SistemFail

Sacaron a Nicolas Maduro del pais! 🚨 Extraccion en proceso Caos dentro de las fuerzas armadas

🚨 NATIONAL SECURITY ALERT: LEAK OF GOVERNMENT AND INTELLIGENCE CREDENTIALS (TURKEY) 🇹🇷 A highly sensitive breach has been detected affecting Turkey's National Intelligence Organization (MIT) and the unified citizen portal e-Devlet. Technical analysis of the sample confirms that the exfiltrated data originated from Infostealer logs, implying that the credentials were captured directly from infected user devices. 👤 Threat Actor: IamNotaFBIWorker 🛠️ Origin Vector: Infection by Infostealer-type malware (e.g., RedLine, Lumma, Vidar), designed to extract passwords saved in browsers, session cookies, and form autofill data. Probably automated "log" mechanisms via Telegram bots or a consultant 📑 Systems: 📊 Nature of the Data: Combinations of National IDs + Passwords in plain text, extracted at the exact moment legitimate users logged in. 🔍 Monitor: analyzer.vecert.io #CyberSecurity #Turkey #Infostealer #MIT #EDevlet #DataBreach #ThreatIntelligence #Ciberseguridad #NationalSecurity #CyberCrime

🚨 NATIONAL SECURITY ALERT: MASSIVE BREACH IN GUN CONTROL (DIGECAM GUATEMALA) 🇬🇹 A critical intrusion has been detected in the systems of the General Directorate of Arms and Ammunition Control (DIGECAM), an agency under the Guatemalan Ministry of Defense. The attack resulted in the hijacking of user accounts and the exfiltration of the national database of legal firearms. 👤 Threat Actors: GordonFreeman 📊 Exfiltration Volume: 30 GB of ownership certificates in PDF format. 66,000 firearm ownership records. 55,000 legal carry permits. 🔑 Account Compromise: The attackers claim to have changed the passwords of all 22,500 system users. 📑 Data Exposed (Fields): Person ID, gun ownership number, type of weapon, make, model, caliber, barrel length, serial number, file description, and status. 🛠️ TECHNICAL AND GOVERNMENTAL ADVICE: Disaster Recovery: DIGECAM should initiate a mass, in-person, physical reset of credentials for its internal users. Black Market Monitoring: Monitoring the sale of the exfiltrated PDFs to determine if the attack vector was a vulnerability in its web portal (SQLi or Broken Access Control). Monitor: analyzer.vecert.io #CyberSecurity #Guatemala #DIGECAM #DataBreach #NationalSecurity #GunControl #InfoSec #Cybersecurity #Hacking #Mindef

🚨 ALERT MALWARE: EMERGENCE OF "XIRA RAT" WITH AI AND hVNC CAPABILITIES 🚨 A new variant of Remote Access Trojan (RAT) malware, called XIRA RAT, has been detected. This malware stands out for integrating advanced AI-based behavioral analysis and hidden control tools (hVNC), positioning itself as a hybrid threat between a Stealer and a deep-persistence RAT. 👤 Threat Actor: AnubisGod. 🛠️ Critical Features: Multi-Channel Recovery: Extracts data from over 70 browsers, Telegram, Discord, and more than 15 cryptocurrency wallets. hVNC (Hidden VNC): Allows the attacker to invisibly control the victim's desktop without the user noticing any activity on their screen. Behavioral AI: Includes a "Routine Tracker" that uses logic to analyze when the user is active and which applications they use most. Sensitive Monitoring: Features a "Nudes Finder" designed to automatically scan and filter private images and videos. Resource Exploitation: Integrates a silent cryptocurrency miner that adjusts its CPU/GPU usage to avoid detection. Functional Unknown Disturbance (FUD): Uses a polymorphic stub to evade traditional antivirus signatures. 🔥 RISK ANALYSIS: XIRA RAT poses a high risk to privacy and financial assets. By compromising AI applications (such as Cursor or Trae) and development platforms, it seeks to exfiltrate source code and infrastructure secrets. Its ability to act as a reverse proxy allows attackers to use the victim's connection to launch other attacks anonymously. 🔍 Monitor: analyzer.vecert.io #CyberSecurity #XiraRAT #Infostealer #hVNC #MalwareAlert #Cybersecurity #ThreatIntelligence #VECERT #InfoSec #Hacking #RemoteAccess

