Jorge Negrete

🚨 CYBER INTELLIGENCE REPORT: CONSOLIDATED THREAT SIGNALS 🌍 🇵🇪🇲🇽🇨🇱🇺🇸🇬🇧🇦🇷🇲🇦🇫🇷🇮🇱🇧🇷🇷🇺🇮🇳 [ISSUE DATE: JUNE 16, 2026] [STATUS: SIGNALS INTELLIGENCE / HIGH RISK / GLOBAL MONITORING] The following is an analysis of the 18 tactical signals detected on the intelligence map, highlighting cyber espionage operations, attacks on critical infrastructure, data breaches, and the deployment of exploitation tools. 🏛️ CRITICAL PRIORITY: GOVERNMENT AND INFRASTRUCTURE (LATIN AMERICA) 🇵🇪 Peru | Exfiltration of Migration Database: Actor: SELEKT. Risk Level: 70 (Cybercrime - HIGH RISK). Report of compromised migration database. 🇵🇪 Peru | Attack on the Government and Local Entities: DDoS Attack: Peruvian government under attack by the vLeakz group (Risk 57). Future Attack: Crakaizen plans attacks against https://t.co/jnX1iXBsXn (Risk 56). 🇲🇽 Mexico | Massive Data Breach: Actor: Cortex-group. Details: Theft of 48 GB of data from Yoremia. 🇨🇱 Chile and Mexico | Sectoral Threats: Actor: EXILIADOS. Threat of future attacks against various business sectors. 🏭 SCADA OPERATIONS AND GLOBAL ESPIONAGE 🇺🇸 United States | Energy Infrastructure: Actor: Infrastructure Destruction Squad. Sale of unauthorized access to fuel stations (Risk 32). 🇬🇧 United Kingdom | Intelligence Threat: Actor: CyberSpyFree. Threat from hacktivists to leak MI5 intelligence data. 🇦🇷 Argentina | Espionage Operations: Actor: vLeakz. Report on hacktivists under investigation, categorized as cyber espionage. 🕸️ DDoS, EXPLOITS, AND BOTNETS (GLOBAL CAMPAIGNS) Ongoing DDoS: 🇲🇦 Morocco: TheGarudaEye attacks a tourism portal (Risk 62) and plans further attacks (Risk 52). 🇫🇷 France: French websites under attack by Dark Storm (Risk 42). 🇮🇱 Israel: Yemen Cyber ​​Group continues operations against Israeli companies. Exploit Trading: 🇷🇺 Russia: HackfutS3c and LegioNLeakeRs are trading exploits for WordPress and SMTP cracking tools (Risk 48-58). 🇧🇷 Brazil | Infrastructure: Actor: BDKR28. Detection of webshell trading. VECERT SIGNAL INTELLIGENCE Monitoring Platform: https://t.co/wk9bZJ2Nli Verification: https://t.co/5LuqwzYuS6 #CyberSecurity 🔐 #ThreatIntelligence 📊 #SIGINT #DataBreach 📁 #VECERT 🏢

🚨 CYBER INTELLIGENCE ALERT: 🇨🇱 [UNCONFIRMED / CRITICAL] INTERNAL ACCESS TO TELECOMMUNICATIONS — VTR CHILE [STATUS: UNCONFIRMED / NETWORK INFRASTRUCTURE COMPROMISE] A post originating from the Telegram channel of a threat actor named "Rutify" has been detected. The visual evidence processed in the screenshots, , demonstrates that the attacker has gained direct administrative access to the internal provisioning, network management, and customer control panel of the telecommunications company VTR Chile. 📂 Technical Analysis of the Visible Evidence The screenshots reveal access to an internal web administration panel with deep privileges over the provisioning of fixed and mobile services for VTR Chile. Three major risk vectors were identified based on the exposed modules: 1. Network and Critical Infrastructure Management (Network & Provisioning) The system's sidebar exposes operational menus that compromise the ISP's network: Node Status & CMTS Pools: Control over the status of CMTS (Cable Modem Termination System) nodes and pools, the core infrastructure that connects VTR's broadband customers' cable modems. DHCP Leases & Traffic Stats: Access to the network's IP address assignments and real-time traffic statistics. Provisioning (Job Queue / Config Templates): An active job queue with 12 pending requests and configuration templates. Modifying these templates would allow an attacker to alter the physical provisioning of customer services. 2. Geographic Infrastructure Mapping (Chile Nodes) The screenshots show key identifiers from the internal network naming convention that confirm the geographic impact on Chilean municipalities and infrastructure: SCL-LAS-COND-07 and SCL-CMTS-04: Direct references to infrastructure located in Santiago, Chile (SCL), specifically in the Las Condes municipality. VLP-CENTRO-01: Infrastructure assigned to the Valparaíso region (VLP). CCP-NORTE-02: Nodes linked to the Concepción / Biobío region (CCP). 3. PII Exfiltration and Financial Plan Control The "Account Detail" section and plan modules demonstrate the ability to extract and alter critical customer data in Chile: Exposed Identity Fields: The system stores and allows searches using the RUT (Tax ID), subscriber number, account number, service number, and the customer's current IP address, as well as sensitive mobile identifiers such as the ICCID (SIM card serial number) and IMSI (International Mobile Subscriber Identity). Financial Rate Manipulation: A live query shows an active plan named "Postpago 50GB — " (Chilean Pesos). The panel displays a menu for immediate plan changes under the CUST_REQUEST (customer request) order type, meaning the attacker can alter the company's billing systems. 🛡️ Recommended Actions (Defensive Measures) Perimeter Blocking and Session Revocation: The VTR Chile/ClaroVTR security team must be alerted urgently to identify access logs for their provisioning tools (specifically the backend modules shown in the screenshots), revoke all active web sessions, and enforce the strict use of hardware-based multi-factor authentication (MFA). VECERT TOOLS Strategic Monitoring Tools & Intelligence Platform: 🌐 https://t.co/wk9bZJ2Nli Security Verification & Monitoring: 🛡️ https://t.co/5LuqwzYuS6 #CyberSecurity 🔐 #Chile 🇨🇱 #VTR #ClaroVTR #DataBreach 📁 #Telecoms #SIMSwapping #RUT #InitialAccess #ThreatIntelligence 📊 #VECERT 🏢

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: https://t.co/bwn0sximKZ

As a result of a US government directive, we are suspending access to Claude Fable 5 for all users. You can continue to use all other Claude models. Here’s what this means for you: Across Claude products, new sessions will run on your selected default model or Opus 4.8, and existing Fable 5 sessions will end with an error. On the Claude Platform, requests to Fable 5 will also return an error. Please update your integrations to other Claude models. We know this is a disruption to your workflows; we appreciate your patience and support.