[EXCLUSIVO] 🚨 Por primera vez, una prueba documental revela la cruda realidad de la minería ilegal de oro en el Páramo de Santurbán, a más de 3.000 metros de altura.
En @vanguardiacom investigamos y llegamos hasta una bocamina oculta en la "fábrica del agua". Mientras la destrucción avanza en el hogar de los frailejones, este negocio ilegal genera cerca de $26.000 millones mensuales favorecido por los altos precios del oro.
Lo más grave: mientras usted lee esto, en Bucaramanga, Santander y el país... no pasa nada.
El equipo de Vanguardia analizó los desafíos ambientales, las decisiones políticas y las problemáticas sociales que marcan la agenda regional. Este domingo presentamos una cobertura especial con investigaciones, debates y entrevistas con contexto y datos verificados frente a la desinformación.
Desde la alarmante evidencia de la degradación ambiental en nuestras fuentes hídricas hasta el histórico dilema por la delimitación del Páramo de Santurbán, estas historias analizan los hechos con rigor. Además, profundizan en las tensiones institucionales y las posturas ministeriales que definen el futuro del agua en el nororiente colombiano.
Lea los informes completos y apoye el periodismo de calidad de la región.
1. Exclusivo: Fotografías revelan cómo la minería ilegal de oro destruyó el Páramo de Santurbán Una alarmante investigación gráfica que expone con pruebas contundentes el daño ambiental irreversible en zonas protegidas de nuestro ecosistema vital. 🔗 https://t.co/MM9QoJCD9x
2. Debate de opiniones por Santurbán: Delimitación del páramo y minería de oro Un análisis profundo sobre las posturas encontradas entre la urgencia de la conservación hídrica, la legalidad y la realidad socioeconómica de las comunidades tradicionales de la provincia de Soto Norte. 🔗 https://t.co/gPAEYyhMRF
3. Nuevo ministro de Ambiente, Fabio Arjona: "La delimitación de Santurbán sufre por hidrología política" Entrevista exclusiva con el jefe de la cartera ambiental sobre los retos técnicos, los intereses en juego y el complejo camino institucional para proteger la fábrica de agua de la región. 🔗 https://t.co/rQm7JqUHWe
Opsss
🛒 Temu | Alleged 310M User Database Advertised on Underground Forum
A threat actor is advertising what they claim is a database containing approximately 310 million Temu user records.
* According to the listing, the sample appears to include:
* User identifiers
* Email addresses
* Device and platform information
* App package and version
* Sign-up and last login IP addresses
* Locale and language settings
* Geographic information
* Account metadata and timestamps
* The seller claims to be offering the complete dataset for sale and has published a sample to support the advertisement.
* At the time of writing, there is no independent verification that the advertised dataset is authentic or originated from Temu.
Analyst Note: Large-scale consumer platform databases are frequently advertised on underground forums, but such claims should be treated cautiously until verified. If confirmed, the exposed metadata could enable phishing campaigns, account takeover attempts, and large-scale user profiling. Organizations should validate the claims before assessing impact.
#DDW #Intelligence #DarkWeb #Temu
🚨 CYBER INTELLIGENCE ALERT / ACCESS SALES: COORDINATED ACADEMIC SECTOR — LATIN AMERICA AND INTERNATIONAL 🇪🇨 🇨🇴 🇵🇰 🇺🇦
[STATUS: INITIAL ACCESS COMPROMISED / UNCONFIRMED / SOURCE: TELEGRAM]
ACTOR CLAIMS TO POSSESS INTERACTIVE WEBSHELL-TYPE ACCESS TO MULTIPLE UNIVERSITIES AND EDUCATIONAL PORTALS
Through passive monitoring activities on cybercrime channels and Telegram access marketplaces, a post forwarded from the BABAYO ERROR SYSTEM community by the operator JAX7 has been intercepted. As visually evidenced, a threat actor identified by the alias Pimzganteng claims to possess interactive shell access (.edu shell) to a list of network infrastructures and subdomains belonging to various higher education institutions, with a strong focus on Ecuador and Colombia, as well as assets in Pakistan and Ukraine.
🏢 Allegedly Affected Entities: Instituto Tecnológico Superior Sucre (Ecuador), Escuela Superior de Débora Arango (Colombia), Universidad Tecnológica de Pereira (Colombia), Bait-ul-Hamd (Pakistan), and the National Pedagogical University of Chernihiv (Ukraine).
👤 Threat Actor / Distributor: Pimzganteng
⚔️ Potential Attack Vector: Injection or illicit loading of web scripts (malicious webshells such as PHP, JSP, or ASPX) by exploiting vulnerabilities in Virtual Learning Environments (VLEs/Moodle), remote code execution (RCE) flaws in their outdated CMS, or compromise of administration panel credentials.
🔍 Verification Status: UNCONFIRMED. The message exposes a target list, but does not include logs of executed commands, extracted source code fragments, or captures of web terminals that would validate the active intrusion. The listed institutions have not registered any official public incidents as of June 25, 2026. However, the alert is classified as Medium-High Operational Severity due to the potential use of these servers as propagation bridges.