🚨 INCIDENT ALERT: EXFILTRATION OF SENSITIVE DATA (RETIREMENT FUND SYSTEM - MEXICO) 🚨 A security incident affecting the privacy of thousands of Mexican citizens has been identified. A detailed database in .xlsx format containing asset and personal information linked to the retirement savings system (AFORE) has been exposed. 👤 Identified Actor: MagoSpeak 🌍 Location: Mexico 🇲🇽 📊 Exposure Volume: 88,483 records of individuals 📑 Compromised Fields: Identity Data: Full name, CURP (Unique Population Registry Code), and NSS (Social Security Number). Asset Information: Balance of the RCV (Retirement, Unemployment, and Old Age) sub-account and assigned administrator (e.g., SURA). Contact Information: Home address, postal code, and personal email address. Employment Details: Name of employer, business activity, Employer Registration Number (NRP), and employment status. 🔥 RISK ANALYSIS: This incident represents a critical risk of Targeted Social Engineering. By exposing specific balances and employer data, attackers can carry out vishing attacks (telephone fraud) with a high level of credibility. Furthermore, the leak of the CURP + NSS combination facilitates identity theft for unauthorized transactions on government and financial portals. 🔍 Monitor: analyzer.vecert.io #CyberSecurity #Incident #Mexico #Afore #DataLeak #InfoSec #Cybersecurity #Privacy #SecurityAlert

🚨 CYBERSECURITY ALERT: FINANCIAL PLATFORM BREAK (365.LOANS) 🇺🇸🇨🇦 A massive database belonging to 365.loans, a digital lending service operating primarily in the United States and Canada, has been detected being offered for sale. The threat actor claims to possess millions of records that expose both the technical infrastructure and the personal information of applicants. 👤 Threat Actor: xtc 📊 Data Volume: More than 6 million total records (including 26,000 unique email addresses). 📑 Compromised Information: User Data: Email addresses, unique identifiers (UIDs), subscription statuses, and activity logs. Technical Data: IP addresses, User Agents (device/browser details), and API keys. Marketing Metrics: Email sending logs, open rates, clicks on affiliate offers, and conversions. 🔥 IMPACT ANALYSIS: The severity of this breach lies in the combination of financial and technical data: Phishing Attacks: The exposure of names and emails linked to "Personal Loan Dashboards" allows for highly targeted and credible phishing campaigns. API Exploitation: The theft of API keys could allow attackers to interact with the platform's services, access more data, or perform unauthorized actions on behalf of the company. User Tracking: The filtering of IPs and User Agents facilitates the profiling of victims for social engineering attacks or attempts to intrude on their personal networks. 🔍 Monitor: analyzer.vecert.io #CyberSecurity #DataBreach #365Loans #FinancialSecurity #APIKeys #InfoSec #VECERT #Cybersecurity #USA #Canada #Hacking #PrivacyLeak

Andrea Blanco, pareja de “Chino” Fay Chen, fue detenida la noche del miércoles 9 de abril por una comisión del CICPC y llevada a la sede de la Plaza de Toros de Valencia. Según una fuente policial, existían denuncias en su contra por presunto enriquecimiento ilícito, debido a propiedades y recursos que ella misma atribuía en redes sociales a sus “conexiones”, incluyendo vínculos con figuras del chavismo como el exdiputado Samuel Cohen. Tras aproximadamente cuatro horas de interrogatorio, Blanco fue liberada, pero previamente recibió una advertencia de las autoridades: debía bajar su exposición pública y dejar de mostrar en redes una vida de lujo, ya que esto podría comprometer a personas influyentes.

