Pic of the Day #infosec #cybersecurity #cybersecuritytips #pentesting #cybersecurityawareness

🚨 ALERT - A critical Splunk Enterprise flaw can go from “no login required” to remote code execution. Tracked as CVE-2026-20253, the bug carries a 9.8 CVSS score and affects vulnerable Splunk Enterprise servers through exposed PostgreSQL sidecar endpoints. The exploit chain is now public. Read the full story: thehackernews.com/2026/06/cr…

Pinches rateros 🐀

🚨🇲🇽 A threat actor known as vansel, posting under the banner #SoulHemTeam, is distributing a dataset allegedly tied to AAMATES (Ambiente para la Administración y Manejo de Atenciones en Salud), a system associated with Mexico's Secretaría de Salud (Ministry of Health). The actor claims to have hacked the entity and obtained all of its data, totaling 1,753,526 rows in JSON format and roughly 1 GB. Listed fields allegedly include patient names, paternal and maternal surnames, CURP, date of birth, sex, nationality, place of birth, active status, prescription status, affiliation, death date and unit, and record metadata such as creation and update timestamps and editor identifiers. Samples have been posted, with a download link provided directly and a Telegram contact. Claim is unverified. 💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing

🚨 CYBER INTELLIGENCE ALERT: 🇪🇸 [UNCONFIRMED / CRITICAL] SALE OF ACCESS TO PUBLIC ADMINISTRATION — SPAIN [STATUS: UNCONFIRMED L] A recent post has been detected on underground forums by the threat actor calling himself "kr0x6," announcing the sale of exclusive access to the infrastructure of an entity belonging to the Spanish Public Administration. Threat Actor: kr0x6 Target: Unspecified entity of the Spanish Public Administration 📂 Details of the Level of Compromise (Access and Exfiltrated Data) The perpetrator claims to have deep control over the institution's systems, exposing critical vectors for financial and operational manipulation: Infrastructure Access: Remote Code Execution (RCE) capability and compromised access to the webmail system. Financial Systems: Direct access to the entity's internal payment and billing programs. Data Exfiltration: Database dump consisting of 179 tables and 45.3 GB of compressed files, which include invoices and user/citizen records. Cryptographic Compromise: Theft of the official electronic certificate used by the entity to sign invoices submitted to the Spanish Tax Agency. ⚠️ Security Considerations and Imminent Risk Direct SEPA Fraud: The attacker explicitly states that, from the compromised payment program, it is possible to modify the bank details of employees or suppliers to divert funds via SEPA transfers. The attacker estimates that up to $91,000 USD can be diverted immediately. Tax Institutional Impersonation: The theft of the official electronic certificate allows the purchaser of this access to impersonate the digital identity of the affected public administration. This facilitates the commission of large-scale tax fraud, the issuance of false invoices, or the alteration of tax records with complete technical and cryptographic legitimacy. 🛡️ Recommended Actions (Strategic and Defensive Levels) Blocking and Auditing SEPA Transfers: Spanish public entities must immediately implement a two-factor authentication protocol (manual approval) for any recent changes to the destination bank accounts (IBANs) linked to employee payroll or supplier payments. Preventive Certificate Revocation: Audit the use of electronic certificates (such as those issued by the FNMT) linked to invoicing with the Tax Agency. If anomalous signatures, access, or connections are detected, the compromised certificate must be revoked immediately. VECERT TOOLS Strategic Monitoring Tools & Intelligence Platform: 🌐 analyzer.vecert.io Security Verification & Monitoring: 🛡️ monitor.vecert.io #CyberSecurity 🔐 #Spain 🇪🇸 #InitialAccessBroker 🏴‍☠️ #SEPAFraud 💸 #DataBreach 📁 #ThreatIntelligence 📊 #VECERT 🏢

🇪🇸 Spain - Public Administration A threat actor is advertising alleged access to a Spanish public administration environment, claiming control over multiple internal government systems. According to the listing, the actor possesses: * Remote Code Execution (RCE) * Database dump containing 179 tables * Government webmail access * 45.3 GB of internal files * Access to payment and invoice systems * Electronic certificates used for tax-related submissions The seller further claims the compromised environment could be used to modify employee payment data and redirect SEPA transactions. The access is being offered for $14,500 and is reportedly being sold to a single buyer. Daily Dark Web has not independently verified the authenticity of the claims. Analyst Note: Government access sales involving financial systems and digital signing certificates can present substantial operational and fraud risks. Compromise of trusted signing infrastructure may have consequences beyond data exposure, potentially impacting financial transactions and administrative processes. #DDW #Intelligence #DarkWeb #Spain

