Diego Chablay

CYBER INTELLIGENCE ALERT: ALLEGED COMPROMISE OF ECUADOR'S NATIONAL ELECTORAL COUNCIL (CNE) 🇪🇨 [STATUS: UNCONFIRMED / DATA EXFILTRATION] A possible intrusion into the systems of Ecuador's National Electoral Council (CNE) has been detected, attributed to the threat actor "L4TAMFUCK3RS" (username GordonFreeman). The incident represents a direct threat to the integrity of the electoral register. 👤 Threat Actor: L4TAMFUCK3RS / GordonFreeman 📊 Alleged Scope: Full access to the CNE's internal network (https://t.co/15A66dHc0O), including SSH access and the exfiltration of 13,504,210 valid voter records. ⚠️ Operational Capabilities: The actor claims to have the ability to add, modify, or delete voter records, which could facilitate electoral fraud and the injection of "phantom voters." Technical Details and Impact 🔍 Access to administrative consoles Viewing internal network diagrams and operational flowcharts. SQL commands confirming a query to the citizens_registration table with a count of 13,504,210 records. Installation of persistence mechanisms and backdoors to ensure continuous access to the systems. Backup poisoning. Complete deletion of the voter registry. Massive inflation of the database with false records. Permanent destruction of all compromised systems. Mitigation Recommendations 🛡️ Emergency Audit: The National Electoral Council (CNE) must immediately initiate incident response protocols, prioritizing the closure of unauthorized SSH access and the revocation of compromised credentials. System Isolation: Disconnect the results transmission and consolidation systems (vote counting) if interconnection with the compromised registry is confirmed. Integrity Verification: Conduct a thorough audit of the database backups to ensure they have not been manipulated or injected with malicious data. Strategic Monitoring Tools 🌐 💻 Intelligence Platform: https://t.co/wk9bZJ2Nli 🛡️ Security Verification: https://t.co/5LuqwzYuS6 #CyberSecurity #Ecuador #CNE #DataBreach #ElectoralIntegrity #ThreatIntelligence #CyberAlert #VECERT #UnderInvestigation

🚨 CYBER INTELLIGENCE ALERT: ALLEGED SOURCE CODE COMPROMISE - SEGUROS LA UNIÓN 🇪🇨 [STATUS: BACKUP FILES OBSERVED IN SAMPLE IMAGES/ NO OFFICIAL CONFIRMATION] The threat actor identified by the alias V0lt4r0x has announced the exfiltration and publication of the complete source code of the CRM/Intranet system of the insurance company Seguros La Unión in Ecuador. The leaked batch exposes the internal structure of the application based on the Group-Office environment. Critically, the publication includes the system's root configuration file, exposing production credentials in plain text for the corporation's data stores and messaging relays. 🎯 Affected Entity: Seguros La Unión (Ecuador) 👤 Threat Actor: V0lt4r0x 📂 Compromised Assets: PHP source code repository for the CRM software (intranetlaunion) and the critical configuration file config. php. ⚠️ Status: . Visual evidence shows the complete production backend directory tree (controller, modules, views, vendor), as well as lines of code from the configuration file that point to real servers and databases under the geographic region configuration (America/Guayaquil). 📊 TECHNICAL ANALYSIS OF EXPOSED CREDENTIALS Analysis of the captured config.php file from the corporate intranet reveals a complete breach of critical authentication factors: 📧 Mail Server Compromise (SMTP Relay): 🗄️ Relational Database Compromise: Engine/Port: MySQL/MariaDB 🛡️ URGENT MITIGATIONS AND TECHNICAL RECOMMENDATIONS 🛑 Immediate Rotation of Network Credentials: The Seguros La Unión infrastructure and security team is urged to urgently change the password for the admin email account on the corporate mail server 🔒 Database Lock and Reset: Change the root user password for the production database and temporarily disable any communication or tunneling that exposes port 3306 to uncontrolled external interfaces. 🔍 Domain Reputation Monitoring: Monitor outgoing email logs and the behavior of institutional IPs to detect mass message bounces or spam blacklist alerts. ⚡ MONITORING AND EVALUATION 🌐 Intelligence System: https://t.co/wk9bZJ2Nli 🛡️ Quickly assess your website's security with: https://t.co/YnDw1QjN9c #CyberSecurity #Ecuador #SegurosLaUnion #SourceCodeLeak #CRM #SMTPLeak #DatabaseCompromise #GroupOffice #ThreatIntelligence #CyberAlert #VECERT #Infosec