🗂️ FORENSIC ANALYSIS OF EXPOSED ENVIRONMENTS AND SUBDOMAINS
The detailed inventory reveals the profiling and logical mapping of specific subdomains that manage academic life, data storage, and internal processes of the institutions:
🇪🇨 1. Core Infrastructure of the Instituto Tecnológico Superior Sucre (Ecuador)
The attacker lists a widespread compromise across the core domain and six critical subdomains of the network of:
https://t.co/1SwYWaUgbM:
https://t.co/a4DEtCt5Tf: Virtual Learning Environment (interactive platform for students and professors).
https://t.co/5eIICARoan / https://t.co/Tpho1Qbz2M: Integrated Academic and Institutional Management Systems, responsible for managing records, grades, and personal data.
https://t.co/pcjjS2CtRp / https://t.co/PqLjOpqUR2 / sucrereview...: Internal student voting portals, exposed development or testing environments, and document review systems.
🇨🇴 2. Débora Arango University Institution Services Network (Colombia)
The list presents an extensive mapping of up to 12 subdomains of the https://t.co/2Ef5PcidbX domain and associated platforms, encompassing diverse operational flows:
Admissions and Classroom Management: https://t.co/MuR1xqhrxC and https://t.co/9QL80XWiSc.
Research, Repositories, and Publishing: https://t.co/SaIO3446uU, https://t.co/4wcxM3Tk30, https://t.co/R521JeMgoJ, and the indexed journal https://t.co/GcaH1n2f9k.
Support Systems and Culture: https://t.co/i7DqgDXCjo, https://t.co/1OqsMgvs5K, analitica..., citaci... and portals dedicated to the theater field.
🇵🇰 🇺🇦 3. Additional and International Assets
https://t.co/LuCnNNKodk (Colombia): Academic access and grade portal of the Technological University of Pereira.
https://t.co/eZCFAU83yg (Pakistan): Servers of the Bait-ul-Hamd Educational Institute.
https://t.co/EbG0dD2TOi (Ukraine): Official website of the T.G. Shevchenko Chernihiv National Pedagogical University.
🛡️ RECOMMENDED TECHNICAL RECOMMENDATIONS FOR IT TEAMS (ACADEMIC SOC)
🛑 Forensic Audit of Recent Files and HTTP Requests (SOC Action): Network administrators at affected institutions are urged to prioritize inspecting their web server access logs. Look for anomalous concurrent requests (especially POST requests) directed to common file upload folders (such as Moodle assignment directories, /uploads/, /images/, /tmp/) and to files with executable extensions like .php, .jsp, .aspx, or hidden files.
🔍 Deployment of File Integrity Monitoring (FIM): Run integrity analysis tools to scan the root directories of web platforms, isolating and immediately removing unauthorized scripts uploaded in recent weeks.
📊 MONITORING AND EVALUATION
Intelligence System: https://t.co/wk9bZJ2Nli
Quickly assess your website's security with: https://t.co/QZhWp0kFrO
#CyberSecurity #EduShell #InitialAccess #Webshell #UniversityBreach #Ecuador #Colombia #MoodleLeak #EVASucre #DeboraArango #UTP #ThreatIntelligence #CyberAlert #VECERT #Infosec #UnverifiedAccess
🚨 CYBER INTELLIGENCE ALERT / ACCESS SALES: COORDINATED ACADEMIC SECTOR — LATIN AMERICA AND INTERNATIONAL 🇪🇨 🇨🇴 🇵🇰 🇺🇦
[STATUS: INITIAL ACCESS COMPROMISED / UNCONFIRMED / SOURCE: TELEGRAM]
ACTOR CLAIMS TO POSSESS INTERACTIVE WEBSHELL-TYPE ACCESS TO MULTIPLE UNIVERSITIES AND EDUCATIONAL PORTALS
Through passive monitoring activities on cybercrime channels and Telegram access marketplaces, a post forwarded from the BABAYO ERROR SYSTEM community by the operator JAX7 has been intercepted. As visually evidenced, a threat actor identified by the alias Pimzganteng claims to possess interactive shell access (.edu shell) to a list of network infrastructures and subdomains belonging to various higher education institutions, with a strong focus on Ecuador and Colombia, as well as assets in Pakistan and Ukraine.
🏢 Allegedly Affected Entities: Instituto Tecnológico Superior Sucre (Ecuador), Escuela Superior de Débora Arango (Colombia), Universidad Tecnológica de Pereira (Colombia), Bait-ul-Hamd (Pakistan), and the National Pedagogical University of Chernihiv (Ukraine).
👤 Threat Actor / Distributor: Pimzganteng
⚔️ Potential Attack Vector: Injection or illicit loading of web scripts (malicious webshells such as PHP, JSP, or ASPX) by exploiting vulnerabilities in Virtual Learning Environments (VLEs/Moodle), remote code execution (RCE) flaws in their outdated CMS, or compromise of administration panel credentials.
🔍 Verification Status: UNCONFIRMED. The message exposes a target list, but does not include logs of executed commands, extracted source code fragments, or captures of web terminals that would validate the active intrusion. The listed institutions have not registered any official public incidents as of June 25, 2026. However, the alert is classified as Medium-High Operational Severity due to the potential use of these servers as propagation bridges.
