Merl

Gracias a tod@s por acercarse ayer, por la participación y las risas 🤣! El debate post charla estuvo muy bueno. Para el que se lo perdió, expuse sobre la célula procariota. Nuevamente gracias ❤️⚔️

Dutch investigators from the FIOD have taken down the bulletproof server hosting provider Stark Industries Authorities seized 800 servers and arrested two men, a 57-year-old who ran the company and a 39-year-old behind a separate firm that handled internet connectivity Just last year, Stark Industries was sanctioned by the United Kingdom for enabling Russian state-sponsored operations, disinformation campaigns, and other cybercrime activities Shortly after the EU sanctions, Stark rebranded as "THEHosting" under a new Dutch organization (WorkTitans B.V.), allowing it to maintain its operations

people are too busy in exploring chrome, kernel and other oss CVEs, meanwhile a DOMPurify bypass was silently dropped 👀 github.com/cure53/DOMPuri…

🚨 CAYERON "LOS PRESTACARAS": LA BANDA QUE CLONABA IDENTIDADES CON AYUDA DEL CORREO Se trata de una organización que se dedicaba a robar tarjetas de crédito antes que llegasen a sus dueños. El modus operandi: 🔹 El entregador: Un empleado infiel del correo Andreani "marcaba" los envíos. Avisaba el día exacto de la entrega, el nombre del titular y el domicilio. 🔹 El artesano: Con esa información, un falsificador armaba DNI truchos con los datos de las víctimas pero con el rostro de los delincuentes. 🔹 La entrega: Iban hasta el domicilio y esperaban en la vereda. Cuando llegaba el distribuidor, se hacían pasar por los dueños, mostraban el documento falso y se quedaban con la tarjeta plástica original. 🔹 El fletero: Una vez con el plástico en mano, compraban electrodomésticos a mansalva y retiraban efectivo. Un fletero de la banda se encargaba de mover la mercadería robada y revenderla. Fue una investigación de la jueza federal Alicia Vence y la Superintendencia de Investigaciones Federales de la PFA, la banda fue desarticulada. Los 15 detenidos serán indagados en los próximos días.

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

🚨 CYBERINTEL ALERT: NATIONAL SECURITY INTRUSION - BRAZIL 🇧🇷 ⚠️ THREAT ACTOR "1877 TEAM" RELEASES 46 ULTRA-SECRET WEAPONRY AND STRATEGIC INTELLIGENCE DOCUMENTS [STATUS: UNDER INVESTIGATION / MILITARY INTELLECTUAL PROPERTY LEAK / UNCONFIRMED] The threat actor group known as "1877 Team" has announced the execution of a high-severity cyber intrusion as part of the "OpBrazil" hacktivist campaign. The attackers claim to have breached the Strategic Weapons Research Division of Brazil's Ministry of Defense (MD / Ministério da Defesa), successfully exfiltrating and publishing a batch of 46 technical documents classified at the highest level of secrecy (Level 5 - Ultra-Secret). 🎯 Affected Entity: Ministry of Defense of Brazil (eb.mil.br / defesa.gov.br). 👤 Threat Actor: 1877 Team. 📂 Batch Contents: 46 confidential PDF files containing technical blueprints, digital signatures, and cryptographic configurations. ⚠️ Verification Status: TECHNICALLY CONFIRMED. Visual samples display official letterheads reading "Ministério da Defesa - Relatório Confidencial" (Ministry of Defense - Confidential Report), the group's watermarks, and a structured file listing detailing proprietary defense technologies. 📂 ANALYSIS OF EXFILTRATED MILITARY DOCUMENTS The list of PDF files visible on the attacker's backend compromises the strategic and technological advantage of the armed forces in advanced domains: 1. Advanced Weapon Systems and Strategic Projects Drones_Kamikazes.pdf and Drones_Subaquaticos.pdf: Blueprints and specifications for unmanned tactical strike and underwater systems. Submarinos_Nucleares.pdf: Documentation regarding the nuclear submarine development and propulsion program. Energia_Direcionada.pdf and Blindados_Autonomos.pdf: Research on directed-energy weapons (laser/microwave) and autonomous armored vehicles. Misseis_de_Curto_Alcance.pdf and Lancamento_Foguetes.pdf: Data on ballistics, missile systems, and launches. 2. Cyber ​​Warfare and Intelligence Technologies IA_Tatica_Avancada.pdf: Artificial intelligence protocols applied to tactical military operations. Guerra_Eletronica.pdf and Radares_Quanticos.pdf: Manuals on radio-electronic combat and the experimental development of quantum radars. Satellites_de_Espionagem.pdf: Coverage, capabilities, and processing orbits of military reconnaissance satellites. Comunicacoes_Criptografia.pdf: Configuration of sensor networks (Redes_de_Sensores.pdf) and secure communication channels. 🛡️ URGENT TECHNICAL MITIGATIONS AND RECOMMENDATIONS 🛑 Urgent Revocation of Digital Certificates: The Brazilian Cyber ​​Defense Command (ComDCiber) is urged to immediately revoke all digital signatures belonging to the commanders and researchers listed in the leaked samples, thereby invalidating their use for signing new memorandums or government contracts. 🔒 Cryptographic Key Rotation: Initiate an emergency rotation process for the exposed encryption schemes (AES) used in perimeter tactical communication channels to prevent passive data interception. ⚠️ Isolation of Research Networks: Completely isolate the logical servers of the Strategic Weapons Research Division from general internet access and conduct a deep forensic audit to identify the presence of persistent backdoors installed by the group. 🔍 Takedown of Public Samples: File military-related abuse reports with the hosting providers where the group is hosting the batch of 46 files in order to limit their mass dissemination. ⚡ MONITORING AND EVALUATION 🌐 Intelligence System: analyzer.vecert.io 🛡️ Quickly assess your website's security with: monitor.vecert.io #CyberSecurity #Brazil #OpBrazil #MinisterioDaDefesa #MilitaryLeak #QuantumRadar #NuclearSubmarine #1877Team #ThreatIntelligence #CiberAlerta #VECERT #Infosec #TopSecret