If you use TikTok, you should read this once. In October 2024, a court clerk in Kentucky uploaded the lawsuit against TikTok with the confidential sections still visible. NPR downloaded it before anyone caught the mistake. By the time the court resealed it, the internet had a copy. What was inside was TikTok's own engineers, in their own words, describing what their app does to a human brain. Not a critic's brain. Yours. Here is what they wrote down. — TikTok ran the math on how long it takes to develop "compulsive use" of the app. The number is 260 videos. With 8-second videos played in rapid-fire succession, that works out to roughly 35 minutes. The company's internal documents call this the compulsive-use threshold. — TikTok's own research describes what compulsive use causes: "diminished analytical ability, impaired memory, contextual reasoning, conversational depth, empathy, and heightened anxiety." That is not a quote from a critic. That is TikTok's own language, in its own internal documents. — A team inside the company called "TikTank" wrote in an internal report that compulsive use on the platform was "rampant." — After 30 minutes of continuous use in one sitting, the company's own documents state that users are placed into "filter bubbles" — algorithmic loops the user did not choose and cannot easily escape. Then there is the screen-time tool — the one TikTok publicly markets as proof it cares. — TikTok ran an experiment on the 60-minute screen-time prompt. Daily teen usage dropped from 108.5 minutes to 107. A reduction of 1.5 minutes. — Internally, the screen-time tool was not measured by whether it reduced screen time. Its top success metric, in writing, was "improving public trust in the TikTok platform via media coverage." — A project manager wrote in internal chat: "Our goal is not to reduce the time spent." Another employee added that the goal was "to contribute to daily active users and retention." — A TikTok executive approved the screen-time feature only on the condition that its impact on the company's "core metrics" was minimal. The lawsuit alleges the company planned to "revisit the design" if the tool ever reduced usage by more than 10%. The "Are you still scrolling?" break videos? An executive admitted in an internal meeting they were "useful talking points" for lawmakers, but "not altogether effective." Then there is the algorithm itself. — An internal report flagged that the For You feed was showing what the company called "a high volume of not attractive subjects." TikTok then retooled the algorithm to suppress those users. Kentucky authorities wrote: "By changing the TikTok algorithm to show fewer 'not attractive subjects' in the For You feed, [TikTok] took active steps to promote a narrow beauty norm even though it could negatively impact their Young Users." That sentence is the entire pitch of the platform, said out loud. — Internally, TikTok also acknowledged that its publicly reported content moderation metrics were "mostly misleading," because they only measured the content the company successfully moderated — never the content it missed. Now read those bullet points again as one continuous case. The company knows the addiction threshold. The company measured it. The company ranked engagement over mental health in writing. The company built a screen-time tool whose internal success metric was PR. The company suppressed people it deemed unattractive to keep you scrolling. The company called its own moderation numbers misleading. None of this is a leaked rumor. None of this is a journalist's interpretation. This is a court filing. The documents are TikTok's. The words are TikTok's. The math is TikTok's. The 14 state attorneys general who signed onto this lawsuit aren't fringe activists. They're a bipartisan coalition. Sources at the bottom: NPR, CNN, AP, Mashable, OPB, The Independent. All citing the same accidentally-unsealed Kentucky filing from October 11, 2024. The next time the company tells you it cares about your wellbeing — the screen-time prompts, the break videos, the safety features, the careful PR statements — remember that its own engineers wrote down, in court-admissible language, that the safeguards were never meant to work. The app is not broken. It is performing exactly as designed. You were the spec.