🚨Cyber Alert ‼️ 🇪🇸Spain - 𝗚𝗿𝘂𝗽𝗼 𝗡𝘂𝗲𝘃𝗮 𝗣𝗲𝘀𝗰𝗮𝗻𝗼𝘃𝗮 Dire Wolf hacking group claims to have breached Grupo Nueva Pescanova. The threat actor alleges the exfiltration of 300 GB of data, including corporate documents, financial and legal records, database backups, employee and customer data, and personal information. Threat actor: Dire Wolf Sector: Manufacturing Data exposure (claimed): 300 GB of data Data type: Internal documents, financial documents, legal documents, design drawings, database backups, employee records, audit documents, customer data, tax filing documents, financial records, personal information Observed: Jun 12, 2026 Status: Pending verification ESIX©: 5.40 Full details and impact assessment on HackRisk.io

🇲🇽 Mexico - Universidad Politécnica de Querétaro (UPQ) Data Allegedly Exposed A threat actor is advertising an alleged administrative dataset associated with Universidad Politécnica de Querétaro (UPQ), a public university in Mexico. According to the listing, approximately 5,185 records were exposed from university career-development and alumni systems. The allegedly compromised data includes: * Full names * Personal email addresses * Mobile phone numbers * Registration IDs * Employment information * Academic program details * Professional interests * Full CVs and resumes * Work history and skills data * Administrative records and timestamps If authentic, the exposure could facilitate recruitment fraud, identity theft, social engineering, and targeted phishing campaigns against students, graduates, and university affiliates. Daily Dark Web has not independently verified the authenticity of the dataset or the claims made by the threat actor. Analyst Note: Career services platforms often contain highly detailed personal and professional profiles, making them attractive targets for cybercriminals seeking data for employment-related fraud and spear-phishing operations. #DDW #Intelligence #DarkWeb #Mexico

🇲🇽 Mexican Government Education Database Allegedly Offered for Sale A threat actor is advertising an alleged database associated with seq.gob.mx, a website linked to the Ministry of Education of the State of Quintana Roo, Mexico. According to the listing, the exposed data may include: * User identifiers * Email addresses * Phone numbers * Usernames * Password-related fields * API tokens * Last login information * Authentication tokens The sample shared by the seller appears to contain application database records commonly associated with web-based user management systems. At the time of writing, Daily Dark Web has not independently verified the authenticity of the dataset or whether the information originated from seq.gob.mx systems. Analyst Note: Government-sector database exposures containing authentication-related fields such as API tokens and session tokens may present a greater risk than standard user information leaks, particularly if any credentials or tokens remain active. #DDW #Intelligence #DarkWeb #Mexico

🚨🇲🇽 A threat actor known as D3spair157 is distributing a dataset allegedly tied to the Universidad Politécnica de Querétaro (UPQ), a Mexican university, specifically targeting its student body and alumni archives. The actor claims the data was extracted from the university's administrative and career development portal and describes it as containing real-time 2026 records, totaling 5,185 entries in CSV and PDF format. Listed data points allegedly include full identity profiles with legal names, age, and registration IDs, verified personal emails and mobile numbers, professional and career details, full CVs with work history and skill matrices, self-assessed personality traits and objectives, and administrative timestamps. Claim is unverified. 💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing

CISA advierte de vulnerabilidad 0-day en Google Chromium explotada en ataques La Agencia de Seguridad de Infraestructura y Ciberseguridad de EE. UU. (CISA) ha emitido una advertencia urgente sobre una vulnerabilidad de Google Chromium, la cual está siendo explotada activamente CVE-2026-11645, afecta al motor de JavaScript V8 blog.elhacker.net/2026/06/ci…

Todos los colectivos mañana rumbo al azteca.

Agente de IA OpenClaw filtra credenciales en simulación de phishing Los agentes de IA se están integrando en la gestión de bandejas de entrada empresariales para clasificar mensajes y responder correos blog.elhacker.net/2026/06/ag…

Los firewalls no pueden detener esto. Un desarrollador acaba de abrir el código fuente de un túnel que hace pasar todo tu internet a través del puerto 53, el puerto que todos los routers en la Tierra están obligados a dejar abierto. Se llama MasterDnsVPN. Oculta tu tráfico dentro de consultas DNS, el único tipo de paquete que ninguna red puede bloquear sin romperse a sí misma. Cada firewall en la Tierra tiene que permitir DNS. Escuelas, aeropuertos, hoteles, WiFi de hoteles, países enteros con censura a nivel de ISP: todos ellos mantienen el puerto 53 abierto o nada en la red se resuelve. Este repositorio convierte esa laguna en un túnel cifrado completo. Aquí está lo que lo hace diferente de todos los túneles DNS que vinieron antes: → Capa ARQ personalizada te da confiabilidad a nivel TCP sobre UDP DNS, así que nada se pierde ni siquiera en redes basura → Envía cada paquete a través de hasta 12 rutas de resolvedor diferentes al mismo tiempo; si 11 fallan, el paquete aún llega → Sondas automáticas para el máximo tamaño de carga útil DNS que tu ruta puede manejar, luego fija el MTU más rápido posible → AES-256-GCM, ChaCha20, AES-128, AES-192 todo integrado, elige tu cifrado → Proxy SOCKS5 en 127.0.0.1:1080 apunta cualquier navegador o app hacia él y estás dentro Eliminado: $12/mes Mullvad, $10/mes NordVPN, $15/mes Astrill, todos los túneles DNS comerciales que cobran tarifas mensuales por exactamente la misma idea. Binarios precompilados para Windows, Linux AMD64, Linux ARM64, macOS ARM64. No se necesita instalación de Python. Configura dos registros DNS, inserta la clave de cifrado, ejecuta el binario. Funciona en entornos donde todos los demás protocolos VPN están muertos al llegar. Licencia MIT. 100% Código abierto.

