Edu Vargas

🇺🇾 A threat actor is claiming to sell multiple databases allegedly tied to Uruguay’s Ministry of Education and Culture scholarship platform “Butiá,” with references to citizen and family-member records. According to the underground post, the claimed exposure includes: • national ID numbers (Cédula) • names and surnames • dates of birth • gender information • family relationships • addresses • phone numbers • scholarship-related records • family circle mappings What makes this case particularly sensitive is the relational structure of the alleged data. This is not just individual records — the actor claims the datasets map entire family relationships tied to scholarship recipients. That dramatically increases the potential impact because attackers can use relational datasets for: • identity fraud • social engineering • account recovery abuse • impersonation • phishing personalization • government-benefit fraud • synthetic identity creation Another important observation: the threat actor attempts to publicly humiliate the target by claiming the government site was “AI-generated” or poorly developed. We are increasingly seeing underground actors use: • mockery • public shaming • reputational attacks • political narratives alongside monetization attempts. This reflects how modern cybercrime increasingly overlaps with: psychological operations, hacktivism, and attention-driven underground branding. The actor also references: • JSON exports • SQLite databases • public release threats • staged disclosure tactics • Telegram-channel growth incentives That last point is important. Some cybercriminal groups now use leaked government or citizen data not only for profit, but also as a mechanism to: • grow underground communities • build influence • increase credibility • attract affiliates • amplify visibility before larger releases From a defensive perspective, education and scholarship systems are often underestimated attack surfaces. However, they frequently contain: • highly sensitive citizen records • minors’ information • family relationships • socioeconomic data • identity documentation • payment or benefits workflows And because these systems are commonly interconnected with: • government identity services • citizen registries • educational portals • authentication platforms • financial assistance systems a compromise can create cascading downstream risks. Another major issue: relational citizen datasets have long-term value on underground markets because they enable attackers to build highly accurate identity profiles over time. Even years after the initial leak, such data can still fuel: • fraud operations • credential attacks • telecom scams • targeted phishing • SIM swap attempts • banking impersonation Organizations operating public-sector citizen services should prioritize: • segmentation of citizen databases • strict access control policies • continuous monitoring for exposed backups • database activity monitoring • API security reviews • encryption of sensitive fields • secure development lifecycle enforcement • dark web monitoring for leaked government datasets Most importantly: citizen-data systems should assume eventual exposure attempts and adopt architectures that minimize the blast radius of any single compromise. As always, claims on underground forums should remain considered unverified until independently validated. However, incidents involving: government platforms + citizen identity data + family relationship mapping should always be treated as high-priority due to their potential long-term societal impact. 🇺🇾 #DDW #Intelligence #CyberSecurity #DarkWeb #DataLeak #Uruguay #GovernmentSecurity #ThreatIntelligence #CyberCrime #OSINT

🚨 CYBER INTELLIGENCE ALERT: ALLEGED COMPROMISE OF CIVIL IDENTITY — URUGUAY 🇺🇾 ⚠️ HIGH THREAT: ACTOR CLAIMS RELEASE OF 5.8 MILLION DNIC RECORDS [STATUS: THREAT UNDER INVESTIGATION / UNCONFIRMED / DISPUTED ACTORS / ACTIVELY MONITORING] The threat actor, fully identified under the alias LaPampaLeaks, has announced the release and download of the complete database of Uruguay's National Directorate of Civil Identification (DNIC). The clandestinely distributed batch allegedly contains more than 5.8 million records of Uruguayan citizens born up to early 2020. According to the manifesto, the data was originally extracted through the abuse and mass scraping of an external institutional API that lacked request rate limits. 🎯 Affected Entity: National Directorate of Civil Identification of Uruguay (DNIC - Ministry of the Interior). 👤 Threat Actor: LaPampaLeaks / PampaLeaks. 📂 Volume and Format: 5.8 million individual records (5.8M). ⚠️ Verification Status: SUSPECTED / UNDER STRICT INVESTIGATION. The incident remains unconfirmed by the authorities. The announcement comes amidst a disinformation campaign, reputational disputes (egos) between local hacktivist groups ("Expresidents" vs. "PampaLeaks"), and coordinated blocking of their communication infrastructure by international law enforcement agencies (Interpol). 📊 ANALYSIS OF ALLEGED RISK FIELDS AND VARIABLES Despite its unverified status, the described data structure represents an imminent risk of identity fraud at the national level if the data dump is authentic: 🆔 Critical Identity Correlation: The batch directly exposes the National Identity Card Number (ID Number) uniquely correlated with the citizen's full name. Spanning 5.8 million entries, the file would contain virtually all valid national identity card numbers of the current Uruguayan civilian population. 🎯 Automation of Government Procedures: The attacker explicitly states that the leak is designed to allow secondary actors to complete fraudulent procedures on Uruguayan government websites that only require simple validation of the ID number and full name to authorize access or manage citizen services. 🛡️ MITIGATION AND PREVENTIVE TECHNICAL RECOMMENDATIONS 🛑 Blocking and Disabling Exposed Channels: Register and block Telegram addresses, users, and Signal channels linked to the actor at the perimeter of corporate and institutional firewalls to prevent unauthorized communications or the downloading of logical database components. 🔒 Strengthening Government Portals (Agesic / DNIC): Uruguayan state agencies are urgently urged to abandon the exclusive use of the "National Identity Card + Full Name" combination as sufficient to validate a citizen's identity in online procedures, mandating the adoption of strong authentication mechanisms such as the TuID system or physical cryptographic keys. ⚡ MONITORING AND EVALUATION 🌐 Intelligence System: https://t.co/wk9bZJ2Nli 🛡️ Quickly assess your website's security with: https://t.co/YnDw1QjN9c #CyberSecurity #Uruguay #DNIC #DataLeak #LaPampaLeaks #PampaLeaks #IdentityTheft #ScrapingAPI #TelegramTakedown #ThreatIntelligence #CyberAlert #VECERT #Infosec #UnverifiedBreach