🚨 CYBERSECURITY ALERT: MASSIVE DATA EXFILTRATION - ARGENTINA 🚨 The threat actor identified as injectioninferno3 has posted a message on specialized Telegram channels offering a massive volume of critical data from multiple sectors in Argentina. 👤 Threat Actor: injectioninferno 📊 Volume: 323 GB of compressed data 📂 Formats: TXT, CSV, JSON, SQL, Excel, and PDF 🇦🇷 Sectors Affected: * Education and Institutions: Student data and official documents Finance and Insurance: Banks, insurance companies, and casinos Telecommunications: Cell phone lists and email addresses Corporate: Private companies, travel agencies, and sales leads 🔍 Monitor: analyzer.vecert.io #CyberSecurity #DataLeak #Argentina #Telegram #ThreatIntelligence #InfoSec #DataBreach #Cybersecurity #Privacy #Hacking

🚨 CYBERSECURITY ALERT: MASSIVE ATTACK ON THE EDUCATION SECTOR IN MEXICO 🚨 A series of security incidents have been detected simultaneously affecting multiple technology institutions in Mexico. The threat actor has released leaks that compromise the data infrastructure of these educational institutions. 👤 Threat Actor: MagoSpeak 📅 Date: April 8, 2026 🇲🇽 Victim Country: Mexico 🎓 Affected Institutions: Instituto Tecnológico Superior de Purépecha Instituto Tecnológico del Valle de Etla Instituto Tecnológico del Valle de Oaxaca Instituto Tecnológico del Sur de Guanajuato 🔥 ESTIMATED IMPACT: This coordinated attack against the education sector puts sensitive data of students and academic staff at risk. The leakage of institutional information can lead to targeted phishing campaigns, identity theft, and compromise of internal administrative systems. 🔍 Monitor: analyzer.vecert.io #CyberSecurity #Mexico #DataBreach #MagoSpeak #InfoSec #Cyberattack #Education #ThreatIntelligence #Hacking #SafeEdu

🛡 VECERT Attacker Anatomy: The JINKUSU Ecosystem (CaaS) In this intelligence report from VECERT Laboratory, we break down the anatomy of JINKUSU, a threat actor that has evolved from a niche developer to a Cybercrime-as-a-Service (CaaS) operator with global impact. Through our research, we reveal how JINKUSU has industrialized identity fraud through a "Triple Impact" infrastructure: Digital Compromise, Physical Impersonation, and Money Laundering Automation. #Cybersecurity #OSINT #Jinkusu #Fintech #KYC #Deepfake #ThreatIntelligence #VECERT

🚨 #Alert: Critical Threat to Telecommunications Infrastructure - Venezuela 🇻🇪📡 A high-level security compromise affecting Fibex Telecom has been detected. Threat Actor x00x01x01 has published proof of administrative access to network management systems (GPON/OLT). 🏢 Affected Entity: Fibex Telecom (ISP, Venezuela). ⚙️ Compromised System: SmartOLT Panel (Optical Line Terminal Management). 👥 Potential Scope: ~390,000 online customers detected within the panel. 🛰️ Exposed Nodes: Pastora, La Victoria, Tipuro, San Juan de los Morros, Los Samanes (Huawei/ZTE). ⚠️ Status: The attacker is threatening a massive service outage ("Do I turn everything off?"). 🔥 DETECTED IMPACT: 🚫 Service Interruption: The capability to remotely disconnect hundreds of thousands of users. 🔓 Privileged Access: Control over ONU authorization, diagnostics, and network configuration. 📡 National Security: The actor mentions traffic interception (DPI) via Cantv infrastructure. 📉 Operational Risk: Exposure of power status, signal faults, and geolocation data for critical nodes. #CyberSecurity #Fibex #Venezuela #ThreatIntel #Telecom #Infosec #SmartOLT

President Trump jokes about running for president in Venezuela after his term ends in the United States: "I'm polling higher than anybody has ever polled in Venezuela." "After I'm finished with this, I can go to Venezuela. I will quickly learn Spanish. It won't take too long... I'm going to run for president."

@RoiLopezRivas 😅

🇻🇪 ¡Delcy Rodríguez, la Presidenta Encargada, arrasa con el 60%! Según los datos más recientes de la plataforma Polymarket, Delcy Rodríguez concentra el 60% de las probabilidades, muy por encima de todas las figuras. El Presidente Constitucional Nicolás Maduro y María Corina Machado quedan en segundo lugar, con ligera ventaja para el presidente Maduro.

