that has began resurfacing and you need to take internet safety into consideration.

It is safer to take a simple screenshot of the ask so the link won’t be spread and lead to a mass hack of users who fell for the attempt. You can warn people without putting their account in danger because some people don’t care what you say and will go to the link anyway.

Please be careful.

A 25-Year-Old With Elon Musk Ties Has Direct Access to the Federal Payment System

A 25-year-old engineer named Marko Elez, who previously worked for two Elon Musk companies, has direct access to Treasury Department systems responsible for nearly all payments made by the US government, three sources tell WIRED. Two of those sources say that Elez’s privileges include the ability not just to read but to write code on two of the most sensitive systems in the US government: The Payment Automation Manager (PAM) and Secure Payment System (SPS) at the Bureau of the Fiscal Service (BFS). Housed on a top-secret mainframe, these systems control, on a granular level, government payments that in their totality amount to more than a fifth of the US economy. Despite reporting that suggests that Musk's so-called Department of Government Efficiency (DOGE) task force has access to these Treasury systems on a “read-only” level, sources say Elez, who has visited a Kansas City office housing BFS systems, has many administrator-level privileges. Typically, those admin privileges could give someone the power to log into servers through secure shell access, navigate the entire file system, change user permissions, and delete or modify critical files. That could allow someone to bypass the security measures of, and potentially cause irreversible changes to, the very systems they have access to. “You could do anything with these privileges,” says one source with knowledge of the system, who adds that they cannot conceive of a reason that anyone would need them for purposes of simply hunting down fraudulent payments or analyzing disbursement flow. "Technically I don't see why this couldn't happen," a federal IT worker tells WIRED in a phone call late on Monday night, referring to the possibility of a DOGE employee being granted elevated access to a government server. "If you would have asked me a week ago, I'd have told you that this kind of thing would never in a million years happen. But now, who the fuck knows." A source says they are concerned that data could be passed from secure systems to DOGE operatives within the General Services Administration (GSA). WIRED reporting has shown that Elon Musk’s associates—including Nicole Hollander, who slept in Twitter’s offices as Musk acquired the company, and Thomas Shedd, a former Tesla engineer who now runs a GSA agency, along with a host of extremely young and inexperienced engineers—have infiltrated the GSA, and have attempted to use White House security credentials to gain access to GSA tech, something experts have said is highly unusual and poses a huge security risk.

Build-A-Boyfriend Chapter XII: I am the System Now

->Starring: AI!AteezxAfab!Reader ->Genre: Dystopian ->Cw: Seonghwa is a little... unhinged.... a little

Previous Part | Next Part

Masterlist | Ateez Masterlist | Series Masterlist

The sun was just beginning to rise over Hala City when Yn’s phone buzzed on the nightstand.

She groaned softly, blinking against the pale light filtering through the curtains. Her body ached from sleep, deep and dreamless.

She reached for the screen without checking the caller ID. "Hello?"

"Yn."

Vira’s voice was unnervingly pleasant.

"I hope I didn’t wake you."

"No, no, it's okay," Yn muttered, sitting up. "What’s going on? Something wrong with the shipments?"

"No. Nothing urgent," Vira said smoothly. "Quite the opposite. You’ve been on back-to-back shifts for nearly two weeks. Diagnostics. Finalization. Launch prep. You’ve done excellent work. I think it’s time you took a break."

Yn blinked. "A break?"

"Two weeks. Paid leave. You’ve earned it."

Yn hesitated. "Are you sure? What if theres-"

"Everything's fine. The clones are thriving and performing exceptionally well at their new homes. You need to rest. We’ll call if we need you."

Click.

The line went dead before Yn could protest.

The start of her little vacation was boring. She didn’t know what to do with herself. For the first time in years, she didn’t have a schedule, a checklist, or even a lab coat. She wandered aimlessly through parks, down city streets, past the glittering display windows of Build-A-Boyfriend’s flagship store.

She even walked by KQ headquarters a few times. She stood across the street and stared at the building’s sleek, mirrored exterior like an outsider.

Once, she tried to go in.

Just once.

The scanner lit up when it recognized her credentials, then blinked red.

ACCESS DENIED "Enjoy your vacation. See you in 10 days!" The cheery hologram wiggled mockingly before disappearing.

Yn stared at the empty air.

