MrSandman

🚨 CYBER INTELLIGENCE ALERT: 🇪🇸 [UNCONFIRMED / CRITICAL] SALE OF ACCESS TO PUBLIC ADMINISTRATION — SPAIN [STATUS: UNCONFIRMED L] A recent post has been detected on underground forums by the threat actor calling himself "kr0x6," announcing the sale of exclusive access to the infrastructure of an entity belonging to the Spanish Public Administration. Threat Actor: kr0x6 Target: Unspecified entity of the Spanish Public Administration 📂 Details of the Level of Compromise (Access and Exfiltrated Data) The perpetrator claims to have deep control over the institution's systems, exposing critical vectors for financial and operational manipulation: Infrastructure Access: Remote Code Execution (RCE) capability and compromised access to the webmail system. Financial Systems: Direct access to the entity's internal payment and billing programs. Data Exfiltration: Database dump consisting of 179 tables and 45.3 GB of compressed files, which include invoices and user/citizen records. Cryptographic Compromise: Theft of the official electronic certificate used by the entity to sign invoices submitted to the Spanish Tax Agency. ⚠️ Security Considerations and Imminent Risk Direct SEPA Fraud: The attacker explicitly states that, from the compromised payment program, it is possible to modify the bank details of employees or suppliers to divert funds via SEPA transfers. The attacker estimates that up to $91,000 USD can be diverted immediately. Tax Institutional Impersonation: The theft of the official electronic certificate allows the purchaser of this access to impersonate the digital identity of the affected public administration. This facilitates the commission of large-scale tax fraud, the issuance of false invoices, or the alteration of tax records with complete technical and cryptographic legitimacy. 🛡️ Recommended Actions (Strategic and Defensive Levels) Blocking and Auditing SEPA Transfers: Spanish public entities must immediately implement a two-factor authentication protocol (manual approval) for any recent changes to the destination bank accounts (IBANs) linked to employee payroll or supplier payments. Preventive Certificate Revocation: Audit the use of electronic certificates (such as those issued by the FNMT) linked to invoicing with the Tax Agency. If anomalous signatures, access, or connections are detected, the compromised certificate must be revoked immediately. VECERT TOOLS Strategic Monitoring Tools & Intelligence Platform: 🌐 https://t.co/wk9bZJ3laQ Security Verification & Monitoring: 🛡️ https://t.co/5LuqwzZ2HE #CyberSecurity 🔐 #Spain 🇪🇸 #InitialAccessBroker 🏴‍☠️ #SEPAFraud 💸 #DataBreach 📁 #ThreatIntelligence 📊 #VECERT 🏢

🚨 CYBER INTELLIGENCE ALERT: ⚠️ NEW THREAT ALERT — RAIDFORUMS RESURGENCE [STATUS: THREAT ACTIVITY / ILLICIT COMMUNITY EMERGENCE] Activity has been identified on threat intelligence channels alerting to the resurgence of the RaidForums platform, now under the domain raidforums(.)wtf. Identification: The site is being promoted under the premise of being "back under new management." Purpose: It is described as a space that seeks to encourage the growth of a "serious community," which, historically in this context, refers to the sale of leaked databases, hacking tools, and cybercrime. Evidence: The promotion of this domain has been detected through channels such as "Mossad Leaks." ⚠️ Security Considerations High Risk: The reappearance of this brand is a critical point of concern for security operations, as RaidForums has historically been the epicenter of the mass distribution of exfiltrated data. Recommended Action: SOC/CTI teams are advised to monitor this domain as a potential source of new security incidents and data breaches, given that sites of this type quickly attract high-profile malicious actors. #CyberSecurity 🔐 #RaidForums #ThreatIntelligence 📊 #DataBreach 📁 #UndergroundMarket #VECERT 🏢 #UnderInvestigation ⚠️

Meta is moving from one security failure to another. A few hours ago, a new logic bug dropped in the Web Reset flow, leaking sensitive account data before getting hit with an emergency hotfix. This is what happens when you fire the experts and rely on brain-dead AI to run core infrastructure. Meta’s security is an absolute circus. #cybersecurity #meta #instagram