🚨 CYBER INTELLIGENCE ALERT: TOURISM AND AIRLINE RESERVATIONS SECTOR — BRAZIL 🇧🇷
[STATUS: ALLEGEDLY COMPROMISED / UNCONFIRMED / COMMERCIAL COMPROMISE / SOURCE: DARKFORUMS / DATE: JULY 1, 2026]
Through monitoring of clandestine information trading platforms and forums, a critical post by the threat actor Datavortex_BD has been detected on the DarkForums community. The attacker claims to have exfiltrated a detailed database of transactions, flight reservations, and passenger profiles in Brazil linked to the corporate domain https://t.co/qjNJ4PLd9i.
🏢 Allegedly Affected Entity: Outs Digital (https://t.co/qjNJ4PLd9i — Digital solutions and integrations platform/agency, allegedly linked to the processing or development gateway of established travel agencies in Brazil such as Zupper).
👤 Threat Actor: Datavortex_BD
⚔️ Data Source Channels: Transaction logs and customer tracking from metasearch engines and global agencies such as Skyscanner, Momondo, Viajala, Kayak, Google Ads, among others.
🔍 Verification Status: NOT CONFIRMED BY THE COMPANY. As of July 1, 2026, the platform administration has not issued any breach alerts or mitigation statements.
🗂️ FORENSIC ANALYSIS AND TAXONOMY OF THE FILTERED REPOSITORY
The sample in flat view reveals a comprehensive transactional matrix that combines Personally Identifiable Information (PII) with financial data, payment gateway logs, and fraud prevention engines:
👤 1. Profiling and Personally Identifiable Information (PII)
Civil Registry and Identifiers: Legible full names of Brazilian passengers, gender, age, and verified CPF (Cadastro de Pessoas Físicas) number.
Contact Channels: Personal and corporate email addresses (e.g., Hotmail, Gmail, Yahoo, Outlook, and business interfaces such as @totalplast.com.br) paired with one or two mobile phone numbers with the country code 55.
✈️ 2. Flight Logistics and Marketing Attribution (UTM Metadata)
Itineraries and Reservations: Booking locator codes, trip types (Domestic), flight dates, and ticket status (Issued Auto, Cancelled Auto).
Campaign Attribution (UTM): Commercial tracking columns detailing the customer's platform of origin: utmSource (e.g., Skyscanner, Momondo, Viajala, Google Ads) and utmMedium (e.g., mobile, desktop, core_mobile).
💳 3. Financial Logic, Fraud Metrics, and Payment Gateways
The most sensitive technical aspect reveals the integration of API responses from the main payment gateways. Payment processing and fraud validation providers in Brazilian e-commerce:
Fraud Score Providers: Records the approval status of leading tools such as ClearSale (clearSaleStatus), Konduto (kondutoStatus, e.g., Approved, Divergent, Suspected of Fraud), and the final risk status (fraudStatus, e.g., Approved by History).
Payment Gateways and Cards: Processing logs from Braspag (braspagStatus), payment methods used (Credit Card or Paymee - Pix), credit card type (ccType / cardType, e.g., Elo, Visa, Mastercard), and transaction status.
🛡️ PREVENTIVE TECHNICAL CONTAINMENT RECOMMENDATIONS (SOC / CERT-BR)
🛑 Forensic Audit of API Connections and Log Leaks (Entity Action): Infrastructure administrators are urged to Outs. digital and partner agencies are conducting a comprehensive forensic review of database logs from 2023 to 2026. It is critical to determine whether the leak was due to an unprotected cloud log backup repository (exposed S3 bucket or elastic) or the compromise of administrator account credentials.
🔑 Urgent Rotation of Payment Gateway API Keys: Change and renew security keys (API keys) and communication tokens with the integrated services of Braspag, ClearSale, and Konduto to prevent interception or manipulation of live transactions.
