El M10 🏴‍☠️

🇲🇽 Mexico - COVID-19 Vaccination Database Allegedly Exposed A threat actor is advertising a database allegedly containing records of individuals vaccinated against COVID-19 in Mexico between 2021 and 2023. According to the forum post: * Claimed database size: 15 GB * Alleged record count: More than 20 million entries * Claimed coverage period: 2021–2023 * Geographic scope: Nationwide Mexico * Data is being distributed through external download channels If authentic, the dataset could contain sensitive healthcare-related information associated with vaccination campaigns conducted during the COVID-19 pandemic. Potential risks include: * Exposure of personal health information * Identity theft and fraud * Targeted phishing campaigns * Social engineering attacks * Government impersonation scams * Privacy violations involving medical records * Large-scale profiling of affected individuals Healthcare and vaccination datasets are particularly sensitive because they often combine personal identifiers with medical or public health information, increasing their value to threat actors. At the time of reporting, the authenticity of the dataset, the claimed record count, and the alleged source remain unverified. Analyst Note: Large COVID-19-related datasets have frequently circulated within cybercriminal communities since the pandemic. Claims involving tens of millions of records should be independently validated before attributing the data to a government system or concluding that the information is newly exposed. #DDW #Intelligence #DarkWeb #Mexico

🇲🇽 Mexico - ISSSTE National Database Allegedly Exposed A threat actor has published what appears to be a large dataset allegedly associated with Mexico's Instituto de Seguridad y Servicios Sociales de los Trabajadores del Estado (ISSSTE), one of the country's largest public healthcare and social security institutions serving government employees and retirees. According to the forum post: * Claimed dataset size: Approximately 25 million records * Alleged source: ISSSTE-related personnel database * Exposed fields reportedly include: * Full name * Paternal surname * Maternal surname * Employment designation * Gender * Salary information * Employment branch * Entity/organization * Service modality * Sector classification If authentic, this dataset could provide extensive insight into public sector personnel records and compensation data across multiple government entities. Potential risks include: * Identity theft and fraud * Targeted phishing and social engineering * Government employee profiling * Insider threat targeting * Financial and privacy risks for affected individuals * Intelligence gathering against public sector personnel At the time of reporting, the authenticity and scope of the alleged dataset remain unverified. Independent validation would be required to determine whether the records are legitimate, current, and directly sourced from ISSSTE systems. Analyst Note: Large government personnel databases are frequently recycled, repackaged, or aggregated from multiple historical sources. Record count claims should be treated cautiously until independently verified. #DDW #Intelligence #DarkWeb #Mexico

🚨🇲🇽 A threat actor known as rose11 is distributing a dataset allegedly tied to the SPF (Secretaría de Seguridad Pública), a Mexican government public security body, claiming the leak targets police officers and Guardia personnel. Allegedly exposed data includes: • IDs, RFC, and CURP numbers • Full names • Police / Guardia affiliation • State and location data • Category and other classification fields • Emails, phone numbers, and addresses (in some files) • Admin credentials (mostly hashed) Claim is unverified. 💥 Stop guessing what's redacted. Paid subscribers see everything: https://t.co/281Qjc6p2J

Buenos días a todos menos prácticamente a todo el país. Pues así es como se ofrecen las bases de datos que incluyen a varios MILLONES DE PERSONAS en foros de ciberdelincuencia. Algunas de estas bases llevan años filtradas, otras apenas fueron expuestas en días pasados, pero sin duda todas representan un peligro. Hablamos desde IMSS Bienestar hasta Cruz Roja, INE, SEP, C4 de Guanajuato, licencias de Yucatán, Guardia Nacional y bueno, prácticamente todas las que les he informado aquí. Y ya las intercambian como si fueran estampitas de Panini...

🚨 ALERT - A critical Splunk Enterprise flaw can go from “no login required” to remote code execution. Tracked as CVE-2026-20253, the bug carries a 9.8 CVSS score and affects vulnerable Splunk Enterprise servers through exposed PostgreSQL sidecar endpoints. The exploit chain is now public. Read the full story: https://t.co/arMFjVVt10

