CloudBalta

🚨🇲🇽 A threat actor known as D3spair157 is distributing a dataset allegedly tied to the Universidad Politécnica de Querétaro (UPQ), a Mexican university, specifically targeting its student body and alumni archives. The actor claims the data was extracted from the university's administrative and career development portal and describes it as containing real-time 2026 records, totaling 5,185 entries in CSV and PDF format. Listed data points allegedly include full identity profiles with legal names, age, and registration IDs, verified personal emails and mobile numbers, professional and career details, full CVs with work history and skill matrices, self-assessed personality traits and objectives, and administrative timestamps. Claim is unverified. 💥 Stop guessing what's redacted. Paid subscribers see everything: https://t.co/281Qjc6p2J

🇲🇽 Mexico - Universidad Politécnica de Querétaro (UPQ) Data Allegedly Exposed A threat actor is advertising an alleged administrative dataset associated with Universidad Politécnica de Querétaro (UPQ), a public university in Mexico. According to the listing, approximately 5,185 records were exposed from university career-development and alumni systems. The allegedly compromised data includes: * Full names * Personal email addresses * Mobile phone numbers * Registration IDs * Employment information * Academic program details * Professional interests * Full CVs and resumes * Work history and skills data * Administrative records and timestamps If authentic, the exposure could facilitate recruitment fraud, identity theft, social engineering, and targeted phishing campaigns against students, graduates, and university affiliates. Daily Dark Web has not independently verified the authenticity of the dataset or the claims made by the threat actor. Analyst Note: Career services platforms often contain highly detailed personal and professional profiles, making them attractive targets for cybercriminals seeking data for employment-related fraud and spear-phishing operations. #DDW #Intelligence #DarkWeb #Mexico

🇲🇽 Mexican Government Education Database Allegedly Offered for Sale A threat actor is advertising an alleged database associated with https://t.co/0nR4NlD0iX, a website linked to the Ministry of Education of the State of Quintana Roo, Mexico. According to the listing, the exposed data may include: * User identifiers * Email addresses * Phone numbers * Usernames * Password-related fields * API tokens * Last login information * Authentication tokens The sample shared by the seller appears to contain application database records commonly associated with web-based user management systems. At the time of writing, Daily Dark Web has not independently verified the authenticity of the dataset or whether the information originated from https://t.co/0nR4NlD0iX systems. Analyst Note: Government-sector database exposures containing authentication-related fields such as API tokens and session tokens may present a greater risk than standard user information leaks, particularly if any credentials or tokens remain active. #DDW #Intelligence #DarkWeb #Mexico

🇲🇽 Mexican Federal Judiciary Database Allegedly Offered for Sale A threat actor is advertising what they claim is a database belonging to Mexico's Federal Judiciary (Poder Judicial de la Federación). * The seller claims the dataset contains approximately: * 11.4 million judicial case records ("expedientes") * According to the advertisement, the database allegedly includes: * Judicial circuits and court locations * Judges and magistrates with appointment information * Court secretaries and judicial personnel * Case records involving individuals and organizations * Mexican national identifiers (CURP and RFC) * Full residential addresses * Legal representatives and professional license information * Financial claim amounts and damages * Precautionary measures and judicial resolutions * Email addresses and telephone numbers * Electronic judicial addresses * FIREL digital identity tokens * Electronic signatures and digital acknowledgements * Judicial notifications and recipients * The scale and sensitivity described would make this one of the more significant alleged judicial data exposures reported in recent months if confirmed. * Potential risks include: * Exposure of sensitive legal proceedings * Privacy risks for citizens, attorneys, and court personnel * Identity theft and fraud * Targeted social engineering campaigns * Intelligence gathering against judicial officials * Abuse of legal and administrative information * Daily Dark Web has not independently verified: * The authenticity of the dataset * Whether the records originate from the Federal Judiciary * The accuracy of the claimed record count * Whether the data is recent or historical * Whether the seller possesses the full dataset Analyst Note: Judicial systems hold some of the most sensitive information maintained by governments, including legal disputes, personal identifiers, addresses, and court decisions. Claims involving judicial databases warrant immediate investigation due to the potential impact on citizens, legal professionals, and public trust in the justice system. #DDW #Intelligence #DarkWeb #Mexico

🇲🇽 Mexico: Benito Juárez (Cancún) Licensing Database Allegedly Leaked A threat actor is advertising an alleged leak involving licensing records associated with the Municipality of Benito Juárez, Quintana Roo (Cancún, Mexico). * The actor claims the dataset contains: * 36,999 licensing records * PDF and HTML files * Approximately 42.1 GB of data * According to the post, exposed information may include: * Personal information * Tax/Cadastral identifiers (Clave Catastral) * Phone numbers * Physical addresses * Email addresses * Business-related information * Municipal licensing records * The actor provided a JSON sample allegedly showing licensing and taxpayer-related fields, including business registration and operational information. * The post attributes the leak to a threat actor identified as "Alecc157" and offers the dataset for download. * At the time of reporting, the authenticity of the dataset and the source of the alleged compromise have not been independently verified. Analyst Note: Municipal licensing databases frequently contain a combination of citizen, taxpayer, and business information. If validated, this exposure could facilitate identity theft, targeted phishing campaigns, business fraud, and further intelligence collection against organizations operating in the Cancún region. #DDW #Intelligence #DarkWeb #Mexico

🇲🇽 Mexico: Jumex Data Allegedly Offered for Sale on Underground Forum A threat actor is claiming to possess data related to Grupo Jumex, one of Mexico's largest beverage manufacturers. * According to the forum post, the dataset allegedly contains information associated with: * Employees * Suppliers * Business partners * The actor is advertising the data privately and inviting interested buyers to make contact. * At the time of discovery, no information was provided regarding the total number of affected records, impacted individuals, or the specific data fields included in the alleged leak. * The authenticity of the dataset has not been independently verified. * If legitimate, exposure of employee, supplier, and partner information could increase the risk of: * Business email compromise (BEC) * Supply chain targeting * Vendor impersonation attacks * Social engineering campaigns * Corporate espionage activities Analyst Note: Third-party and supplier data often presents a significant security risk because threat actors frequently use trusted business relationships to gain access to larger targets. Even limited vendor information can be leveraged for highly convincing phishing and fraud campaigns. #DDW #Intelligence #DarkWeb #Mexico

🚨🇲🇽 A threat actor known as Skull1172, posting under the EsqueleSquad banner, claims to have breached multiple Mexican government and financial systems, including IMSS (Social Security Institute), Llave MX, SAT (tax authority), FONACOT, INFONAVIT, UNAM, and BBVA-linked services. The actor claims around 352.3 GB of data is exposed, totaling over 405 million assets including more than 96 million CURPs (national IDs) and full names, 60 million emails, 58 million passwords, 10 million phone numbers, and 84 million location records. They say samples and full data will be released for free after classification, and have posted screenshots to back the claim. Claim is unverified. 💥 Stop guessing what's redacted. Paid subscribers see everything: https://t.co/281Qjc6WSh

🚨🇲🇽 A threat actor known as cuatlicue is selling a dataset allegedly tied to Hospital Ángeles, a prestigious network of private hospitals in Mexico serving upper-middle and high-income patients. The actor claims to hold around 11 GB of data spanning 2021 to 2026, including patient records and lab results, and asserts the data contains information on high-profile individuals. A sample has been posted. Claim is unverified. 💥 Stop guessing what's redacted. Paid subscribers see everything: https://t.co/281Qjc6p2J