OUTLAWS

🚨 🇪🇨 STRATEGIC CYBER INTELLIGENCE ALERT: ALLEGED LEAK OF MILITARY DOCUMENTS — ECUADORIAN ARMED FORCES [STATUS: UNVERIFIED / UNDER INVESTIGATION / SAMPLES PRESENT] A post has been detected by the threat actor identified as V0lt4r0x, who claims to have obtained detailed confidential information regarding the insurance policies of the Ecuadorian Armed Forces. According to the post, the material includes inventories, weaponry, military vehicles, combat aircraft, and warships, with policies valued at over $200,000,000. The attacker has provided an external link to download the content and has attached previews of the documents. 🎯 Affected Entity: Ecuadorian Armed Forces. 📂 Volume and Scope: Alleged insurance policy documentation, valued at over $200 million, including inventories of strategic assets (land, air, sea). 👤 Threat Actor: V0lt4r0x. ⚠️ Verification Status: UNVERIFIED / UNDER INVESTIGATION. Although visual samples of documents that appear to be official have been provided, the veracity, integrity, and full scope of the leak still need to be confirmed by the appropriate authorities. 📊 Data Exposed (as shown) The screenshots specifically suggest the exposure of sensitive technical and financial information, including: Strategic Assets: Inventories of buildings (hangars, dormitories, workshops, administrative offices, warehouses) and values ​​associated with air bases. Financial Information: Breakdown of costs by facility and asset categorization. Operational Terminology: Documents referenced under names such as "INSURANCE SUMMARY.pdf" and "TERMS OF REFERENCE.pdf". 🛡️ Mitigation Recommendations 🔍 Security Audit: Conduct a review of the systems hosting public procurement and insurance documents related to the Armed Forces. 🛡️ Intelligence Monitoring: Continue monitoring the source forum and the provided link, assessing the impact of the exposure of this inventory of strategic assets. ⚡ Strategic Monitoring 🌐 Intelligence System: analyzer.vecert.io 🛡️ Quickly assess your website's security with: monitor.vecert.io #CyberSecurity #DataLeak #Ecuador #ArmedForces #V0lt4r0x #ThreatIntelligence #CyberAlert #VECERT #UnderInvestigation #StrategicAssets

@TAVODEPONCE @mdnpaulor @SupermaxiEcu Tipti si te reemplaza, pero plena valen re v esas fundas

@mdnpaulor @SupermaxiEcu Ya les voy a recomendar eso a los mancitos de tipti

Oigan @SupermaxiEcu póngale unos centavitos de poder a sus fundas, se rompió la funda y se fué al suelo, quedaron compras con sabor a mermelada de piña y vidrio 🥲

🚨 CYBER INTELLIGENCE ALERT: POSSIBLE COMPROMISE OF CORPORATE EMAIL SERVER — SEGUROS LA UNIÓN 🇪🇨 ⚠️ ACTOR "V0lt4r0x" SELLING ACCESS AND EMAIL DUMPING INCLUDING MILITARY AND STATE POLICIES [STATUS: SAMPLES VIEWED, UNCONFIRMED, UNDER ANALYSIS] Through monitoring of underground forums, a post classified under the "DOCUMENTS" tag has been detected, made by the threat actor identified as V0lt4r0x. The attacker is advertising the sale of a compromised email server belonging to the insurance company Seguros La Unión. 🎯 Affected Entity: Seguros La Unión (Insurance and Finance Sector - Ecuador). 👤 Threat Actor: V0lt4r0x 📂 Incident Type: Email Server Exfiltration (Mailbox Dump) and Sale of Confidential Information 📊 TECHNICAL BREAKDOWN AND IMPACT VECTORS The forensic analysis of the proof-of-concept (PoC) reveals that the attacker exfiltrated the entire mailbox of a high-ranking executive at the insurance company (identified by the file path and emails). The impact is massive due to the nature of the accounts managed by this company: 🗄️ Exposure of Government and Military Contracts (National Risk): The attacker's file explorer shows internal email folders that expose policies and communications with the most critical institutions of the Ecuadorian State. Among the exfiltrated mailboxes—some weighing hundreds of megabytes or even gigabytes (such as a 1.6 GiB "Archive" file)—are folders labeled: FAE Diaf, FAE TRI, FAE Vehículos (Ecuadorian Air Force), Midena Aviación (Ministry of Defense), CELEC (Electric Corporation of Ecuador), Consejo de la Judicatura (Judicial Council), and IESS TRI (Ecuadorian Social Security Institute). 💸 Exposure of Financial Secrets and Reinsurance Data (Corporate Espionage): The attacker displays the contents of an email dated March 6, 2023, in which "Draft Reinsurance Contracts 2023/24" are discussed. The plaintext message reveals exact and confidential financial limits for Zone 1 (Guayas), exposing a cession limit of 900 million dollars, broken down into technical risk and fire coverage quotas. 🛡️ MITIGATION MEASURES AND EMERGENCY TECHNICAL RECOMMENDATIONS 🛑 Immediate Lockdown (Kill-Switch): Seguros La Unión’s security team (SOC) must immediately identify the compromise vector affecting the mail server (possibly vulnerabilities in Microsoft Exchange or Zimbra, or the theft of session tokens) and invalidate all active IMAP/SMTP credentials and sessions belonging to its executives. 🔒 Mandatory Notification to State Institutions: Due to national security requirements, the insurance company must urgently notify the Joint Command of the Armed Forces (Ministry of Defense), CELEC, and the Judicial Council that communications, policies, and details regarding their insured assets have been exfiltrated. ⚡ MONITORING AND ASSESSMENT 🌐 Intelligence System: analyzer.vecert.io 🛡️ Quickly assess your website's security with: monitor.vecert.io #CyberSecurity #DataBreach #Ecuador #SegurosLaUnion #V0lt4r0x #MailboxDump #SupplyChainAttack #CorporateEspionage #NationalSecurity #ThreatIntelligence #CiberAlerta #VECERT #Infosec #BEC