🏴‍☠️ AHORA - PAMPA LEAKS ✔️La Pampa Leaks acaba de publicar en la dark web otro supuesto hackeo a la Direccion Nacional de Identificación Civil con los nombres completos y la cédula de identidad de 6.385.000 documentos asignados pertenecientes a 5.800.000 personas registradas en Uruguay. ✔️También grabó un video de cómo llegó a los usuarios, por ejemplo, del ex presidente Lacalle Pou, y lo publicó en la dark web.

⚠️ Unauthorized Group Gains Access to Anthropic's Exclusive Cyber Tool Mythos Source: https://t.co/akzEU9Xvwa A group of unauthorized users has reportedly breached access controls surrounding Claude Mythos Preview, Anthropic's powerful and closely guarded AI-driven cybersecurity tool, raising serious concerns about third-party vendor security and the risks of placing advanced offensive AI capabilities in the wrong hands. The model, deployed under Anthropic's Project Glasswing initiative, is capable of discovering zero-day vulnerabilities across major operating systems and web browsers, chaining software bugs into multi-step exploits, a feat previously achievable only by the most skilled human hackers. #cybersecuritynews #Anthropic

⚠️ Claude Desktop Reportedly Adds Browser Access Bridge to Multiple Chromium-Based Browsers Source: https://t.co/JXCu1Na2FV A recent technical audit by privacy researcher Alexander Hanff has revealed that Anthropic's Claude Desktop application for macOS silently installs a Native Messaging bridge into the directories of several Chromium-based browsers. This undocumented behavior occurs without user consent, raising significant privacy and security concerns within the cybersecurity community. When a user installs Claude Desktop (Claude.]app), the application automatically places a Native Messaging manifest file named com.anthropic.claude_browser_extension.json into the application support folders of up to seven Chromium-based browsers, including Chrome, Brave, Edge, Arc, Vivaldi, and Opera. #cybersecuritynews #claude

Un gran problema seguir teniando la app de la app de la app. Para iniciar el trámite necesitas https://t.co/MXMdrHHVKd pero para sacar la cita tu app uy y ahora vas a necesitar otra más? Es genial la necesidad de hacer aplicaciones que tienen. Que sea una con todo unificado y segura.

📌Anthropic Accuses Chinese Firms of Stealing Claude AI Data Source: https://t.co/61iWsYXy9U Anthropic today accused three prominent Chinese artificial intelligence companies, DeepSeek, Moonshot AI, and MiniMax, of running coordinated “distillation” campaigns to steal advanced capabilities from its Claude models. The San Francisco-based lab said the operations involved roughly 24,000 fraudulent accounts and generated more than 16 million exchanges with Claude, in violation of its terms of service and regional access restrictions. The company said the labs used proxy services and networks of fake accounts dubbed “hydra clusters” to mask their activity and evade detection. #cybersecuritynews

🔻 Cybersecurity Companies’ Stocks Fall Sharply as Anthropic Releases Claude Security Tool Source: https://t.co/uzV0yPmVvS Shares of major cybersecurity companies nosedived on Friday after AI startup Anthropic unveiled Claude Code Security, a new AI-powered tool capable of autonomously scanning codebases for software vulnerabilities and suggesting targeted patches, sparking fears that artificial intelligence could begin displacing traditional enterprise security solutions. Anthropic announced Claude Code Security on February 19, 2026, as a new capability built directly into its Claude Code platform on the web, currently available in a limited research preview for Enterprise and Team customers. #cybersecuritynews

🔑25 Vulnerabilities in Cloud Password Managers Allow Unauthorized Access and Modifications Source: https://t.co/Rs3dMe48zf 25 critical vulnerabilities in three leading cloud-based password managers: Bitwarden, LastPass, and Dashlane enable a malicious server to bypass zero-knowledge encryption claims, allowing unauthorized access, modification, and recovery of users' stored passwords and vault data. Bitwarden, LastPass, and Dashlane collectively serve over 60 million users and hold significant market share. The analysis targets their client-server interactions under a fully malicious server threat model, where servers deviate arbitrarily from protocols. #cybersecuritynews #passwordmanagers

⚠️ Instagram Data Leak Exposes Sensitive Info of 17.5M Accounts Source: https://t.co/3vPNLgpwnG A significant security breach has compromised approximately 17.5 million Instagram user accounts, exposing sensitive personal information that is now circulating on the dark web. The breach encompasses a wide range of personal information that could put affected users at serious risk. Compromised data includes usernames, email addresses, phone numbers, and physical addresses. This combination of information makes users particularly vulnerable to identity theft, phishing, and social engineering. #cybersecuritynews #databreach