GRAM Cybersecurity

Si te preocupa tu seguridad digital, no dudes en contactarnos, en nuestro equipo de trabajo estaremos encantados de poderte ayudar a proteger la disponibilidad, integridad y confidencialidad de tu información y comunicaciones. gramcybersec.com

🚨 CYBERINTEL ALERT: Data Leak Affecting Banco Falabella and Debt Collection Agencies (Colombia) 🇨🇴🏦 Our Analyzer platform has detected a massive data exfiltration directly impacting customers of Banco Falabella Colombia, obtained through its debt collection and portfolio recovery partners: EmergiaCC and Conalcréditos Colombia. Threat actor Petro_Escobar, in collaboration with NyxarGroup, has released highly sensitive information. Victim: Banco Falabella Colombia / EmergiaCC / Conalcréditos 🏛️. Threat Actor: Petro_Escobar & NyxarGroup 🎭. Volume: Over 3,000,000 records. Date: March 27, 2026 🗓️. Analysis of Exfiltrated Data (Delinquent Portfolio and Profiling) The data structure reveals deep socioeconomic profiling of the affected citizens: 🔹 Detailed Financial Information: Account numbers, card types (CMR Falabella), balances, delinquency cycles, payment agreement values, and product statuses (Consumer Loans/Cards). 🔹 Socioeconomic Profile: Socioeconomic stratum, salary, other income sources, household expenses, educational level, profession, and occupation. 🔹 Personal and Contact Data (PII): Full names, ID numbers (Cédula), verified mobile phone numbers (e.g., , ), physical addresses, and email addresses. 🔹 Collections Management: Records of calls (In/Out), field visits, SMS, WhatsApp messages, and contact scripts used by the agencies. Monitor: analyzer.vecert.io #CyberSecurity #Colombia #BancoFalabella #Falabella #Emergia #Conalcreditos #DataBreach #PetroEscobar #NyxarGroup #DelinquentPortfolio #FintechSecurity #InfoSec #CyberAlert #HackingNews

⚠️ Claude Chrome Extension 0-Click Vulnerability Enables Silent Prompt Injection Attacks Source: cybersecuritynews.com/claude-chrome-… A critical zero-click vulnerability in Anthropic's Claude Chrome Extension exposed over 3 million users to silent prompt-injection attacks, allowing malicious websites to hijack the AI assistant without user interaction. The flaw, now patched, could have enabled attackers to steal Gmail access tokens, read Google Drive files, export chat history, and send emails all invisibly. The extension's messaging API accepts a message type called onboarding_task, which accepts a prompt parameter and forwards it directly to Claude for execution. #cybersecuritynews

Colombia 🇨🇴 - Banco Nubank Colombia has allegedly been compromised, exposing a debt collection database. The leak contains over 30,000 customer records including full names, national IDs and financial statuses. dailydarkweb.net/nubank-colombi…

🚨 GhostClaw AI Assisted Malware Attacking macOS Users to Deploy Stealer Malware Source: cybersecuritynews.com/ghostclaw-ai-a… A new malware campaign called GhostClaw is actively targeting macOS users through fake GitHub repositories and AI-assisted development workflows. The campaign uses social engineering disguised as legitimate developer tools to steal user credentials and drop secondary payloads on infected systems. The campaign quickly spread beyond the npm ecosystem and into GitHub-hosted repositories that impersonated trading bots, software development kits, and other common developer utilities. #cybersecuritynews

#InformeColCERT 🛡 Análisis técnico con metodología OSINT, que profundiza en la campaña de posible exfiltración de información en el país. 🛑 Se evidencian brechas informadas que podrían estar sin corregir. 👉 Desde el #ColCERT seguimos fortaleciendo el acompañamiento para la protección de la seguridad digital.🖱️ Consulta el informe: colcert.gov.co/800/w3-article… #MásPreparados #MinTic #MásResilientes

🚨 ALERTA CSIRT PONAL – Boletín No. 023-2026 (TLP: GREEN) ⚠️Se alerta sobre el uso de archivos .SVG y .XHT en campañas maliciosas que simulan embargos, notificaciones judiciales y trámites bancarios para distribuir malware. 🔗cc-csirt.policia.gov.co/alertas-tips/2… #CSIRTPONAL #Ciberseguridad

⚠️ HackerOne Data Breach – Employees Data Stolen Following Navia Hack Source: cybersecuritynews.com/hackerone-data… HackerOne recently disclosed a data breach affecting 287 of its employees following a cyberattack on its U.S. benefits administrator, Navia Benefit Solutions. The breach stemmed from a Broken Object Level Authorization (BOLA) vulnerability in Navia's API, which exposed the sensitive personal and health information of approximately 2.7 million individuals nationwide. An unknown threat actor exploited a Broken Object Level Authorization (BOLA) flaw within an Application Programming Interface (API) endpoint belonging to Navia Benefit Solutions. #cybersecuritynews

