Comorando

28 organismos. Un solo grupo. Un solo día. Si el Banco Central, la Justicia y las fuerzas policiales no pudieron proteger sus datos, ¿qué pasa con las PyMEs que ni siquiera monitorean sus emails corporativos? Nadie está a salvo si no sabe qué datos ya están expuestos.

🏥 Salud y educación comprometidas: → Ministerios de Salud de Buenos Aires, Misiones y Neuquén → OSEP Mendoza e IOMA Buenos Aires → Educación de Chubut, Jujuy y Catamarca → 200.000 registros educativos filtrados Datos de pacientes, alumnos y docentes expuestos.

🚨 28 organismos del Estado argentino hackeados simultáneamente. Banco Central, Ministerios, Policías, Salud, Educación, Justicia. El grupo CHRONUSTEAM se adjudicó el ataque más grande en la historia digital de Argentina. 🧵 Qué se sabe hasta ahora ↓ #Argentina

The pattern is always the same: → Hack one trusted tool → Steal credentials → Use those to hack the next tool → Repeat March 2026 proved that your security tools can become your biggest vulnerability. What are you doing about it?

March 27: They compromised Telnyx, downloaded 3.75 million times. In 10 days: GitHub, Docker Hub, npm, OpenVSX, PyPI. The FBI warned: "Expect more breach disclosures in the coming weeks."

One hacking group compromised 5 ecosystems in 10 days. They didn't hack companies directly. They hacked the security tools companies trust. The FBI warned: more breaches are coming. 🧵 What happened ↓ #TeamPCP

Los ataques a la cadena de suministro se están convirtiendo en el vector principal. El próximo no atacará a Trivy—atacará a la herramienta que usas todos los días. Mantente alerta. #Ciberseguridad #SupplyChain

Qué revisar ahora mismo: → Logs de CI buscando 'tpcp.tar.gz' → Tráfico saliente hacia 'checkmarx[.]zone' → Tokens npm creados en esa ventana Rótalos. No asumas que estás seguro porque no eres Microsoft. Los ataques a la cadena de suministro no discriminan.

Un token robado. 474+ repositorios infectados. 1,705 paquetes comprometidos. Y nadie lo notó por 5 días. Este es el ataque TeamPCP que cambió las reglas de la cadena de suministro. Hilo 🧵👇

@DarkWebInformer Important flag. If confirmed, this is serious—CURP + full address + phone is identity theft ready. Curious—has Regio Ruta or INAI (Mexico's data protection authority) commented on this?

‼️🇲🇽 A dataset allegedly from Regio Ruta, a public transit platform in Monterrey, Nuevo León, Mexico, has been leaked on a popular cybercrime forum. ▪️ Records: 117,570 ▪️ Data Fields: RUC, ID, full name, CURP, date of birth, phone, email, full address, city, postal code, status ▪️ Format: .csv

@DarkWebInformer Great share. 211K phone numbers + names is perfect for smishing—attackers can text 'Your loyalty points expire' and people will click. Curious—has Les Burgers de Papa issued any official statement yet

‼️🇫🇷 A dataset allegedly from lesburgersdepapa.fr, a French burger restaurant chain, has been leaked on a popular cybercrime forum. ▪️ Lines: 242,705 ▪️ Unique Emails: 132,246 ▪️ Phone Numbers: 211,481

@VECERTRadar Important alert. Without the association's name, it's hard to verify—but the real risk is supply chain exposure for 1,000+ member companies. Curious—anyone seen confirmation of which association this is?

Critical Access - Business Association in Spain 🇪🇸🏢 Analyzer has detected an infrastructure compromise offer targeting a Spanish business association that represents over 1,000 companies in the same sector. The actor laguna_b has offered for sale full control over the web application and the members' database. Victim: Business Association (Spain) 🏛️ Threat Actor: laguna_b 🎭 Geolocation: Spain (ES) 🇪🇸 Date: March 30, 2026 🗓️ 🛠️ Technical Compromise Details The actor is offering a level of access that compromises the supply chain and the trust of the association's members: Webroot Access: Control at the root directory level of the web server (not the entire system), with read and write permissions to edit PHP files. Administrative Privileges: Includes the email administrator password and full access to the MySQL database. Data Exfiltration: The attacker claims to have already dumped the database member table. Monitor: analyzer.vecert.io #CyberSecurity #Spain #SupplyChainAttack #DataBreach #MySQL #WebShell #BusinessAssociation #InfoSec #CyberAlert #HackingNews #PrivacyRisk #CybersecuritySpain