El M10 🏴‍☠️ @hack4lifemx

🚨🇲🇽 A threat actor known as Skull1172, posting under the EsqueleSquad banner, claims to have breached multiple Mexican government and financial systems, including IMSS (Social Security Institute), Llave MX, SAT (tax authority), FONACOT, INFONAVIT, UNAM, and BBVA-linked services. The actor claims around 352.3 GB of data is exposed, totaling over 405 million assets including more than 96 million CURPs (national IDs) and full names, 60 million emails, 58 million passwords, 10 million phone numbers, and 84 million location records. They say samples and full data will be released for free after classification, and have posted screenshots to back the claim. Claim is unverified. 💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing

keyboard_arrow_left Previous keyboard_arrow_right Next

🇲🇽 Massive Mexico Government & Enterprise Data Collection Advertised on Cybercrime Forum * A threat actor is advertising a large dataset allegedly containing records associated with multiple Mexican government and private-sector organizations. * The listing references: * IMSS (Mexican Social Security Institute) * Llave MX * SAT (Tax Administration Service) * FONACOT * INFONAVIT * BBVA-related OWA data * Total claimed dataset size: 352.3 GB * According to the threat actor's description, the collection allegedly contains: * More than 60 million email addresses * More than 58 million passwords * Additional identity and account-related information * The authenticity, origin, and uniqueness of the dataset have not been independently verified. * If legitimate, data of this scale could present significant risks including: * Credential stuffing attacks * Government employee targeting * Identity theft * Financial fraud * Business email compromise (BEC) * Large-scale phishing and social engineering campaigns * Threat actors frequently aggregate data from multiple historical breaches, stealer logs, credential collections, and public leaks into a single package before advertising it as a new dataset. * Organizations potentially referenced in the listing should: * Investigate for signs of credential exposure * Enforce MFA across all services * Monitor for suspicious authentication attempts * Review dark web exposure of employee accounts * Reset credentials where compromise is suspected Analyst Note: Large "combo" datasets are increasingly common in underground communities. While the headline numbers often appear alarming, it is critical to determine whether the records are fresh, unique, and sourced from a recent compromise or simply aggregated from years of previously leaked data. Independent validation is required before attributing the data to any newly discovered breach. #DDW #DarkWeb #Intelligence #DataBreach #Mexico

⚠️🇲🇽Alerta: Se reporta la filtración de información atribuida a la Secretaría de Salud Pública de la Ciudad de México, dependencia del gobierno capitalino encargada de diseñar, ejecutar y coordinar las políticas públicas en materia de salud,

🔴 URGENTE : Un banco Extranjero como @SantanderMx se presta y para que el gobierno te espíe ! Y te obliga a que registres tu celular . Busquen otro banco ya!

🚨🇲🇽 A threat actor known as Masterbyte is selling a dataset allegedly tied to Hyundai Steel Mexico, the Mexican subsidiary of Korea's Hyundai Steel, based in Pesquería, Nuevo León. The actor claims around 53 GB of data covering 67,000 files are exposed, spanning the period 2018 to 2026, including delivery notes, cargo and shipping documents, invoices and payment records, claims and reports, orders, and employee resumes and personal/identification documents. Sample documents have been posted to back the claim. 💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing

keyboard_arrow_left Previous keyboard_arrow_right Next

⚠️🇲🇽Alerta: Se reporta la filtración de información correspondiente a más de 1,500 personas que confiaron sus datos médicos más sensibles a la Secretaría de Salud de México, específicamente al Programa de Prevención y Control de Cáncer Cervicouterino.

Esto es grave. Me preocupa que no entiendan cómo pudieron haber utilizado las credenciales de cualquier usuario. ¡Hay miles de millones filtradas! Y ya hablan de un detenido. ¿Su delito es haber caído en malware? @AleGutierrez_mx, no fabriquen culpables. Sean responsables.