SOC Analyst on their wedding day

⚠️ UPDATE: $33M has been stolen from Humanity Protocol after an employee’s device was compromised via a fake Zoom link The link installed a RAT on the employee’s device, which led to a seed phrase leak. Shortly after, over $30M in cryptocurrency was stolen.

🇲🇽 Mexican Federal Judiciary Database Allegedly Offered for Sale A threat actor is advertising what they claim is a database belonging to Mexico's Federal Judiciary (Poder Judicial de la Federación). * The seller claims the dataset contains approximately: * 11.4 million judicial case records ("expedientes") * According to the advertisement, the database allegedly includes: * Judicial circuits and court locations * Judges and magistrates with appointment information * Court secretaries and judicial personnel * Case records involving individuals and organizations * Mexican national identifiers (CURP and RFC) * Full residential addresses * Legal representatives and professional license information * Financial claim amounts and damages * Precautionary measures and judicial resolutions * Email addresses and telephone numbers * Electronic judicial addresses * FIREL digital identity tokens * Electronic signatures and digital acknowledgements * Judicial notifications and recipients * The scale and sensitivity described would make this one of the more significant alleged judicial data exposures reported in recent months if confirmed. * Potential risks include: * Exposure of sensitive legal proceedings * Privacy risks for citizens, attorneys, and court personnel * Identity theft and fraud * Targeted social engineering campaigns * Intelligence gathering against judicial officials * Abuse of legal and administrative information * Daily Dark Web has not independently verified: * The authenticity of the dataset * Whether the records originate from the Federal Judiciary * The accuracy of the claimed record count * Whether the data is recent or historical * Whether the seller possesses the full dataset Analyst Note: Judicial systems hold some of the most sensitive information maintained by governments, including legal disputes, personal identifiers, addresses, and court decisions. Claims involving judicial databases warrant immediate investigation due to the potential impact on citizens, legal professionals, and public trust in the justice system. #DDW #Intelligence #DarkWeb #Mexico

Las deficiencias en ciberseguridad de #CarrefourPASS demuestra que, como tantos otros, le importan más los beneficios que la protección de los clientes: vendidos y totalmente expuestos por su falta de diligencia. ¿Quién asumirá este riesgo? @CarrefourES

🇲🇽 Mexico's Institute of Digital Education (IEDEP) Data Leak Allegedly Published A threat actor claims to have leaked data belonging to the Instituto de Educación Digital del Estado de Puebla (IEDEP), a government educational institution in Puebla, Mexico. * According to the post, the exposed information allegedly includes: * Full names * CURP (Mexican national identification numbers) * RFC (tax identification numbers) * Residential addresses * Municipal information * Postal codes * Additional reference information * The actor presents the leak as a direct compromise of the institution and provides links allegedly containing the dataset. * If authentic, the exposed data could enable: * Identity theft * Financial fraud * Tax-related scams * Social engineering attacks * Targeted phishing campaigns * Student and citizen profiling * Government and educational institutions frequently store large volumes of personally identifiable information (PII), making them attractive targets for cybercriminals. * Daily Dark Web has not independently verified: * The authenticity of the dataset * The number of affected individuals * Whether the data originated from IEDEP systems * Whether the information is current or historical * Whether the actor possesses the complete dataset Analyst Note: The combination of CURP, RFC, and address information significantly increases the risk of identity-based fraud in Mexico. Even when no financial data is exposed, national identifiers can be leveraged for account takeovers, impersonation, and government-service fraud. Organizations handling citizen records should treat such claims as high priority and conduct immediate validation and incident response activities. #DDW #Intelligence #DarkWeb #Mexico

Un usuario de un foro de #hackers habría publicado #dataleak potencialmente vinculado al Consejo Nacional Electoral del #Ecuador 🇪🇨 (@cnegobec), un organismo gubernamental que organiza, administra y supervisa todos los procesos electorales en #Ecuador. Monitorea este incidente en #VenariX ➡️ venarix.com #InfoSec #Quito #CiberSeguridad #CiberAtaque