📊 MONITORING AND EVALUATION
Intelligence System: https://t.co/wk9bZJ2Nli
#CyberSecurity #Brazil #OutsDigital #Zupper #DataLeak #TravelData #CPFLeak #ClearSale #Konduto #Braspag #Skyscanner #FlightBreach #Datavortex #ThreatIntelligence #CyberAlert #VECERT #Infosec #UnverifiedIncident
🚨 CYBER INTELLIGENCE ALERT: FINANCIAL AND FINTECH SECTORS — BRAZIL 🇧🇷
[STATUS: ALLEGED INFRASTRUCTURE / UNCONFIRMED / FINANCIAL SECTOR / SOURCE: DARKFORUMS / DATE: JULY 2, 2026]
THE ACTOR "KA1DO" CLAIMS ACCESS TO THE BACKEND OF VIPS CORRETORA DE CÂMBIO, EXPOSING CLIENT DATA, GOVERNMENT CREDENTIALS, AND R$ 330M IN TRANSACTIONS
Through passive monitoring of clandestine information trading platforms and forums, a post by the threat actor using the alias ka1do has been detected on the DarkForums community. The attacker claims to have full access to the backend and sensitive records of VIPS Corretora de Câmbio S.A., a Brazilian foreign exchange broker and financial institution regulated by the Central Bank of Brazil (BACEN). The actor has put a data dump exceeding 350 MB up for sale.
🏢 Allegedly Affected Entity: VIPS Corretora de Câmbio S.A. (https://t.co/GRvXIO5BWa / https://t.co/NnAzh6wE7n).
👤 Threat Actor: ka1do
🔍 Verification Status: UNCONFIRMED BY THE COMPANY OR REGULATOR. As of July 2, 2026, neither VIPS Corretora de Câmbio's management nor the Central Bank of Brazil has issued contingency statements or official reports confirming a breach of confidentiality or an intrusion into their systems.
The alert is being processed preventively: the attacker has included temporary validation links in PrivateBin that allegedly contain structured samples of financial and tax identification data of Brazilian citizens.
🗂️ TAXONOMIC ANALYSIS OF THE INVENTORY OF COMPROMISED ASSETS CLAIMED
According to the detailed description provided by the attacker, the intrusion has compromised the entire operational, tax, and regulatory compliance logic of the financial institution:
Customer Information and Tax Identification Numbers (PII): Exfiltration of 115,109 unique CPF (Brazilian Taxpayer Identification Numbers) belonging to clients and investors of the brokerage firm.
Account Data and Banking Histories: Detailed data from 2,414 customer bank accounts, along with data from 18 corporate bank accounts of the institution itself and records of financial transactions.
Infrastructure and Remote Access Credentials: The most critical vector of the breach includes 72 internal system credentials, company digital certificates along with their respective passwords, access credentials to government reporting portals, and active remote access connections to the firm's production servers.
Legal Documentation and Signed Contracts: Digitized copies of 3,595 contracts signed through the DocuSign platform.
Exposed Personnel and Corporate Intelligence: Exposure of the personal and contact information of 5 of the firm's directors, along with the profiling and access credentials of 72 employees.
Anti-Money Laundering (AML) Records: The attackers claim to possess records of more than R$330 million in transactions pending reporting to anti-money laundering (AML) authorities.
🛡️ PREVENTIVE TECHNICAL RECOMMENDATIONS FOR CONTAINMENT (SOC / INCIDENT RESPONSE)
🛑 Perimeter Isolation and Revocation of Digital Certificates (Institutional Action): VIPS Corretora de Câmbio network administrators are urged to immediately revoke and invalidate all current corporate digital certificates with the certification authorities (ICP-Brasil). It is a priority to isolate production servers from the external network and disable all remote access sessions and credentials (VPN, RDP, SSH) until a thorough audit is completed.
📊 MONITORING AND EVALUATION
Intelligence System: https://t.co/wk9bZJ2Nli
#CyberSecurity #Brazil #VipsCambio #VipsCorretora #FintechLeak #BACEN #CPFLeak #DocuSignExposure #BankAccountsLeak #AMLData #Ka1do #ThreatIntelligence #CyberAlert #VECERT #Infosec #UnverifiedIncident
@israelazev@demetriovec "eu sou enorme para o mundo todo."
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK!!
todo mundo quem, seu verme?? Vc é um patético minúsculo, nem o pessoal de sua casa devem lhe levar a sério...
"eu sou enorme para o mundo todo." KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
Michelle Bolsonaro é a Lady Macbeth da Franquia Bolsonaro. Na verdade, uma combinação de Lady Macbeth com Conto da Aia. Como reagir ao triângulo explosivo: Michelle Bolsonaro / Lady Macbeth / Conto da Aia. Como evitar que o fundamentalismo domine a política? Vamos conversar?
‼️ BREAKING: Anthropic has embedded hidden spyware-like code in Claude Code that covertly targets Chinese users. It then sends information regarding every user by injecting it into their prompt message.
Claude Code is sending info like timezone, proxy and possible AI Lab connections into the system prompt in ways Chinese users can't notice.
A coding agent with repo and command permissions should not silently hide routing metadata inside prompts. This is a serious breach of user trust.