Itlabsecurity

ClickFix just leveled up. One user-pasted command now drops scheduled task persistence + PySoxy (a 10-year-old open-source Python SOCKS5 proxy) for encrypted backup access. Blocking the first C2? Doesn’t stop it — the task keeps retrying for hours. Read: https://t.co/YYKwKrR2Qz

🎉 New DFIR Labs case drops this weekend! ClickFix → RomComRAT → Domain Compromise (Private Case #35646) ⚠️ Hard | 🎯 30 Qs + 5 bonus Nine-day op: fake CAPTCHA lure, custom RAT implants, credential theft, mass exfil. 🆕 New Splunk + Elastic dashboards included. 🎁 Launch weekend = giveaways + 10% off discount code Join our Discord for the code, prizes, and challenge details 👇 https://t.co/8vvvgTYE5u

🚨 CRITICAL CYBER THREAT ALERT: SECOND ALLEGED EXFILTRATION OF CITIZEN DATA – NATIONAL REGISTRY OF COLOMBIA 🇨🇴🏛️📂🔓 The offering for sale of a second massive database belonging to the official portal of the National Registry of Civil Status of Colombia (https://t.co/Y37MP4vkc7) has been detected. Threat actor NyxarGroup—in collaboration with the profiles Petro_Escobar, CryptoDead, and ArcRaidersPlayer—claims that this batch corresponds to a new leak resulting from their recent operations against Colombian state infrastructure. - UNVERIFIED 🏢 Affected Entity: National Registry of Civil Status, Colombia. 👤 Threat Actor: NyxarGroup and associates. 📂 Asset Type: Citizen Database (EfeData). 📅 Publication Date: May 2, 2026. 📊 Breach Scope (PII and Identification Data) The provided sample reveals the exposure of highly sensitive personal information fields that enable the unequivocal identification of citizens: NUIP: Unique Personal Identification Number (National ID/Cédula). Full Identity: First and last names (first and second surnames). Direct Contact: Mobile and landline telephone numbers. Geolocation: Detailed residential addresses (e.g., neighborhoods such as Bosa, Pontevedra, El Dorado). Digital Information: Personal email addresses. Administrative Data: Municipalities of issuance and residence, document issuance dates, and web status records. 🛡️ Immediate Response Recommendations 🔒 "EfeData" Infrastructure Audit: The National Registry is urged to investigate the security of its data modules (identified within the structure as data.EfeData) to halt this recurring data exfiltration. 🔑 Citizen Security Alerts: Colombian citizens are advised to remain vigilant regarding any unsolicited administrative procedures and to change the passwords for their linked email accounts. Monitor: https://t.co/wk9bZJ2Nli #CyberSecurity #Colombia #Registraduria #DataBreach #NUIP #Cédula #NyxarGroup #VECERT #InfoSec #CyberAlert 🇨🇴🛡️⚠️🚨🏛️

🧰 𝗠𝗨𝗦𝗧-𝗛𝗔𝗩𝗘 𝗕𝗨𝗥𝗣 𝗦𝗨𝗜𝗧𝗘 𝗘𝗫𝗧𝗘𝗡𝗦𝗜𝗢𝗡𝗦 𝗙𝗢𝗥 𝗪𝗘𝗕 𝗣𝗘𝗡𝗘𝗧𝗥𝗔𝗧𝗜𝗢𝗡 𝗧𝗘𝗦𝗧𝗜𝗡𝗚 ━━━━━━━━━━━━━━━━━━ 🔐 𝗔𝗨𝗧𝗛𝗢𝗥𝗜𝗭𝗔𝗧𝗜𝗢𝗡 & 𝗔𝗖𝗖𝗘𝗦𝗦 𝗖𝗢𝗡𝗧𝗥𝗢𝗟 • BurpLay → replay requests to detect privilege escalation • AuthMatrix → test access across roles • Autorize → auto-detect authorization flaws • Auth Analyzer → test with custom tokens • Burp SessionAuth → session-based privilege issues • Authz → quick authorization testing ━━━━━━━━━━━━━━━━━━ 🔁 𝗥𝗘𝗤𝗨𝗘𝗦𝗧 𝗔𝗨𝗧𝗢𝗠𝗔𝗧𝗜𝗢𝗡 • AutoRepeater → automate request replay + diff • IncrementMe Please → auto-increment parameters ━━━━━━━━━━━━━━━━━━ 🔍 𝗥𝗘𝗖𝗢𝗡 & 𝗗𝗜𝗦𝗖𝗢𝗩𝗘𝗥𝗬 • LinkFinder → extract endpoints from JS • JS Miner / JS Parser → find sensitive data in JS ━━━━━━━━━━━━━━━━━━ 🔐 𝗧𝗢𝗞𝗘𝗡 & 𝗔𝗨𝗧𝗛 𝗧𝗘𝗦𝗧𝗜𝗡𝗚 • JWT Editor → test JWT vulnerabilities • Turbo Intruder → high-speed attacks (race, brute) ━━━━━━━━━━━━━━━━━━ 🧪 𝗙𝗨𝗭𝗭𝗜𝗡𝗚 & 𝗦𝗖𝗔𝗡𝗡𝗜𝗡𝗚 • ActiveScan++ → improved scanning coverage • Backslash Powered Scanner → injection detection ━━━━━━━━━━━━━━━━━━ 📦 𝗔𝗗𝗩𝗔𝗡𝗖𝗘𝗗 𝗔𝗧𝗧𝗔𝗖𝗞𝗦 • HTTP Request Smuggler → find smuggling bugs • Content Type Converter → bypass filters ━━━━━━━━━━━━━━━━━━ 🧠 𝗣𝗥𝗢𝗗𝗨𝗖𝗧𝗜𝗩𝗜𝗧𝗬 • Logger++ → advanced request logging • Flow → visualize request flow ━━━━━━━━━━━━━━━━━━ ⚠️ 𝗥𝗘𝗔𝗟𝗜𝗧𝗬 Installing tools ≠ finding bugs Understanding logic = finding bugs ━━━━━━━━━━━━━━━━━━ 🎯 𝗨𝗦𝗘 𝗧𝗛𝗜𝗦 𝗟𝗜𝗞𝗘 𝗔 𝗣𝗥𝗢 Start with recon → test auth → fuzz → automate → verify ━━━━━━━━━━━━━━━━━━ 🔗 𝗕𝘂𝗿𝗽 𝗘𝘅𝘁𝗲𝗻𝘀𝗶𝗼𝗻𝘀 (𝗢𝗳𝗳𝗶𝗰𝗶𝗮𝗹) https://t.co/UrWqcuPRJe ━━━━━━━━━━━━━━━━━━ #BurpSuite #WebSecurity #Pentesting #BugBounty #InfoSec

