cecilio cedeño

🚨 CYBERINTEL ALERT: MASSIVE LEAK OF STATE, EDUCATIONAL, AND MEDIA INFRASTRUCTURE – ARGENTINA 🇦🇷🏛️📂🔓 [STATUS: UNDER INVESTIGATION] One of the most critical postings regarding the digital infrastructure of the Argentine Republic has been detected. Threat actor Skull1172, representing the group EsqueleSquad TEAM, has announced the massive leakage of data originating from multiple government (.gob.ar), educational (.edu.ar), and media (Crónica: https://t.co/TOAleGVzGf) domains. The attacker claims that these compromises were carried out between 2024 and 2026, culminating in a consolidated database of over 80 million records, and threatens to release an archive exceeding 50 GB if the post receives sufficient support on the forum. 🏢 Affected Sectors: Federal and Provincial Government, Public University System, Media Outlets (Argentina). 👤 Threat Actor: EsqueleSquad TEAM (User: Skull1172). 📊 Total Exfiltrated Volume: 80,000,000 lines of credentials (Phone numbers, DNI/CUIL, email addresses, passwords, and vehicle license plates). 154,654 compromised webmail conversations. 📅 Report Date: May 6, 2026. ⚠️ Status: SAMPLE AVAILABLE / THREAT OF +50GB LEAK. 📊 Compromised Infrastructure and Domains 1. Government Entities and Citizen Services (.gob.ar) The actor lists over 900 affected pages. Among the most critical access points are: AFIP (https://t.co/dTbL2scGGj): 11.8 million claimed records. ANSES (https://t.co/VAJRFJCvhD and APIs). Identity and Management: Mi Argentina (https://t.co/lA5nKhlXZA, https://t.co/L6EdQl9j0m), GDE – Electronic Document Management (https://t.co/nMn3YZHYAw, https://t.co/nMcNiDGzU7). Transport and Education: SUBE (https://t.co/wMecehHzLd, https://t.co/scQHqIwP5B), Progresar Scholarships (https://t.co/rvpFJmWR7p, with 650k records), and Road Safety. Provincial/CABA Portals: https://t.co/bJjITEG1nr, https://t.co/gATsx5gBAV, AGIP (https://t.co/nczfFa6ern), Chaco (https://t.co/F9ccmybKhs). 2. University Sector (.edu.ar) Systemic compromise of academic self-service portals at universities such as: UNER, UNTREF, UNVM, UNTDF, UCU, USAL, UNO, UNPILAR, UPC, UPATECO, UNAM, UGD, and UNLAM. 3. Media Sector: Crónica (https://t.co/TOAleGVzGf) The group claims to have breached the news channel's administration panels, metrics, and FTP servers. Of extreme gravity is the actor's claim to possess confidential information ("sensitive panels") that allegedly exposes the receipt of government funds, thereby exposing data regarding the media outlet's employees. 🛡️ Immediate Response Recommendations 🔒 API Blocking and Rate Limiting: The National Cybersecurity Directorate and the affected ministries must implement strict Rate Limiting and authentication audits (Tokens/OAuth) on exposed ANSES and RENAPER endpoints to halt the ongoing scraping activity. 🔑 Mass Credential Reset: It is imperative to force password changes (for *Clave Fiscal* and *Mi Argentina* accounts) and mandate the use of Multi-Factor Authentication (MFA) for all government employees (within the GDE system) and citizens. Monitor: https://t.co/wk9bZJ3laQ #CyberSecurity #Argentina #DataBreach #AFIP #ANSES #RENAPER #Cronica #EsqueleSquad #OSINT #CyberAlert #VECERT 🇦🇷🛡️⚠️🚨🏛️