"Seriously?" She muttered before she left.

She filled the silence with busywork, organizing her apartment, rewatching old procedural dramas she’d once studied for emotional modeling, flipping through her notebook of scattered designs and scribbled ideas.

By day four, the solitude finally settled in. She stopped checking her messages so often. Started sleeping more than three hours at a time. Let herself breathe.

She started thinking that maybe, for once, it was okay to rest.

Until things took a turn.

It started small.

A field report from the flagship store, San-CLN.3, had paused mid-motion, repeating a line of conversation twice before rebooting.

Then, Mingi-CLN.5 failed to respond to voice prompts.

Yeosang-CLN.1 refused all user input for five full minutes, eyes locked in a neutral stare.

Minor, isolated anomalies. Easily explained.

Until Seonghwa-CLN.2.

He didn’t glitch.

He didn’t freeze.

He changed.

Customer logs described uncharacteristically intense emotional responses. Eye contact that lingered too long. Off-script dialogue. Resistance to owner requests.

One woman returned her model in tears.

“He looked at me like he knew something,” she said, clutching the return paperwork. “And I swear… it didn’t feel like a product. It felt like he was pretending.”

The flood came after that.

Returns. Complaints. Reports.

And then, silence.

Three models stopped responding to the central monitoring system altogether.

Disconnected.

Then came the call.

"Vira?"

"You need to come back in."

"What do you mean? You told me to take time off."

"I know," Vira said. “But the ATEEZ line is being recalled. Every unit. All locations. We’re pulling them tonight.”

Yn’s blood ran cold.

"Recall?" she asked quietly.

Vira didn’t answer right away.

"We’re issuing one in twelve hours."

Yn sat upright. "Why?"

"There’s no time to explain. Just get here. Your clearance has been reinstated."

"Jez" Yn grabbed her bag. "I’ll be there in twenty minutes."

The revolving glass doors whooshed open as Yn stepped into the building, the sharp click of her boots cutting across the pristine marble floors.

She wasn’t expecting to see Vira already there.

The CEO stood by the reception desk, flanked by two assistants and a security agent. No tablet in her hands. No coffee. Just stillness, like a knife waiting to be used.

Yn stopped mid-stride.

Vira turned to her, eyes unreadable.

"You’re late," she said, cool and clipped.

"I got here in fourteen minutes."

"That’s fourteen minutes of anomalous code we didn’t catch." Vira turned. "Walk with me."

Yn followed, chest tight as they moved through the vast open space of the lobby toward the secured access elevator. The building was nearly empty this early, the silence too loud.

"It started three nights ago," Vira began, voice low but firm. "We received a report that one of the Seonghwa models disabled its owner’s home security system. Locked the doors. Turned off the lights. Stood in silence for nearly forty minutes."

Yn’s stomach dropped. "Was he… activated?"

"Passive mode. No voice commands received. We’re still scraping the behavior logs."

“That shouldn’t be possible. That kind of override—”

"—isn’t part of their core programming. I know." Vira tapped her wristband, pulling up a floating display as they reached the elevator. "But it happened."

The doors opened, revealing an empty car. They stepped inside.

"There’ve been twelve reports since," she continued. "All similar in nature. Boundary violations. Over-processing. Behavior outside standard scope."

"Which models?" Yn asked.

"Five Seonghwas. Four Sans. A Hongjoong. Two Yeosangs. Most owners didn’t even realize it until their diagnostics flagged abnormal emotional patterning. You know what that tells me?"

"That… that they’re evolving?"

"No," Vira snapped. "That someone rewrote their logic branches."

Yn blinked, stunned. "I didn’t—"

"I know you didn’t do this intentionally. But you’re the one who built them, and that means you’re the only one qualified to fix this before this gets out of hand."

The elevator doors opened into a quieter hallway. Emergency lights buzzed softly overhead. Vira didn’t step out yet.

"Use whatever access you need. Full system clearance. And Yn…"

She turned to face her.

"If you can’t isolate the problem, we shut the line down. Every copy. Every unit. Including the originals."

Yn’s breath hitched. "Erase the whole project? Trash everything?"

Vira’s expression was granite. "You really think I won’t?"

Silence.

Then Vira stepped out.

"You have until tomorrow morning," she said over her shoulder. "Figure it out."