‼️🇪🇨 Banco de Machala, an Ecuadorian bank, has allegedly been breached, with over 100,000 biometric customer records leaked for free. ⠀ ‣ Threat Actor: GondorPe ‣ Category: Data Leak ‣ Victim: Banco de Machala ‣ Industry: Banking / Finance ⠀ The actor claims the bank's biometric authentication system was compromised, granting full access to the customer database and image repository, which was reportedly stored without proper protection. ⠀ What's in it: ⠀ ▪️ 100,000+ biometric records of customers ▪️ Biometric photographs (full face) of all customers as of May 1, 2026 ▪️ Photographs of identity cards ▪️ Full names ▪️ ID numbers ▪️ Face photos linked to each ID number ▪️ Files distributed in JPG format

🚨 CRITICAL CYBER THREAT ALERT: MASSIVE BIOMETRIC DATA EXFILTRATION – BANCO DE MACHALA (ECUADOR) 🇪🇨🏦👤🔓 A data leak of extreme severity affecting the Banco de Machala in Ecuador has been detected. The threat actor GondorPe claims to have breached the institution's biometric authentication system, gaining full access to the customer database and the image repository—which, according to the attacker, lacked adequate protection. 🏢 Affected Entity: Banco de Machala, Ecuador. 👤 Threat Actor: GondorPe 📂 Leak Volume: Over 100,000 biometric records and more than 2GB of information. 📅 Data Date: Information current as of May 1, 2026. 📊 Breach Scope (Biometric Data and PII) The exposed information is of a critical nature, as it includes immutable physical identity elements: Biometric Photographs: Full-face images of all customers. Identity Documentation: Photographs of users' national ID cards. Personally Identifiable Information (PII): Full names and national ID numbers. Data Linkage: Facial photographs directly linked to each identification number. Format: Image files in JPG format. 🛡️ Immediate Response Recommendations 🔒 Validation Module Audit: Banco de Machala must immediately review its identity validation module and the encryption of its image repositories to close the access gap. 🔑 Authentication Strengthening: Implement additional authentication factors that do not rely exclusively on facial biometrics, such as physical tokens or electronic signatures. Monitor: https://t.co/wk9bZJ2Nli #CyberSecurity #Ecuador #BancoDeMachala #BiometricLeak #DataBreach #Machala #VECERT #InfoSec #Unverified 🇪🇨🛡️⚠️🚨👤

🔥 La Universidad de Salamanca liberó estos cursos… y no son los típicos. Hacking, IA, Dark Web, ciberseguridad… son gratuitos y hasta el Certificado lo es. Pero aquí viene lo interesante: 👉 Dentro del enlace también tienes: 💼 Un *empleo remoto* moderando un chat en español ($15/h) 🤖 5 guías prácticas de Inteligencia Artificial 🎁 Regalos digitales extra que no vas a encontrar en Google https://t.co/s5MXscWfqJ 🔁 Compártelo con alguien que debería ver esto.

Claude está ofreciendo 13 cursos y certificaciones de IA. Todos gratis. Aquí tienes los 13 enlaces (+ mis propias guías): Ve a cada enlace de abajo. Inscríbete. Es gratis. --- 1 - Claude 101. Aprende Claude para el trabajo diario. ↳ https://t.co/XtZMK2ordb 2 - AI Fluency: Frameworks & Foundations. ↳ https://t.co/9XCnzkCILu 3 - Introduction to Agent Skills. ↳ https://t.co/YUT4BQ9iMM 4 - Building with the Claude API. ↳ https://t.co/NDblUi1ksd 5 - Claude Code in Action. ↳ https://t.co/bP7aMJRFYq 6 - Intro to Model Context Protocol. ↳ https://t.co/R4pUZ7zz6w 7 - MCP: Advanced Topics. ↳ https://t.co/1Jt7tKWh4U 8 - AI Fluency for Students. ↳ https://t.co/ROmyOqGtqi 9 - AI Fluency for Educators. ↳ https://t.co/c0nqSjcI8l 10 - Teaching AI Fluency. ↳ https://t.co/rF2jHpG8Ey 11 - AI Fluency for Nonprofits. ↳ https://t.co/zUUsy7Zwvi 12 - Claude con Amazon Bedrock. ↳ https://t.co/FaK96tiKHJ 13 - Claude con Google Cloud Vertex AI. ↳ https://t.co/QMCmKj7yOw --- Los cursos oficiales están bien. Pero son teóricos. Dos veces por semana comparto guías prácticas con IA en mi newsletter Todo esto es gratis. Así puedes acceder: 1. Ve a https://t.co/kNRflSOQXO y añade tu email. 2. En el sitio tienes todos los artículos anteriores y recibirás los próximos por correo.