@queinsultante Pareciera ser un panel de comando y control de un troyano bancario que apunta a varios países (entre ellos Argentina). No sé quién la maneja. Sería la "parte de atrás" de lo que pasa en este video cuando te infectás con un troyano similar: x.com/Merlax_/status…

@Merlax_ disculpa, me da muchisima intriga entender que es lo que mostras jaja. que es eso?

Jajajaja wtf en qué momento escaló esto

For my Brazilian ThreaHunting/DFIR friends: Been reversing a malware called “#CNABHunter” (NUikita), and this thing is way more interesting than a regular banking trojan. At first I had to figure out what “CNAB240/400” even was — apparently it’s a financial file standard heavily used by Brazilian ERP/banking integrations. The malware hunts for those files in environments running TOTVS, SAP, RM, Senior, Sankhya, etc., extracts transaction data, and waits for remote commands to modify payments. Most interesting part: it doesn’t do dumb string replacement. The malware appears to rebuild the entire financial record using the correct field positions to keep the file structurally valid for banking processing. Maybe my interpretation of this behavior is wrong, but that’s what I’ve understood so far from reversing it. C2: 104.245.245[.]50:5000

Live #Phishing Un actor malicioso está desplegando LivePhishings contra distintas entidades financieras 🇦🇷 Posiblemente vibecodeado Site Actual hxxps://digitales-net.online/

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: dirtyfrag.io

#Phishing 🪝 Geral Cocos🇦🇷 hxxps://cocoscapital.top/ ID Theft 🇺🇸 hxxps://idreportinfo.online/ JADLOG APK 🇧🇷 hxxps://playstorejadlog.com/ Panini 🌏⚽️ hxxps://mayorista-panini.online/ hxxps://figurinhascopa-panini2026.site/ hxxps://albumdacopa.store/ hxxps://panini-pt.com/

What if Argentina built GitHub?

🚨🇧🇷 El Banco Central de Brasil prohíbe el uso de criptomonedas y stablecoins en los pagos transfronterizos dentro de los proveedores regulados llamados eFX: las operaciones deberán hacerse con divisas tradicionales o cuentas en reales de no residentes

The Internet is falling down, falling down, falling down Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940 Enjoy with us.. labs.watchtowr.com/the-internet-i…

También la nueva funcionalidad busca archivos con credenciales en plano (difiere de las credenciales que ya extraía del navegador) La motivación podrían ser nuevas cuentas mulas, venta de identidad, ¿extorsión? Complicado si afecta a rubros que manejan volúmenes grandes de ID

#Malware Malteiro / Mispadu 🇧🇷 🆕 La red desplegó en marzo una nueva funcionalidad que busca dentro del equipo infectado documentos de identificación (imagenes o pdf) y documentos con credenciales (txt)🚨 🇲🇽 alrededor de 2mil IDs extraídos, 🇦🇷 sigue muy atrás cerca de 50 IDs