🕵️‍♂️ INTELLIGENCE REPORT: THE "JINKUSU" ECOSYSTEM The threat actor JINKUSU has evolved from being a niche software developer into a Cybercrime-as-a-Service (CaaS) operator with an interconnected global infrastructure. Its business model is based on the sale of Biometric Identity Fraud tools, real-time video injection for KYC (Know Your Customer) evasion, and automated financial asset theft systems. Technical Arsenal: 🔹 StarKiller: C2 framework for total network control. 🔹 NFCripper: Tool for physical card cloning. 🔹 EvilNote: Silent malware deployment. 2. ATTACKER METHODOLOGY (TTPs) JINKUSU operates under a "Triple Impact" methodology: Digital Compromise, Physical Impersonation, and Scam Automation. A. Elite Identity Impersonation (Deepfakes) The primary tool (JINKUSU CAM) utilizes convolutional neural networks to perform real-time face swapping. Driver-Level Injection: Unlike standard software, JINKUSU integrates with Android emulators and virtual camera drivers (OBS-based), allowing banking and social media applications to perceive the AI-generated video as a "physical camera input." Voice Synchronization: It implements an audio processing chain that alters the operator's pitch and frequency to match the impersonated identity. B. Post-Exploitation and Control (StarKiller & EvilNote) Once the actor gains initial access, they utilize proprietary tools to establish persistence: StarKiller (Definitive Edition): A Command and Control (C2) framework designed to manage compromised networks. EvilNote: Used for the deployment of malicious payloads concealed within seemingly harmless notes or configuration files. Through graph analysis, VECERT Laboratory has mapped 63 critical connections revealing a network of technical redundancy: Domain Rotation: The threat actor utilizes various domain extensions to evade blacklists: .systems and .systems: For "official" commercial portals. .su (Soviet Union) and .tokyo: For attack tools and C2 panels. .vip, .top, .xyz: For redirects. Legal Shielding: Domains are registered through services offering strict privacy in Iceland, as well as providers such as NameCheap and NameSilo. License Management: The actor employs a TOTP (Time-based One-Time Password) locking system for their clients, ensuring that only authorized buyers can execute the malware—effectively acting as a criminal DRM system. POSSIBLE ORIGIN OF THE ATTACKER OR SIMULATED IDENTITY Within the meta tags of one of their portals, we detected language indicators—specifically the phrase "JINKUSU 邪悪 - Dark Crypto Marketplace"—suggesting that the threat actor behind these portals is likely of Japanese origin. An analysis of this content implies that the actor operates an illicit marketplace with the potential to expand into the broader financial sector, in addition to engaging in cybercrimes related to the cryptocurrency space. Behavior: The "Jinkusu QR" infrastructure includes extensive support for Asian payment gateways, suggesting a deep understanding of the region's financial logistics. We have detected additional details, which we are reserving for our internal documentation. #DataLeak #MalwareAlert #Ransomware #DarkWeb #BreakingNews #CyberAttack

🚨 CRYPTO SECURITY ALERT: THE END OF FACIAL VERIFICATION (KYC) 🚨 🌐 The launch of JINKUSU CAM—a cybercriminal tool—has been detected. It is a powerful AI suite designed specifically to BREACH the security protocols of the world's largest exchanges (Binance, Coinbase, Kraken, OKX). 👤 Developer/Threat Actor: jinkusu. 🛠️ Tool Type: Real-time media manipulation software (Live Deepfake). 🎯 Objective: To bypass KYC (Know Your Customer) protocols on financial platforms, cryptocurrency exchanges, and mobile banking applications. 📦 TECHNICAL FEATURES (ATTACK VECTORS): The software utilizes cutting-edge AI technologies to deceive verification systems: 🎭 Real-time Face Swap: GPU-accelerated face replacement (CUDA/DirectML) using InsightFace for fluid gesture transfer. 🗣️ Voice Changer: Real-time voice modulation with pitch adjustments and preset profiles (Anonymous, Radio, Robot) to evade voice biometrics. 🎥 Virtual Camera: Output compatible with OBS Virtual Camera, allowing the manipulated video feed to be injected into Zoom, Teams, Chrome, and verification apps. 📱 Emulator Support: Designed to function within Android emulators, enabling attacks against mobile applications that require "live" selfies. ✨ AI Enhancement: Utilizes GFPGAN and 478-point facial meshes (MediaPipe) to ensure the fabricated face mimics human expressions with extreme precision. ⚠️ ASSOCIATED RISKS (CRITICAL): 🏦 Mass Banking Fraud: Enables criminals to use stolen photos (such as those from previous data leaks in France or Mexico) to create a "living" persona that speaks and moves convincingly before a bank's camera. 🎭 Synthetic Identity Theft: Facilitates the creation of highly convincing fake identities for money laundering activities and romance scams (pig butchering). 🔓 KYC Compromise: Bypasses the "Liveness Detection" checks that many applications consider secure. #Cybersecurity #Deepfake #KYC #Bypass #JinkusuCam #AI #IdentityTheft #Fintech #InfoSec #CyberAlert