 𝕏 Demonoid  (antes Larry) @ZeRoMMX

2 days ago

Hola @ivillasenor que tal la prensa comprada @heraldoleon por @municipio_leon @AleGutierrez_mx que feo que nos quieran ver la cara, dan asco que en lugar de brindar ciber seguridad mejor gasten para intentar desaparecer el problema. @VivoEnLeon @Snipermx que opinan amigos.

3 8 20 9K 0

🇲🇽 Mexico: CAEM & SIAF Government Database Allegedly Leaked – 87.5 Million Records Claimed * Threat actor claims to have leaked data associated with: * Comisión del Agua del Estado de México (CAEM) * Sistema Integral de Administración Financiera (SIAF) * Sistema de Gestión Documental (SIGED) * According to the post, the alleged dataset spans nearly three decades (1997–2026) * Claimed exposure includes: * 720 database tables * 87.5 million rows * Approximately 21.4 GB of extracted data * The actor describes the dataset as containing administrative, financial, and document-management information linked to government operations within the State of Mexico * If authentic, the breach would represent a significant exposure of public-sector information and could impact government personnel, contractors, and citizens whose records may be stored within the affected systems Analyst Note: Large government datasets often contain a mixture of citizen information, internal administrative records, procurement details, financial documents, and operational data. While the authenticity of this claim remains unverified, the alleged scale—87.5 million records spanning 29 years—makes it noteworthy. Historical government data can remain valuable to threat actors long after collection, particularly when used for identity fraud, social engineering, intelligence gathering, and targeted phishing operations. #DDW #Intelligence #CAEM #DarkWeb

🇪🇸 Spain: Privalia Customer Database Allegedly Advertised for Sale * Threat actor claims to be offering data allegedly sourced from Privalia, a major Spain-based members-only e-commerce and fashion marketplace * The listing advertises approximately 628,000 user records * According to the seller, the dataset is divided into multiple categories including: * Customer contact profiles * Order and transaction records * Delivery and logistics information * Allegedly exposed customer information includes: * Email addresses * Full names * Phone numbers * Physical addresses * City, province, and postal code information * Birth dates * Gender data * Language preferences * Loyalty and account tier information * Communication preferences * Customer status and account metadata * The actor further claims access to order-related records containing: * Order values and purchase history * Shipping and delivery details * Payment method information * Discount and coupon usage * Loyalty points activity * Device and customer IP information * Transaction and refund metadata * At the time of reporting, Daily Dark Web has not independently verified the authenticity of the dataset or the claims made by the threat actor Analyst Note: Retail and e-commerce datasets are often underestimated compared to financial or healthcare breaches. However, combining customer profiles, purchase behavior, delivery information, and communication preferences can provide cybercriminals with highly effective material for targeted phishing, account takeover attempts, delivery scams, and large-scale identity profiling operations. #DDW #Intelligence #Privalia #DarkWeb

Y de esas del gob.mx con la entrada predeterminada del #WordPress es muy común, clasico de dejar las cosas a la mitad

keyboard_arrow_left Previous keyboard_arrow_right Next

Ernesto Gabriel Paz Rizzo @EDOMEX_CDMX_MEX

4 days ago

La web oficial de Finanzas de Oaxaca mostrando la entrada predeterminada de WordPress "¡Hola mundo!". Un descuido técnico que expone falta de mantenimiento en el sitio.

2 2 15 3K 1

La web oficial de Finanzas de Oaxaca mostrando la entrada predeterminada de WordPress "¡Hola mundo!". Un descuido técnico que expone falta de mantenimiento en el sitio.