🚨 Ransomware Alert: 🇨🇴 Antioquia Hospital Cooperative - COHAN (https://t.co/pSQ5BBaRgu), a Colombia-based pharmaceutical company, has reportedly fallen victim to the Qilin ransomware group. 🔎 Key Details: 👥 Threat Actor: Qilin 📅 Reported on: 20 April 2026 ⚠ Data Compromised: 1500 GB

🚨 CYBERSECURITY ALERT: SUPPLY CHAIN ​​COMPROMISE (ABAI GROUP / DALE! - GRUPO AVAL) 🇪🇸🇨🇴 A massive data breach affecting the Colombian digital wallet Dale! has been confirmed. The entry point was a compromise of Abai Group's systems. 👤 Threat Actors: Petro_Escobar ft. NyxarGroup. 🏢 Source Company: Abai Group 💼 Affected Entity: Dale! (Grupo Aval, Colombia). Threat Actor: Petro_Escobar ft. NyxarGroup. 📑 Compromised Information: Identity and PII: Names, surnames, ID numbers, and email addresses of thousands of users. Field Data: Exact geolocation (GPS) of enrollment points and Visits. Technical Logs: Integration errors (Kafka/PTS), exposing weaknesses in communication between the provider in Spain and the infrastructure in Colombia. Personnel Data: Detailed information on Abai/Atento agents and supervisors. This incident highlights the vulnerability of Grupo Aval companies to security breaches in their international technology providers. 🔍 Monitor: https://t.co/wk9bZJ2Nli #CyberSecurity #AbaiGroup #Madrid #Spain #Colombia #Dale #GrupoAval #DataBreach #SupplyChainAttack #VECERT #Cybersecurity #Hacking #GDPR #InfoSec

🇨🇴 Colombia - Multiple Financial Institutions Face Alleged Data Breach Colombian Financial Institutions Confront Alleged Data Breach Multiple Colombian financial institutions, including Banco de Occidente, EmergiaCC, and Conalcreditos, have allegedly been compromised. The claims, made by threat actors, surfaced on an underground forum where data samples were reportedly posted from various Colombian banks. While a specific threat actor group has not been identified in connection with these claims, the incident is part of a broader alleged cyberattack impacting the Colombian financial sector. The allegedly compromised data includes: * Customer names * Login and logout timestamps * Location data * Insurance plan details * Phone numbers * Physical addresses * Advisor records These types of records align with data samples posted in related incidents targeting other major Colombian financial institutions by the same threat actors. * **Banco de Occidente** (🇨🇴): A prominent commercial bank in Colombia. * **EmergiaCC** (🇨🇴): A contact center and business process outsourcing (BPO) company, likely providing services to the financial sector. * **Conalcreditos** (🇨🇴): A Colombian financial services institution, focusing on credit and financial solutions. #Colombia, #FinancialSector,#DataBreach, #BancodeOccidente,#EmergiaCC,#Conalcreditos,#Cybersecurity,#FinancialServices,#DataLeak