🚨 GEOPOLITICAL ALERT: Cyberattack on the United Arab Emirates Space Agency 🇦🇪🚀 A critical intrusion has been detected within the digital infrastructure of the United Arab Emirates Space Agency (UAESA). A hacker group identified as "Mobir" has claimed responsibility for the attack, successfully disrupting services and gaining access to internal monitoring systems. 📊 Incident Details (04-04-2026) 🏛️ Affected Entity: United Arab Emirates Space Agency (space.gov.ae). 🎭 Threat Actor: Mobir hacker group. 📊 Technical Details of the Extended Compromise Based on an analysis of newly obtained screenshots, the following compromised assets have been identified: 1. Cloud Infrastructure Control (VMware Cloud Director) The attackers have obtained administrator-level access to the VMware Cloud Director console, which is managed via the government network, fednet.gov.ae. This grants them control over: Database Servers: Direct access to the agency's data containers. Exchange Servers: Potential control over institutional email communications. Kubernetes Nodes: Compromise of the agency's modern applications and microservices. Disaster Recovery Sites (DR-Sites): The capability to disable backup and redundancy systems. 2. Real-Time Video Surveillance Access (CCTV) The compromise of the security camera network has been confirmed via a HIKVISION dashboard: Physical Monitoring: The attackers are viewing—in real time—at least 16 simultaneous channels covering hallways, entrances, offices, and break areas. PTZ Control: The interface displays controls for camera movement and zooming (Pan-Tilt-Zoom), enabling active tracking of personnel. ⚖️ Declared Motivation: The group claims the attack is an act of retaliation for the "UAE's collaboration with Israel and the United States" in the fields of security and defense. #Cybersecurity #UAESpaceAgency #Mobir #Cyberattack #UAE #InfoSec #CyberAlert #DamaszkuzAdmin

🚨 ALERT: Financial Infrastructure Compromise in the U.S. 🇺🇸💸 Analyzer has detected a critical post on the dark web and high-tier forums in which threat actor "miyako" exposes the compromise of a Major Money Transfer Corporation based in the United States. 🏛️ Affected Entity: USA Major Money Transfer Corp (Financial/Fintech Sector). 🔹 Full administrative access (Shell Access). 🔹 Compromise of critical VPN nodes used for transfers. 🔹 Massive risk of capital flow and financial PII interception. 🎭 Threat Actor: miyako. 📂 Compromised Assets: Firewall & VPN: Device-level access. Permissions: Root / Superuser Access (Shell). Infrastructure: FreeBSD/Unix operating systems detected in the backend. 🗓️ Publication Date: April 4, 2026. 🔍 Post Analysis (Technical Intelligence) Kernel-level Access: The use of "Root Shell" access indicates that the attacker has bypassed firewall defenses and possesses the capability to intercept encrypted VPN traffic. Monitor: analyzer.vecert.io #Cybersecurity #FintechHacked #DataBreach #USA #MoneyTransfer #Miyako #InfoSec #CyberAlert