Passkeys just showed up one day and the general public has absolutely no clue what they are nor how they work.

@Impartial_Andr @BancoPichincha Re falso ese mensaje, revise cuidadosamente links

@BancoPichincha por favor confirmar. Estan llegando mensajes asi, es real?.

🚨 🇪🇨 CYBER THREAT ALERT: POTENTIAL SERVER COMPROMISE – SOMOS BDA (BANCO DEL AUSTRO) ⚠️ DETECTION OF SUSPICIOUS FILE UPLOADS AND POTENTIAL BACKDOOR [STATUS: EMERGING THREAT / UNCONFIRMED] Activity has been detected from the group BROTHEROOD CAPUNG (BCI) targeting the domain somosbda.ec, a platform associated with employees and collaborators of Banco del Austro in Ecuador. Evidence suggests that the attackers have successfully breached the server's upload directory. 🎯 Affected Institution: Somos BDA / Banco del Austro. 👤 Threat Actors: BROTHEROOD CAPUNG (BCI). 📅 Detection Date: May 14, 2026. 📊 ACTIVITY ANALYSIS (UNCONFIRMED) The incident presents indicators of a compromise involving the upload of unauthorized files: 🧩 Shell/Backdoor Upload: A URL has been identified pointing to a file with an apparently executable extension located within the /uploads/ directory. Although definitive technical confirmation is pending, the phrase "Shel nya ampas" used by the actor suggests the successful deployment of a Web Shell or Backdoor to maintain persistence. 🔓 Credential Risk: The affected page is a login portal ("Log In - Somos BDA"). A backdoor in this location could be used to intercept credentials belonging to bank employees and collaborators (Internal Phishing or Formjacking). 🛡️ MITIGATION AND RECOMMENDATIONS 🛑 Directory Isolation: It is recommended to immediately restrict access to—and script execution within—the /uploads/ directory on the affected server. ⚠️ File Audit: Conduct a thorough inspection of recently uploaded files to identify and remove any Web Shells or malicious code. ⚡ MONITORING 🌐 Monitoring System: analyzer.vecert.io #CyberSecurity #BancoDelAustro #SomosBDA #Backdoor #WebShell #Ecuador #CyberAlert #VECERT #BCI #DataBreach

Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments. The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran. To mitigate this threat: isolate affected Linux hosts, block 83[.]142[.]209[.]194, hunt for /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate exposed credentials.

🛑 REMINDER: Today, May 8, 2026 — #Instagram officially disabled end-to-end encryption for Direct Messages. • Meta can now read all your chats. • Download everything NOW or lose it. • Switch to WhatsApp for encryption. Details: thehackernews.com/2026/03/meta-t…

🚨 A new UNPATCHED Linux kernel “Dirty Frag” LPE flaw enables root access on Ubuntu, RHEL, Fedora and other distributions. Researchers released a working proof-of-concept exploit capable of gaining root in a single command. Details here: thehackernews.com/2026/05/linux-…

Who made this 😭

> be United States Senate > fast track legislation on ID verification for AI usage > passed initial review unopposed > bipartisan support > need to be 18 years old to use AI > realize Copilot comes with Windows do we need to do age verification to use Windows ... ???

‼️🇪🇨 CACPE Pastaza allegedly breached exposing 18 million Ecuadorian civil registry records via an unprotected API A threat actor claims that the identity validation API of CACPE Pastaza, an Ecuadorian cooperative, was pwned through an unprotected proxy endpoint that queries the national civil registry, exposing over 18 million records updated as of today. The post is being released for free and includes a working cURL exploitation example showing how anyone can pull complete personal records by submitting a national ID number. Post details: ▸ Actor(s): GondorPe ▸ Sector: Finance / Government (civil registry via cooperative API) ▸ Type: Data Leak / API Exposure ▸ Price: Free ▸ Records: 18,000,000+ ▸ Country: Ecuador ▸ Date: 06/05/2026 Compromised data: ▪ Full names (apellidos, nombres) ▪ National ID number (NUI / cédula) ▪ Date of birth ▪ Place of birth ▪ Home address (domicilio, calle, número) ▪ Marital status ▪ Gender ▪ Nationality ▪ Father's and mother's names ▪ Profession ▪ Date of ID issuance ▪ Citizenship status