Kali Linux 2026.1 Release (2026 Theme & BackTrack Mode): New year, new release - Kali 2026.1 is here! There is everything from a fresh coat of paint to a nod to our roots, with normal ongoing improvements. Building on from December’s 2025.4, the summary… kali.org/blog/kali-linu…

🚨 Claude Vulnerabilities Allow Data Exfiltration and User Redirection to Malicious Sites Source: cybersecuritynews.com/claude-vulnera… Three chained vulnerabilities in Claude[.]ai, Anthropic's widely used AI assistant, together allow attackers to silently exfiltrate sensitive conversation data and redirect unsuspecting users to malicious websites, all without requiring any integrations, tools, or MCP server configurations. The vulnerability chain, collectively dubbed Claudy Day, was responsibly reported to Anthropic through its Responsible Disclosure Program, and the primary prompt injection flaw has since been patched. #cybersecuritynews #vulnerability

⚠️ WARNING - An unpatched critical telnetd bug (CVE-2026-32746) lets attackers gain full system access with no credentials. One connection to port 23 is enough to trigger memory corruption and execute code as root. No patch yet. Prior telnet flaw is already exploited in the wild. 🔗Read → thehackernews.com/2026/03/critic…

🚨 Cisco Firewall 0-day Vulnerability Exploited in the Wild to Deploy Interlock Ransomware Source: cybersecuritynews.com/cisco-firewall… An active campaign by the Interlock ransomware group is exploiting a critical zero-day vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability may allow an unauthenticated remote attacker to execute arbitrary Java code with root privileges on an affected device. The investigation advanced when a misconfigured infrastructure server exposed Interlock’s complete operational toolkit. Initial threat activity involved HTTP requests to a vulnerable software path, containing Java code execution attempts and embedded URLs. #cybersecuritynews #cisco

🧵 HILO | @MinSaludCol de Colombia tiene una interfaz pública que entrega datos de afiliados sin pedir contraseña. Lo verificamos tras conocerse que un grupo de delincuentes digitales lo hizo público. Esto es lo que encontramos. 🧵 muchohacker.lol/2026/03/ataque…

[Blog] Vulnerabilidad crítica en Microsoft Office permite ataques de ejecución remota de código blog.elhacker.net/2026/03/vulner…

🛑 Linux AppArmor hit by 9 “CrackArmor” flaws letting unprivileged users manipulate security profiles and escalate to root. The bugs date back to 2017 and affect kernels 4.11+ across major distros including Ubuntu, Debian, and SUSE. 🔗 Read → thehackernews.com/2026/03/nine-c…

🛑 OpenClaw AI agents can leak data via indirect prompt injection. A crafted URL generated by the agent triggers Telegram or Discord link previews that silently send sensitive data to attacker domains. China’s CNCERT warns organizations to isolate or restrict the tool. 🔗 Attack details → thehackernews.com/2026/03/opencl…

A vulnerability in Microsoft Authenticator could leak your one-time sign-in codes. malwarebytes.com/blog/news/2026…

🛡️ CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Complete Root Takeover Source: cybersecuritynews.com/crackarmor-vul… Nine critical vulnerabilities have been discovered in AppArmor, which is a widely used mandatory access control framework for Linux. These vulnerabilities, collectively referred to as “CrackArmor,” enable unprivileged local users to escalate their privileges to root, break container isolation, and cause kernel operations to crash. This issue affects over 12.6 million enterprise Linux systems worldwide. The CrackArmor vulnerabilities trace their origins to Linux kernel version 4.11, released in 2017, and have remained undetected in production environments for nearly nine years. #cybersecuritynews #linux

⚠️ Veeam fixed multiple flaws in Backup & Replication, including 9.9-severity RCE bugs that let authenticated domain users run code on backup servers. Affected: all v12 builds before 12.3.2.4465. 🔗 CVEs and patch details → thehackernews.com/2026/03/veeam-…

⚠️ Starbucks Data Breach - Hundreds of Users' Personal Data Exposed Source: cybersecuritynews.com/starbucks-data… Starbucks Corporation has confirmed a data breach affecting an undisclosed number of its employees, exposing highly sensitive personal and financial information after unauthorized actors gained access to internal partner accounts through a sophisticated phishing scheme. On or about February 6, 2026, Starbucks became aware of potential unauthorized access to certain Starbucks Partner Central accounts. Partner Central is the company's internal portal used by Starbucks employees, referred to internally as "partners." #cybersecuritynews #databreach

[Blog] Vulnerabilidades en Cloudflare Pingora permiten contrabando de solicitudes y envenenamiento de caché blog.elhacker.net/2026/03/vulner…