INTELLIGENCE ALERT: CRITICAL DATA LEAK - PARAGUAY CIVIL REGISTRY The sale of a massive database belonging to Paraguay's Civil Registry (REC) has been detected. The threat actor, identified as "GordonFreeman," has put up for sale sensitive information encompassing approximately 70% of the national population. Technical investigation by VECERT links this actor to multiple previous breaches within Paraguayan territory and has successfully mapped their connection infrastructure, detecting a possible actual geographic origin following a failure in their operational security (OPSEC). History in Paraguay: In addition to the REC leak, links have been identified connecting the actor to other previous breaches in the country, including: Data exfiltration from the Office of the Comptroller General of the Republic of Paraguay. Sale of scanned files from the National Directorate of Civil Aeronautics (DINAC). Leaks related to the Paraguayan Army and the Judiciary. Attribution and OPSEC Failure: Following an in-depth trace of usernames and behavioral patterns on Dark Web forums (BreachForums and similar sites), our intelligence team identified the following: Masking: The suspected actor habitually used VPN and proxy services with exit nodes in Germany to conceal their actual location. Identification of Authentic IP: Due to an oversight in the configuration of their connection tunnel during one of their recent sessions, a direct connection was detected originating from an IP address in Peru. Classification: This IP address has been classified as "authentic" (Non-Proxy/Non-VPN), suggesting that the actor—or at least a portion of their attack infrastructure—operates from the Andean region. Note: This remains a possibility; it has not been definitively verified that the actor is the same individual. However, it appears that the username was registered at least twice. It is believed that the original actor may actually be a different individual known as "Gatito_FBI_Nz," who had temporarily ceased their activities but utilizes other aliases for leaks within Latin America. Likewise, these actors form alliances with other groups of Latino actors who seek to commercialize data through illegal means. Analyst: Team VECERT #CyberThreatIntelligence #DataLeak #CyberSecurity #OSINT #VECERT #InfoSec #PII #ThreatActor #Paraguay #Ciberseguridad

🚨 ALERT: Threat Actor Sells Mass Exploitation Tools on Telegram 🌐🔓 Analyzer has detected critical activity from the threat actor CodeB0ss, who is distributing and selling advanced exploits (priv) designed to compromise systems in an automated and large-scale manner. The actor specializes in tools that automate the reconnaissance and exploitation of recent vulnerabilities (CVEs from 2025 and 2026). 📊 Tool and Exploit Details (As of 04-04-2026) 🛠️ Featured Tools: WebshellExecutor v2.0.0.0: Advanced software for rapidly scanning for and injecting backdoors. SSHS Bulk Scanner: Advanced tool for the mass scanning of SSH servers, identifying versions and owning organizations. CPanel Auto Email Exploit: Mass attack tool designed to extract email addresses from CPanel servers. 📂 Exploited Vulnerabilities (Advanced PoCs): CVE-2026-27944 (Nginx UI): An exploit capable of evading WAFs, downloading exposed backups, and extracting database credentials and tokens. CVE-2026-2413 (WordPress): Targets plugins with over 400,000 active installations. CVE-2026-4167 (Belkin Routers) and CVE-2025-8949 (D-Link). ⚠️ Detected Arsenal: 🔹 WebshellExecutor v2.0: Ultra-fast backdoor injection. 🔹 CVE-2026-27944: Nginx exploit that evades WAFs and extracts DB credentials. 🔹 CPanel Mass Att4ck: Automated email exfiltration. Extensive use of Shodan/Fofa to profile over 400,000 targets. 🛡️💻 Monitor: analyzer.vecert.io #Cybersecurity #Exploit #Infosec #CyberAlert #Hacking #Nginx #Wordpress

🚨 ALERT: NXBBSEC Offensive Against Thai Government Portals 🇹🇭🔓 Analyzer has detected a series of successful intrusions executed by the threat actor NXBBSEC (associated with tags such as #AnonSecKH and #OpThailand). The attacker has successfully breached critical asset management systems and state databases. 📊 Incident Details (04-04-2026) 🎭 Threat Actor: NXBBSEC (@NXBBSECHACKER). 🏛️ Affected Entities: Department of Fisheries (DOF): Official Asset Management System (asset.fisheries.go.th). Treasury Department: Official Portal (treasury.go.th). 🛠️ Nature of Attack: Unauthorized access and potential exfiltration of inventory records and administrative data. #Cybersecurity #ThailandHacked #NXBBSEC #DataBreach #InfoSec #CyberAlert #Hacking

@Jesusalamonoria @Eduardo_Bittar @marcorubio MAMALO

Este es el hombre que debemos apoyar para quebrar al bipartidismo socialista Mud-Psuv @Eduardo_Bittar @marcorubio