🚨 CYBER INTELLIGENCE ALERT: 🇪🇸 [UNCONFIRMED / CRITICAL] SALE OF ACCESS TO PUBLIC ADMINISTRATION — SPAIN [STATUS: UNCONFIRMED L] A recent post has been detected on underground forums by the threat actor calling himself "kr0x6," announcing the sale of exclusive access to the infrastructure of an entity belonging to the Spanish Public Administration. Threat Actor: kr0x6 Target: Unspecified entity of the Spanish Public Administration 📂 Details of the Level of Compromise (Access and Exfiltrated Data) The perpetrator claims to have deep control over the institution's systems, exposing critical vectors for financial and operational manipulation: Infrastructure Access: Remote Code Execution (RCE) capability and compromised access to the webmail system. Financial Systems: Direct access to the entity's internal payment and billing programs. Data Exfiltration: Database dump consisting of 179 tables and 45.3 GB of compressed files, which include invoices and user/citizen records. Cryptographic Compromise: Theft of the official electronic certificate used by the entity to sign invoices submitted to the Spanish Tax Agency. ⚠️ Security Considerations and Imminent Risk Direct SEPA Fraud: The attacker explicitly states that, from the compromised payment program, it is possible to modify the bank details of employees or suppliers to divert funds via SEPA transfers. The attacker estimates that up to $91,000 USD can be diverted immediately. Tax Institutional Impersonation: The theft of the official electronic certificate allows the purchaser of this access to impersonate the digital identity of the affected public administration. This facilitates the commission of large-scale tax fraud, the issuance of false invoices, or the alteration of tax records with complete technical and cryptographic legitimacy. 🛡️ Recommended Actions (Strategic and Defensive Levels) Blocking and Auditing SEPA Transfers: Spanish public entities must immediately implement a two-factor authentication protocol (manual approval) for any recent changes to the destination bank accounts (IBANs) linked to employee payroll or supplier payments. Preventive Certificate Revocation: Audit the use of electronic certificates (such as those issued by the FNMT) linked to invoicing with the Tax Agency. If anomalous signatures, access, or connections are detected, the compromised certificate must be revoked immediately. VECERT TOOLS Strategic Monitoring Tools & Intelligence Platform: 🌐 https://t.co/wk9bZJ3laQ Security Verification & Monitoring: 🛡️ https://t.co/5LuqwzZ2HE #CyberSecurity 🔐 #Spain 🇪🇸 #InitialAccessBroker 🏴‍☠️ #SEPAFraud 💸 #DataBreach 📁 #ThreatIntelligence 📊 #VECERT 🏢

🇪🇸 Spain - Public Administration A threat actor is advertising alleged access to a Spanish public administration environment, claiming control over multiple internal government systems. According to the listing, the actor possesses: * Remote Code Execution (RCE) * Database dump containing 179 tables * Government webmail access * 45.3 GB of internal files * Access to payment and invoice systems * Electronic certificates used for tax-related submissions The seller further claims the compromised environment could be used to modify employee payment data and redirect SEPA transactions. The access is being offered for $14,500 and is reportedly being sold to a single buyer. Daily Dark Web has not independently verified the authenticity of the claims. Analyst Note: Government access sales involving financial systems and digital signing certificates can present substantial operational and fraud risks. Compromise of trusted signing infrastructure may have consequences beyond data exposure, potentially impacting financial transactions and administrative processes. #DDW #Intelligence #DarkWeb #Spain

🚨Cyber Alert ‼️ 🇪🇸Spain - 𝗚𝗿𝘂𝗽𝗼 𝗡𝘂𝗲𝘃𝗮 𝗣𝗲𝘀𝗰𝗮𝗻𝗼𝘃𝗮 Dire Wolf hacking group claims to have breached Grupo Nueva Pescanova. The threat actor alleges the exfiltration of 300 GB of data, including corporate documents, financial and legal records, database backups, employee and customer data, and personal information. Threat actor: Dire Wolf Sector: Manufacturing Data exposure (claimed): 300 GB of data Data type: Internal documents, financial documents, legal documents, design drawings, database backups, employee records, audit documents, customer data, tax filing documents, financial records, personal information Observed: Jun 12, 2026 Status: Pending verification ESIX©: 5.40 Full details and impact assessment on https://t.co/eB7qgxKFAa

🇲🇽 Mexico - Universidad Politécnica de Querétaro (UPQ) Data Allegedly Exposed A threat actor is advertising an alleged administrative dataset associated with Universidad Politécnica de Querétaro (UPQ), a public university in Mexico. According to the listing, approximately 5,185 records were exposed from university career-development and alumni systems. The allegedly compromised data includes: * Full names * Personal email addresses * Mobile phone numbers * Registration IDs * Employment information * Academic program details * Professional interests * Full CVs and resumes * Work history and skills data * Administrative records and timestamps If authentic, the exposure could facilitate recruitment fraud, identity theft, social engineering, and targeted phishing campaigns against students, graduates, and university affiliates. Daily Dark Web has not independently verified the authenticity of the dataset or the claims made by the threat actor. Analyst Note: Career services platforms often contain highly detailed personal and professional profiles, making them attractive targets for cybercriminals seeking data for employment-related fraud and spear-phishing operations. #DDW #Intelligence #DarkWeb #Mexico

🇲🇽 Mexican Government Education Database Allegedly Offered for Sale A threat actor is advertising an alleged database associated with https://t.co/0nR4NlD0iX, a website linked to the Ministry of Education of the State of Quintana Roo, Mexico. According to the listing, the exposed data may include: * User identifiers * Email addresses * Phone numbers * Usernames * Password-related fields * API tokens * Last login information * Authentication tokens The sample shared by the seller appears to contain application database records commonly associated with web-based user management systems. At the time of writing, Daily Dark Web has not independently verified the authenticity of the dataset or whether the information originated from https://t.co/0nR4NlD0iX systems. Analyst Note: Government-sector database exposures containing authentication-related fields such as API tokens and session tokens may present a greater risk than standard user information leaks, particularly if any credentials or tokens remain active. #DDW #Intelligence #DarkWeb #Mexico