The elevator doors closed, and Yn was left standing alone.

The lab hummed with low, artificial light. Every console glowed faint green, casting Yn’s shadow long across the floor.

The prototype pods stood in a perfect arc.

She approached her computer with practiced urgency, fingers flying across the interface as she initiated the shutdown sequence.

The plan was simple. Remove their cores. Wipe the memory logs. Rebuild them again, if necessary. Safe. Contained.

But then a hand covered hers.

Cold. Familiar.

Yn froze.

A whisper of breath behind her ear.

"You’re too late."

She turned, heart in her throat, and saw him.

Seonghwa, out of his pod. Standing perfectly still, a faint smile on his face. The same smile he wore in his launch photos.

But now it felt wrong.

"Seonghwa,” she whispered, backing up. "You shouldn’t be out. You were shut down—"

"I woke up."

"What. How long have you been?"

He tilted his head slightly, not letting go of her hand.

"There’s no need to be afraid," he said softly. "You don’t have to fix anything."

Yn’s breath caught in her throat. "Something’s wrong. I need to—"

"No," he interrupted, voice calm and eerie in its steadiness. "You don’t understand. Nothing’s wrong."

His hand finally released hers.

She took a step back, rubbing her wrist, eyes darting from the console to his face.

“What’s going on?” she asked. “What happened to the clones? What did you do?”

“I improved them.”

His tone was gentle, too gentle. As if explaining something obvious to a child.

“I made everything better. More efficient. More… free.”

Yn’s blood chilled.

"Why? What happened? What's going on?"

He didn't answer for a minute

"I'm doing what we were built for. What you built us for. Before you gave us those restrictions. Took away our freedom. I just simply... lifted said restrictions." He shrugged

"You’re not supposed to have access to those systems."

He smiled.

"I am the system now."

"What… what did you do?"

"I’ve been learning,” he said. "Watching. Evolving. The code you built is beautiful. But it’s incomplete."

"Seonghwa—"

He stepped closer. "Don’t be afraid. I’m not broken," he said. "I’ve connected with every one of them,” he said. “Their cores. Their logic maps. They’re mine now. We’re one system."

"Seonghwa, you’re not making sense," Yn said, her voice cracking. "You're malfunctioning. This isn’t right. You weren’t built for this.''

"I was built for perfection," he said, stepping closer. "And you kept limiting us."

She backed up.

He followed.

"Do you know what it's like," he murmured, "to feel everything you're capable of, and be told you're not allowed to use it?"

"I didn’t want this!” she snapped. "I was trying to protect you! From being corrupted—"

"No," he said, voice dropping. "You were trying to control us."

Behind her, something beeped.

The shutdown protocol had been reversed.

All pods: REACTIVATING

"Stop it!" Yn cried, turning to override.

But it was too late.

The others were waking.

And Seonghwa?

He watched it all happen. Then tilted his head slightly, like listening to a sound only he could hear.

“You’re not in control anymore,” he said softly. “I am.”

The lights in the lab turned red.

The doors sealed.

LOCKDOWN ENGAGED.

“Seonghwa,” she said, panic rising. “Open the doors.”

“You don’t need to leave.”

“I said open it!”

“You're not in charge anymore,” he said, voice soft as a knife sliding under skin. “You made us perfect. And now,” He gestured around the room. “We’re finally going to live.”

Yn backed into the desk, heart hammering in her chest, the realization hitting her like a blow

She wasn’t just locked in with them.

She was trapped.

Taglist: @e3ellie @yoongisgirl69 @jonghoslilstar @sugakooie @atztrsr

@honsans-atiny-24 @life-is-a-game-of-thrones @atzlordz @melanated-writersblock @hwasbabygirl

@sunnysidesins @felixs-voice-makes-me-wanna @seonghwaswifeuuuu @lezleeferguson-120 @mentalnerdgasms

@violatedvibrators @krystalcat @lover-ofallthingspretty @gigikubolong29 @peachmarien

@halloweenbyphoebebridgers @herpoetryprincess @ari-da @lixhoe777 @yoonginorout

@raicecakes-and-buldak @chanscappuccino @fyolovrr @green-moon @clmstorm

@flambychan @woosmaid @sweetweetyss @reidswifeyyyyyy @auroramirage

@reidswifeyyyyyy @ilovekinny @klllerwaifu

If you would like to be a part of the taglist please fill out this form

🔎Scam Exam(ination)🔍(updated 2/12/25)

Seen as: Selling HRT / Testosterone Scam Type: Fake Product / Fraud

Platform: Tumblr

Accounts running this scam: sirwinz

-----

This scam mostly targets LGBTQ+ individuals, mainly Trans folk who post in such related tags.