🇲🇽 Mexico: Campeche State Adult Education Institute (IEEA) Allegedly Breached * Threat actor claims to have compromised the State Institute for Adult Education (IEEA) in Campeche, Mexico * The actor alleges the breach affected records associated with both employees and students * According to the listing, exposed information includes: * Full names * Phone numbers * Employee records * Student records * CURP identifiers * Email addresses * Salary information * The threat actor published sample data and promoted the leak through underground channels * The post specifically references Campeche state government branding and the IEEA educational institution * At the time of reporting, Daily Dark Web has not independently verified the authenticity of the data, the extent of the exposure, or whether the information originated from official government systems Analyst Note: Educational institutions frequently store a broad mix of student, employee, and administrative records in centralized systems. If the claims are accurate, the exposure of identity information alongside employment and salary data could create risks ranging from identity theft and targeted phishing to fraud and social engineering campaigns. Government-affiliated educational organizations remain attractive targets due to the volume of personal data they maintain and often limited cybersecurity resources. #DDW #Intelligence #Mexico #DarkWeb

Cinco 0-days de OpenClaw permiten secuestrar agentes de IA confiables Se han descubierto cinco vulnerabilidades de día cero en OpenClaw, una herramienta que integra agentes de IA en plataformas como Slack, Discord, Microsoft Teams, Matrix y Telegram blog.elhacker.net/2026/06/cinco-…

🔴#ACTUALIDAD🔴 Meta corrige un fallo en su asistente de IA que permitió el robo de cuentas de Instagram👇lisanews.org/actualidad/met…

🇲🇽 Mexico: Instituto Tecnológico Superior de Huichapan (ITESHU) Database Allegedly Offered for Sale * Threat actor claims to be selling a database belonging to Instituto Tecnológico Superior de Huichapan (ITESHU), a higher education institution in Mexico * The advertised dataset is presented as a 22.7 MB SQL database consisting of 16 SQL files * According to the listing, exposed information may include: * Student identifiers * Full names * Academic majors * Phone numbers * Email addresses * CURP national identification numbers * Blood type information * The threat actor further claims the full database contains additional records relating to: * Administrative staff * Faculty members * User credential hashes * Health-related information * Financial and loan-related records * Sample data was provided in the listing as proof-of-possession, while the seller states pricing is available through private negotiation Analyst Note: Educational institutions continue to be targeted due to the concentration of student, faculty, and administrative records stored within centralized systems. If verified, the exposure of national identifiers, contact information, health data, and credential-related records could create opportunities for identity theft, phishing campaigns, account compromise attempts, and broader social engineering attacks against students and university personnel. #DDW #Intelligence #ITESHU #DarkWeb

Espionaje cibernético chino expone riesgos para la infraestructura crítica de Latinoamérica dialogo-americas.com/es/articles/es…

The first cyberattack in history using prompt injection. Attackers used Meta’s chatbot as a tool to take over Instagram accounts belonging to well-known people, brands, and institutions. By manipulating Meta’s AI support system, they convinced it to perform a critical administrative operation: changing or adding an email address associated with the victim’s account. Basic mistake: using LLM as a security boundary. The attacker contacted Meta’s bot, provided the username of the account they wanted to take over, and asked it to link that account to a new email address controlled by the attacker. In practice, this meant that the person controlling the new email address could receive or provide the confirmation code, and then use the modified recovery channel to reset the password and take over the account. AI support became a path for bypassing account security. If a chatbot can change an email address or initiate account recovery without independent verification of the owner, the attacker does not need to know the password or break through traditional security controls. It is sufficient to convince the automated support operator to perform an operation that the attacker should not normally be allowed to request. theverge.com/tech/941179/me…

⚠️🇲🇽Alerta: Se reporta la filtración de información del Colegio de Estudios Científicos y Tecnológicos del Estado de Oaxaca (CECyTE Oaxaca), institución pública de educación media superior.

🤖 An autonomous AI tool found a Redis RCE vulnerability that went unnoticed for more than two years. CVE-2026-23479 can let an authenticated user execute OS commands on the server. The flaw was introduced in Redis 7.2.0 and affected every stable branch until patches were released on May 5. 🔧 Details: thehackernews.com/2026/06/autono…