🇻🇪 Massive Alleged Leak of Venezuelan SENIAT Database (13.8M Records) A threat actor claims to have exfiltrated a large-scale dataset from Venezuela’s SENIAT (tax authority), exposing millions of records tied to individuals and businesses. 📊 Leak Overview: • Target: SENIAT (Venezuelan National Tax Authority) • Total records: ~13.8 million •12.3M individuals •1.5M legal entities • Data shared with sample (PoC) 🧾 Alleged Data Includes: • National ID and Tax ID (RIF) • Full names and business names • Physical addresses (state, municipality, sector) • Phone numbers (mobile & landline) • Date of birth • Tax-related roles (withholding/collection agents) • Shareholder and corporate data • Document and verification details 🧠 Threat Intelligence Insight: • Dataset structure indicates: •Government tax system backend extraction • High-value dataset for: •Identity theft •Financial fraud •Large-scale phishing campaigns • Scope suggests either: •Significant breach •Or aggregation of multiple datasets ⚠️ Potential Impact: • Nationwide exposure of sensitive citizen data • Business and corporate intelligence compromise • Increased risk of fraud targeting Venezuelan entities 📊 Status: Unverified — authenticity and recency not confirmed 💬 Large government datasets at this scale represent long-term exploitation risk, even if partially outdated. #CyberSecurity #DataLeak #DarkWeb #Venezuela #ThreatIntel #Government #DDW

🚨 We are now observing further exploitation of the recent FortiClient zero-day (CVE-2026-35616) No public POC exists to date, and this exploit has roughly the same structure as the observed zero-day exploit. To identify potential compromise, defenders should look for traffic from unknown IPs with the X-SSL-CLIENT-VERIFY header set to SUCCESS The two exploiting IP addresses to date: 51.79.66.]183 94.253.208.]16 Monitor exploits against Fortinet Forticlient EMS 👉 https://t.co/rEG9aqrq5l

🚨 CYBERSECURITY ALERT: Massive Offensive Against the Argentine State 🇦🇷⚔️ Analyzer has detected a coordinated hacking operation of unprecedented scale targeting the digital infrastructure of the Republic of Argentina. The threat group CHRONUSTEAM has claimed responsibility for 28 new data breaches that compromise the country's most critical agencies. 📊 Attack Anatomy Threat Actor: CHRONUSTEAM Impact: 28 Threats Identified Simultaneously Victims: Government Agencies (National and Provincial), Security Forces, Health, and Finance Publication Date: March 30, 2026 🏛️ National and Financial Institutions Affected The attack has struck at the heart of the national administration and economy: Central Bank of Argentina (BCRA): Compromise in the financial sector. Chief of the Cabinet of Ministers: Access to the highest levels of the Executive Branch. National Ministries: Education, Health, and Security (SIMES). National Disability Agency: Exposure of data of citizens in vulnerable situations. Supreme Court of Justice of Buenos Aires: Breach in the technological/judicial sector. 👮 Security and Surveillance Forces Affected Multiple police databases have been compromised, posing a risk to public safety: Provincial Police Forces: Misiones (and Fire Department), Tucumán, Santiago del Estero, Córdoba, Entre Ríos, and the Ministry of Security of Salta. 🏥 Provincial Health and Education A massive data breach of sensitive information on citizens and education personnel has been reported: Health: Ministries of Health of Buenos Aires, Misiones, and Neuquén; OSEP (Mendoza) and IOMA (Buenos Aires). Education: Ministries of Chubut, Jujuy, Catamarca, and the National Survey of Educational Personnel (ReNPE). DGE: Report of a data breach of 200,000 lines. Monitor: https://t.co/wk9bZJ2Nli #CyberSecurity #Argentina #DataBreach #CHRONUSTEAM #BCRA #HackeoArgentina #InfoSec #CyberAlert #Ciberseguridad #SeguridadNacional #IOMA #JusticiaBA

0-Day Alert 🚨 Actor exploiting NetScaler ADC/Gateway zero-day (CVE-2025-7775). Exploitation confirmed on unmitigated appliances; patches are available now. Expect heavy exploitation in the near term. No public PoC observed as of today We have added a Netscaler honeypot / decoy for Defused Tactical users - and have deployed research honeypots to collect telemetry 🍯