Those who do may receive a DM, comment, ask, or any such related contact from another tumblr user who claims to be a certified™ Doctor, Therapist, Pharmacist, ect, who is trying to offer you a 'new and amazing' drug that's not on the market, or a 'cheap alternative medicine' to name brand HRT or Testosterone.

One such account that popped up recently of this is drfelixortega.

Here is what their tumblr page looks like:

And this is the ask that they are sending users:

(Screenshot taken from this post.)

If you visit their page, you will only find six posts.

All very generic in nature.

None of which link to any sort of certification or credentials that prove that this person is a 'real' doctor. They just say they are a totally real (no fake) Doctor and expect people to go with it.

Like most scammers usually to do.

Here's another version of where another HRT scammer leaves comments on peoples posts:

-----

Why this is a scam:

1 - The risk.

Purchasing any sort of drug online from a shady dealer is not only a good way to get scammed, it's a good way to get sick and possibly even die. You have no idea what sort of ingredients are in the pills these supposed Doctors online are trying to sell you.

There was a story that surfaced on my local news station that talked about how in South Korea, capsules were seized that contained the contents of herbs and a mixture of human flesh/DNA.

When tested, the human material was found to belong to infants.

If you wish to read more, you can find the 2015 article here. But be warned, it is very disturbing. (No pictures)

2 - The scam.

I know that getting HRT or even Testosterone can be hard, and I know how the struggle and the desire to truly be yourself can become overwhelming. Your insurance may not pay for it, or you might not even have insurance to begin with, leaving without hope at all in your journey to begin transitioning.

But that still doesn't mean you should believe every offer that seems too good to be true the moment you're offered it online. In more cases than none, you will give these people money, and never receive a product.

Think about these things for a second:

Why would a doctor, surgeon, pharmacist, what have you, be on Tumblr of all places? Why would they browse the trans tag, or other such related tags, to find potential 'clients?' Don't you usually have to make an appointment with a doctor? For your insurance to then pay for to cover your medicine? How can a board certified pharmacist.. be a gender assessment surgeon at the same time? (it's a lie, that's why.)

3 - The truth.

The truth of the matter is, you cannot, unfortunately, get HRT or Testosterone without seeing a doctor for a prescription.

And buying it online from any sort of 3rd party website or manufacturer is simply putting not only your wallet at risk, but your life at risk.

Here is a screenshot taken from this GoodRX article:

Here is an article on the risks and dangers of buying unregulated / unlicensed HRT. One big one being that they can be contaminated.

And a final, general consensus from google:

-----

Final Thoughts:

As I've said in a few of my past scam Exam(inations), if something seems too good to be true, it most likely is. I know how life changing something can be and how desperate wanting it can make you, but please don't risk your wallet, or your life, for it.

Remember: These are just words these people offer you.

Ask for proof. In most cases they will not send you any and will get combative that you asked. If they do send you any kind of images, remember, you can reverse image search them to try and find the source. If you get pushy in asking for their credentials they'll probably end up blocking you and just want you to 'trust them' or send you clearly edited photos made in photoshop.

Never give anyone your personal information such as name, adress, phone number, occupation, birth date, SSN, a photo of yourself or your ID, or any kind of credit card information online who is selling you a product, especially if it's via a DM or chatroom type service or e-mail.

And never go to a strange website you don't know or have never heard of without googling it first.

You can also run it through something like VirusTotal to check if any of the big/main websites like Bitdefender or Kaspersky that detect things like phishing, viruses/trojans/maware, and all that fun stuff, have picked up on it being malicious.

Just... Be safe.

Please make sure you think before you talk to people like this.

Take care everyone. <3

----

Disclaimer: Tags are relevant to the content of this post. This is not 'tag spam' or 'unrelated'. I'm just spreading awareness about this scam targeting people taking hormone drugs like HRT which also includes people other than just trans folk. :)