🗂️ FORENSIC ANALYSIS OF EXPOSED ENVIRONMENTS AND SUBDOMAINS
The detailed inventory reveals the profiling and logical mapping of specific subdomains that manage academic life, data storage, and internal processes of the institutions:
🇪🇨 1. Core Infrastructure of the Instituto Tecnológico Superior Sucre (Ecuador)
The attacker lists a widespread compromise across the core domain and six critical subdomains of the network of:
https://t.co/1SwYWaUgbM:
https://t.co/a4DEtCt5Tf: Virtual Learning Environment (interactive platform for students and professors).
https://t.co/5eIICARoan / https://t.co/Tpho1Qbz2M: Integrated Academic and Institutional Management Systems, responsible for managing records, grades, and personal data.
https://t.co/pcjjS2CtRp / https://t.co/PqLjOpqUR2 / sucrereview...: Internal student voting portals, exposed development or testing environments, and document review systems.
🇨🇴 2. Débora Arango University Institution Services Network (Colombia)
The list presents an extensive mapping of up to 12 subdomains of the https://t.co/2Ef5PcidbX domain and associated platforms, encompassing diverse operational flows:
Admissions and Classroom Management: https://t.co/MuR1xqhrxC and https://t.co/9QL80XWiSc.
Research, Repositories, and Publishing: https://t.co/SaIO3446uU, https://t.co/4wcxM3Tk30, https://t.co/R521JeMgoJ, and the indexed journal https://t.co/GcaH1n2f9k.
Support Systems and Culture: https://t.co/i7DqgDXCjo, https://t.co/1OqsMgvs5K, analitica..., citaci... and portals dedicated to the theater field.
🇵🇰 🇺🇦 3. Additional and International Assets
https://t.co/LuCnNNKodk (Colombia): Academic access and grade portal of the Technological University of Pereira.
https://t.co/eZCFAU83yg (Pakistan): Servers of the Bait-ul-Hamd Educational Institute.
https://t.co/EbG0dD2TOi (Ukraine): Official website of the T.G. Shevchenko Chernihiv National Pedagogical University.
🛡️ RECOMMENDED TECHNICAL RECOMMENDATIONS FOR IT TEAMS (ACADEMIC SOC)
🛑 Forensic Audit of Recent Files and HTTP Requests (SOC Action): Network administrators at affected institutions are urged to prioritize inspecting their web server access logs. Look for anomalous concurrent requests (especially POST requests) directed to common file upload folders (such as Moodle assignment directories, /uploads/, /images/, /tmp/) and to files with executable extensions like .php, .jsp, .aspx, or hidden files.
🔍 Deployment of File Integrity Monitoring (FIM): Run integrity analysis tools to scan the root directories of web platforms, isolating and immediately removing unauthorized scripts uploaded in recent weeks.
📊 MONITORING AND EVALUATION
Intelligence System: https://t.co/wk9bZJ2Nli
Quickly assess your website's security with: https://t.co/QZhWp0kFrO
#CyberSecurity #EduShell #InitialAccess #Webshell #UniversityBreach #Ecuador #Colombia #MoodleLeak #EVASucre #DeboraArango #UTP #ThreatIntelligence #CyberAlert #VECERT #Infosec #UnverifiedAccess
🚨ALERTA CSIRTPONAL – Boletín No. 028-2026 (TLP: GREEN)📷“Malware circulando en la Red” correos con asunto “Comunicación oficial: Designación Jurado de Votación”, están suplantando a la Registraduría Nacional del Estado Civil.📷https://t.co/OMmtYjVpms #CSIRTPONAL#Ciberseguridad
.@QuinteroCalle empezó a hacer de las suyas.
Recien llegado modificó el manual de funciones de @Supersalud para contratar a un arquitecto -¿quién será?- como asesor del despacho por $14 M al mes.
¿Para suplir su falta de conocimiento en salud se asesorará con un arquitecto?
@qarthadashh@CSIRTPONAL@ing_juani7a No, es traducir, por algo es el csirt, donde se basan todos los csirt de las empresas y toman esos indicadores de compromiso y configuran en bloqueo en sus herramientas de seguridad. La información más ligera está en el CAI virtual
Un 2026: por Colombia.
Por volver a vivir sin miedo, por familias protegidas y por un país donde la ley se respete.
Me comprometo a recuperar el orden y la tranquilidad que nos arrebataron.
Porque Colombia merece algo mejor.
🚨 #Tykit phishing kit is stealing Microsoft 365 credentials using malicious SVG files and bypassing MFA through #AitM attacks.
Learn how this #PhaaS works, who's being targeted, and how to defend your organization: https://t.co/TvGzqqtX3o
@SoyJerome__@grok explícame esto: Qué raro. Llevan todo el día diciendo que miento pero no he visto a nadie que responda la pregunta de cuánto es el valor mínimo de las rentas vitalicias, y de qué pasa con el ahorro del afiliado que fallece mientras está recibiendo su renta.