Underdog1987

🇲🇽 Mexico's "Programas para el Bienestar" has allegedly been listed on a cybercrime forum. * Threat actor claims to possess data associated with the Mexican social welfare program * Forum post advertises the dataset under the name "BIENESTAR-LEAK" * Initial listing suggests the data may be linked to beneficiaries and government program records Analyst Note: Government welfare databases are particularly sensitive because they often contain identity, financial, demographic, and social assistance information. If the claims are verified, affected individuals could face identity theft, fraud, and targeted social engineering campaigns, while the exposure could also create broader national privacy concerns. #DDW #Intelligence #DarkWeb #Mexico

🇲🇽 A threat actor is advertising an alleged “Banco Santander México” database leak on underground forums. The exposed sample shown in the post appears to reference: • account-related fields • customer registration data • address information • city/state details • internal customer identifiers Financial-sector data continues to remain one of the highest-value commodities in cybercriminal ecosystems due to its potential use in: • identity theft • financial fraud • social engineering • account takeover attacks • synthetic identity creation Even limited customer metadata can significantly improve phishing precision and fraud operations when combined with previously leaked datasets. At this stage, the authenticity, scope, and origin of the alleged database remain unverified. #DDW #Intelligence #Santander #Mexico

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

Acaba de confirmarse: la vulnerabilidad "Copy Fail" en Linux está siendo explotada en el wild para obtener acceso de root en sistemas afectados. La agencia CISA ha advertido que actores maliciosos están utilizando esta vulnerabilidad, identificada como CVE-2026-31431, para comprometer sistemas Linux. La explotación se logra a través de un mecanismo que permite escribir 4 bytes controlados en la page cache de cualquier archivo legible. El ataque se lleva a cabo mediante un script Python de 732 bytes, que es determinista y portable en diferentes arquitecturas y distribuciones de Linux. La vulnerabilidad se introdujo en 2017 y afecta a kernels desde la versión 4.11. Los sistemas afectados pueden ser comprometidos sin dejar rastro en el disco, lo que hace que la detección sea difícil. La acción concreta para los afectados es parchear sus sistemas lo antes posible. ¿Estás en riesgo? Revisa esto: asegúrate de que tus sistemas Linux estén actualizados con los últimos parches de seguridad. https://t.co/kR5Dlarjf6

🟥 EL ESTRECHO DE UBUNTU: Hacktivistas iraníes "313 Team" mantienen colapsada la infraestructura de actualización de la famosa distro de Linux Ubuntu y no baja ninguna actualización más. Esto se volvió crítico porque hay que actualizarlos debido a un fallo de seguridad crítico llamado "https://t.co/rtoPBdGg0r" que afecta a toda la superficie Linux. Este ataque se clasifica como DDoS, que significa generarle tanto tráfico basura a un servidor hasta colapsarlo.

🇲🇽 A threat actor has allegedly leaked data associated with Declaranet, a government-related platform tied to public servant declarations in San Luis Potosí, Mexico. According to the forum post, the exposed dataset may contain sensitive personal and institutional information linked to government employees and administrative records. The actor claims the leak includes structured identity-related data used for official reporting and compliance processes. The authenticity and full scope of the claims have not yet been independently verified. Government and public administration systems remain high-value targets due to the concentration of sensitive citizen and employee data they manage. Exposure of such records can increase risks tied to identity theft, phishing, fraud, and targeted social engineering. Daily Dark Web is monitoring the situation and related underground activity for additional verification and updates. #Mexico #CyberSecurity #DataBreach #Government #DarkWeb #ThreatIntel

🚨 CYBER THREAT ALERT: MASSIVE DATA LEAK AFFECTING PORT AND NAVAL PERSONNEL - MEXICO 🇲🇽 A massive data exfiltration has been detected originating from the *Puerto Inteligente Seguro* (Secure Intelligent Port) platform (https://t.co/pLNqtpKsic)—an integral system managed by the National Port System Administration (ASIPONA) under the supervision of the Secretariat of the Navy (MARINA). 👤 Threat Actor: marssepe (Private Society 157). 📍 Affected Entity: National Port System Administration (ASIPONA) / MARINA. 📊 Data Volume: +640,000 personnel records. 🌍 Scope: Logistics operators, port workers, and security personnel at strategic ports (e.g., Altamira). 🛠️ Data Nature: JSON (Access control API logs). 📦 COMPROMISED INFORMATION (PII & LOGISTICS): The leaked data structure is extremely detailed, enabling comprehensive profiling of individuals with access to restricted zones: 👤 Full Identity: Names, surnames, CURP, RFC, and Social Security Number (NSS). 🧬 Biographical Data: Gender, date of birth, and blood type. 📸 Biometric Data: Profile photos in Base64 format (digitized). 🏢 Employment Information: Company (e.g., *Almacenamiento y Logística Portuaria de Altamira*), employee ID, job title, operational area, and hierarchical level. 🚗 Licensing & Traffic: License numbers, categories, expiration dates, and medical examination details. 🛂 International Documentation: Passport numbers and their respective expiration dates. Monitor: https://t.co/wk9bZJ2Nli #Cybersecurity #Mexico #Marina #PuertoInteligente #DataLeak #NationalSecurity #ASIPONA #VECERT #InfoSec #CyberAttack