‼️🚨 Microsoft calls this "intended behaviour," so here we go. How to dump the credentials of every user stored in Microsoft Edge: 1. Open Edge. Don't browse anywhere, just open it. 2. Flip to Task Manager, find Edge, expand the task. 3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump." 4. Open the dump file and look for credentials. The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking. Thanks to Rob VandenBrink at SANS: isc.sans.edu/diary/32954

🚨 CRITICAL CYBERINTELLIGENCE ALERT: MASSIVE NATIONAL IDENTITY BREACH – DIGERCIC ECUADOR 🇪🇨👤📂🔓 [STATUS: EXTREME THREAT] A catastrophic compromise has been detected within the infrastructure of Ecuador's General Directorate of Civil Registry, Identification, and Cedulation (DIGERCIC). Threat actor "GordonFreeman," operating under the collective L4TAMFUCKERS, claims to have completely breached the national system, exfiltrating the identity data of virtually the entire population holding national ID cards. 🏢 Affected Entity: DIGERCIC (Ecuador's Civil Registry). 👤 Threat Actors: GordonFreeman, Izanagi, and YoSoyGroot (L4TAMFUCKERS). 📂 Compromised Assets: SQL database and a massive repository of identification images. 📊 Leak Volume: 14.8 million data records (10.8 GB in SQL). 10.6 million high-definition images of national ID cards (165 GB). 📅 Publication Date: May 4, 2026. 📊 Breach Scope (PII and Facial Biometrics) The magnitude of this attack implies that the attackers possess the capability to reconstruct the legal identity of the majority of Ecuadorian citizens: Alphanumeric Data: Full names, national ID numbers, dates of birth, marital status, digitized fingerprints, and signatures. Visual Evidence: The 10.6 million HD images correspond to facial photographs captured for the issuance of identity documents, thereby enabling biometric impersonation attacks. Infrastructure: The use of SQL dumps suggests deep-level access to the Civil Registry's master tables. 🛡️ Immediate Response Recommendations 🔒 Isolation of Critical Servers: DIGERCIC must declare a state of cybersecurity emergency and audit all data exfiltration points within its internal networks. 🔑 Financial System Alert: Banks and credit unions in Ecuador must enhance their identity verification protocols, exercising caution regarding validations based solely on photos of national ID cards. Monitor: analyzer.vecert.io #CyberSecurity #Ecuador #DIGERCIC #DataBreach #L4TAMFUCKERS #RegistroCivil #Identity #PII #VECERT #InfoSec 🇪🇨🛡️⚠️🚨👤

❗️🚨 Microsoft Edge keeps every saved password in process memory as cleartext from the moment it launches. Microsoft's responsed when reported: "by design." All of them. Including credentials for sites you won't open this session. Researcher @L1v1ng0ffTh3L4N tested every major Chromium browser. Edge is the only one that behaves this way. Chrome decrypts credentials on demand, and App-Bound Encryption locks the keys to an authenticated Chrome process so other processes can't reuse them. In Chrome, plaintext surfaces only during autofill or when a password is viewed, making memory scraping far less useful. What makes this extra weird is that Edge still demands re-authentication before revealing those passwords in its Password Manager UI, while the same browser process already holds every one of them in plaintext. In shared environments, this turns into a credential harvest. On a terminal server, an attacker with admin rights can read the memory of every logged-on user process. In the published PoC video, a compromised admin account lifts stored credentials from two other logged-on (and even disconnected) users with Edge running. Microsoft's official response when notified: "by design." The finding was disclosed April 29 at BigBiteOfTech by PaloAltoNtwks Norway, alongside a small educational tool that lets anyone verify the cleartext storage for themselves.

@Arcotel_ec continúan estos mensajes de broadcast por parte de @ClaroEcua estos ignoran la pantalla de desbloqueo y encienden la pantalla del móvil hasta aceptar o cancelar, puede aceptarse por error con este método @DEFENSORIAEC

@ClaroEcua podrían de dejar de enviar esto que desbloquea una pantalla con pin y deja encendida la pantalla? Si por mala suerte se da aceptar se contrata una huevada que no se quiere @Arcotel_ec qué práctica más deshonesta para meter a gente en planes/paquetes

#AlertaDigitalEC Se alerta de filtración de 17 millones de registros de una base de 4gb al 2026 de @ANT_ECUADOR, vía @rocurun La base contiene datos del propietario como nombre, email y domicilio y del vehículo como número de placa, chasis y pagos de matrícula e impuestos

Bitwarden identified and contained a malicious package briefly distributed through the npm delivery path for the Bitwarden CLI in connection with the broader Checkmarx supply chain incident. No user vault data or production systems were compromised or at-risk. Additional details and updates are available here: community.bitwarden.com/t/bitwarden-st…

Regular ass people should 100% use an anti-virus. Malware plagues the normies. It's like shooting fish in a barrel. Using SOMETHING is better than NOTHING. Dawg, these normies are detonating cat_picture.jpeg.exe. They need all the help they can get No disrespect though