Underground forum listing offers 200 Binance user records with full PII — name, email, phone, date of birth, and residential addresses. Exchange data remains a persistent target in identity theft operations.
Underground forum CrdPro is listing NoLimitGPT, an uncensored AI tool marketed as "FraudGPT" with no content restrictions or safety filters. The offering expands AI-powered crime enablement available to the cybercriminal community.
#cybercrime#threatintel
This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users. We've contained it & removed the affected dependency. We're contacting impacted users & refunding them in full.
Krybit ransomware listed San Silvestre School (https://t.co/1AF2tk9obu), a premier educational institution in Peru, on its leak site. The emerging group continues expanding its LATAM victim footprint following recent attacks on South American targets.
#ransomware#LATAM #threatintel
🚨 A new listing attributed to #APT73 has surfaced, claiming access to assets associated with https://t.co/AfuTBPuhiW, the official digital platform and domain zone of the Brazilian Federal Government.
Reported indicators include:
• 106 compromised users
• 14 third-party employee credentials
• 17 externally exposed assets
#CyberSecurity #ThreatIntel #DataBreach #Brazil #OSINT
🚨 Alerta de ciberseguridad en Uruguay
Se encuentra circulando en la dark web una base de datos que contendría más de 5,8 millones de registros asociados a ciudadanos uruguayos, presuntamente obtenidos a través de una API del DNIC con controles de seguridad insuficientes.
Según los actores que difunden la información, la base incluiría números de cédula, nombres y apellidos de ciudadanos uruguayos. Actualmente se está evaluando la autenticidad, alcance e impacto potencial de la filtración.
#CyberSecurity #DataBreach #ThreatIntel #Uruguay
🚨 Alert Under Assessment:
The group "EsqueleSquad" claims to have leaked data from several Argentine organizations, including:
Central Bank of Argentina (BCRA) — credit scoring data affecting more than 32 million individuals
IOMA — data from over 1 million members
Argentine Federal Police (PFA) — more than 903 classified PDF documents
Personal information of Buenos Aires Province Governor Axel Kicillof
The authenticity and scope of the alleged breach are currently being analyzed. At this stage, it has not yet been determined whether this is a compilation of previously leaked data or a newly disclosed dataset.
#ThreatIntel #Argentina
🚨 Alerta en evaluación:
El grupo "EsqueleSquad" reclama la filtración de datos de organismos argentinos:
- BCRA (scoring crediticio de +32M)
- IOMA (+1M de afiliados)
- PFA (+903 PDFs clasificados)
- Información personal del gobernador de la provincia de Buenos Aires, Axel Kicillof
Estamos analizando la veracidad y el alcance. No se pudo determinar aún si se trata de una recopilación de datos filtrados previamente o un leak nuevo.
#ThreatIntel #ArgentinaParaArgentinos
ShinyHunters listed Amazon-owned https://t.co/Oh0ahHagKX on its data leak portal, claiming 8.8 TB of healthcare data compromised. OneMedical operates primary care clinics across the US.
#healthcare#databreach#threatintel
RansomHouse ransomware listed Promepla, an Argentine contract design manufacturer, on its leak site. The company operates across industrial, medical, and consumer electronics sectors. LATAM production remains an active ransomware target in Q2 2026. #ransomware#LATAM#ransomware #LATAM
SpaceBears ransomware listed Chebib Control, a Brazilian industrial automation and electrical engineering firm, on its leak site. Brazil's industrial sector continues to see ransomware incidents in mid-2026. #ransomware#LATAM#ransomware#LATAM
https://t.co/KSllH0k4HW
Ransomhouse ransomware listed Aegle Aviation (India) and Ma Pak Leung Company (Hong Kong) on its leak site today. Aviation sector compromise in India — aerospace supply chain and maintenance data potentially exposed.
#ransomware#threatintel
A new ransomware operation, worldleaks, surfaced today with 2 initial victims: United Auto Supply (US manufacturing) and CH Karnchang Public (Thai construction conglomerate). First observed activity for this group.
#ransomware#threatintel
Among TheGentlemen's 20+ victims today: 3 US surgical centers, Canadian fiber optics firm Fibrenoire, and Soja de Portugal (491GB). Healthcare accounts for 4 of 20 victims — still the most targeted vertical for ransomware. #ransomware#healthcare#ransomware#healthcare
BrainCipher ransomware listed https://t.co/U9WmkPokZy, a Canadian ISP, on its leak site today. ISP-level access enables credential harvesting, BEC, and supply-chain attacks against the provider's customers. 📊
#ransomware#threatintel
https://t.co/KSllH0k4HW
Kairos ransomware added Commune De Camiers, a municipality in northern France, to its leak site. The group continues to target European local government entities in its ongoing campaign. #ransomware#infosec#ransomware#infosec
🚨 Nuevos detalles comenzaron a surgir sobre el operativo de la PFA relacionado con una presunta red dedicada a la comercialización de accesos y bases de datos sensibles en Argentina.
Según medios locales, la investigación habría identificado una estructura con distintos roles operativos: administradores de canales de Telegram, personas utilizadas como “mulas digitales” para mover dinero y actores encargados de automatizar accesos a sistemas comprometidos.
La causa también menciona el uso de billeteras virtuales y plataformas cripto para redistribuir fondos obtenidos de actividades ilícitas, además de una posible conexión con otras comunidades de cibercrimen investigadas previamente en la región.
Entre los elementos secuestrados durante los allanamientos se encontrarían notebooks, teléfonos, discos SSD, pendrives y documentación con anotaciones vinculadas a las operaciones investigadas.
#CyberSecurity #ThreatIntel #CyberCrime #Kalir
🚨 Un mensaje difundido en canales vinculados a Chronus Leak afirma que su presunto administrador, identificado como “L0stex”, habría sido allanado y detenido recientemente por la Policía Federal Argentina.
En el mismo comunicado también se mencionan posibles represalias y operaciones contra organismos argentinos, aunque por el momento no existe confirmación oficial sobre la autenticidad de las afirmaciones difundidas.
El caso vuelve a poner el foco sobre la creciente actividad de grupos de filtración y cibercrimen en la región.
#CyberSecurity #ThreatIntel #Argentina #Kalir