Threat actor "Dripper" is selling a database from Comunidad Feliz on a hacking forum.

https://www.security-chu.com/2026/02/Dripper-actor-malicioso-vende-datos-de-Comunidad-Feliz.html

#Chile #databreach #cyberattack

Ransomware attack on the mining company http://pucobre.cl. In the samples, the attackers expose file samples such as forms, contract annexes, plaintext passwords, job interviews, and identity cards.

No one from the mining company has given a statement about this ransomware incident.

https://www.security-chu.com/2026/02/Empresa-minera-Punta-Cobre-afectado-con-ransomware.html

#Chile #ransomware #cyberattack #cybersecurity #cl #databreach #mining

Ransomware attack in copper mining Chile

https://www.security-chu.com/2026/02/Empresa-minera-Punta-Cobre-afectado-con-ransomware.html

#ransomware #Chile #cybersecurity #ciberseguridad #cyberattack

Ransomware attack in copper mining Chile

https://www.security-chu.com/2026/02/Empresa-minera-Punta-Cobre-afectado-con-ransomware.html

#ransomware #Chile #cybersecurity #ciberseguridad #cyberattack

Walnuts producer affected by Qilin ransomware in Chile

https://www.security-chu.com/2026/01/Valbifruit-productora-nueces-con-ataque-de-ransomware-qilin.html

#Chile #ransomware #qilin #cyberattack

Walnuts producer affected by Qilin ransomware in Chile

https://www.security-chu.com/2026/01/Valbifruit-productora-nueces-con-ataque-de-ransomware-qilin.html

#Chile #ransomware #qilin #cyberattack

Ecu CERT reports 15 ransomware cases in Ecuador in 2025 report.

https://www.security-chu.com/2026/01/informe-de-ecucert-reporta-15-casos-de-ransomware.html

#CERT #cybersecurity #Ecuador #ransomware

Ecu CERT reports 15 ransomware cases in Ecuador in 2025 report.

https://www.security-chu.com/2026/01/informe-de-ecucert-reporta-15-casos-de-ransomware.html

#CERT #cybersecurity #Ecuador #ransomware

🇨🇱 The Urological Diagnostic Institute (IDU) exposed 23GB of patient information on an unsecured server.

🔴15,000 PDF files contained patient exams with their data: patient name, age, national identification number (RUT), referring physician, sex, order number, admission date, review date, sample collection date, agreement, program, observations, and, of course, the exam results (in this case, for example, urinalysis).

🟢This was reported to the institution on November 4th via email. On January 13, 2026, I verified that the server appeared to be closed. I do not know if the institution notified the ANCI (National Agency).

https://www.security-chu.com/2026/01/Instituto-Diagnostico-Urologico-Expuso-informacion-de-pacientes.html

#databreach #misconfigurations #Healthcare #health #chile

@PogoWasRight

RE: https://infosec.exchange/@chum1ng0/115958967328185991

Well done, Chu!

🇨🇱 The Urological Diagnostic Institute (IDU) exposed 23GB of patient information on an unsecured server.

🔴15,000 PDF files contained patient exams with their data: patient name, age, national identification number (RUT), referring physician, sex, order number, admission date, review date, sample collection date, agreement, program, observations, and, of course, the exam results (in this case, for example, urinalysis).

🟢This was reported to the institution on November 4th via email. On January 13, 2026, I verified that the server appeared to be closed. I do not know if the institution notified the ANCI (National Agency).

https://www.security-chu.com/2026/01/Instituto-Diagnostico-Urologico-Expuso-informacion-de-pacientes.html

#databreach #misconfigurations #Healthcare #health #chile

@PogoWasRight

If you are a government entity, would you buy data from cybercriminals?

#Survey #cybersecurity #cybercrime #government #dataprivacy

Chile's National Cybersecurity Agency launches ciberlupa to search for leaks of citizen data.

Personal Opinion:

I find ANCI's Ciberlupa incredibly useful: a Chilean "Have I Been Pwned" tool that helps people find out if their email/RUT (Chilean tax ID) has been leaked, with good privacy (strong authentication, anonymized database). But there's a critical point that can't be ignored: the risk that, in order to keep it updated and "complete," the line might be crossed at some point, and they might start buying dumps on the dark web or black markets (as has happened in other countries with law enforcement). That would be counterproductive: it would finance more data theft and lose all legitimacy. A concrete proposal: ANCI should publicly commit to strict limits—only open/published sources (Telegram, hacker forums that upload for free, CERT collaborations, reports from victims/companies). No purchases, not even for "specific investigations," in this citizen-led tool.

https://www.security-chu.com/2026/01/ciberlupa-buscador-filtraciones-de-datos-de-ciudadanos.html

#privacy #hacking #dataprotection #Chile

@PogoWasRight @campuscodi @amvinfe @zackwhittaker @jgreig @lawrenceabrams

@PogoWasRight @campuscodi @amvinfe @zackwhittaker @jgreig @lawrenceabrams

I prefer the second option that your notification to ANCI mentions, and that they are trying to protect the information, without the data of that company being subsequently uploaded to the database of their tool.

If you are a government entity, would you buy data from cybercriminals?

#Survey #cybersecurity #cybercrime #government #dataprivacy

Chile's National Cybersecurity Agency launches ciberlupa to search for leaks of citizen data.

Personal Opinion:

I find ANCI's Ciberlupa incredibly useful: a Chilean "Have I Been Pwned" tool that helps people find out if their email/RUT (Chilean tax ID) has been leaked, with good privacy (strong authentication, anonymized database). But there's a critical point that can't be ignored: the risk that, in order to keep it updated and "complete," the line might be crossed at some point, and they might start buying dumps on the dark web or black markets (as has happened in other countries with law enforcement). That would be counterproductive: it would finance more data theft and lose all legitimacy. A concrete proposal: ANCI should publicly commit to strict limits—only open/published sources (Telegram, hacker forums that upload for free, CERT collaborations, reports from victims/companies). No purchases, not even for "specific investigations," in this citizen-led tool.

https://www.security-chu.com/2026/01/ciberlupa-buscador-filtraciones-de-datos-de-ciudadanos.html

#privacy #hacking #dataprotection #Chile

@PogoWasRight @campuscodi @amvinfe @zackwhittaker @jgreig @lawrenceabrams

🇧🇩 Today I'm going to talk about Bondstein Technologies Limited, a company based in Dhaka, Bangladesh. One of their servers was found to be completely open and unprotected.

Bondstein Technologies Limited is a Dhaka-based technology company specializing in Internet of Things (IoT) solutions and frontier technologies. Founded in 2014, it has established itself as a leading player in Bangladesh for vehicle tracking, industrial automation, and smart connectivity.

What data was exposed?

On December 26, 2025, I discovered that the server was exposing a 22 GB SQL backup file. According to the file timestamps and metadata, this backup appears to have been publicly accessible since at least July 2025.Among the files in the backup was users.sql, which contained the following sensitive fields:

username, customer_name, First_name, Last_name, Phone_number, Additional_contact-number, email, password.

*I was able to confirm that some of the employee names were real.

Additional findings:

The exposed server's IP resolved to a properly certified HTTPS server using a subdomain under .bondstein.net. The same IP also hosted a login portal (which I did not attempt to access).With this information, we were able to accurately identify the owner and submit a responsible disclosure.

Notification:

All of this was detailed in the email I sent to several Bondstein employees on December 26, 2025. When I checked again on January 5, 2026, the exposure had been fully closed. I followed up via email to inquire about any possible reward. On January 6, they replied with the following message:

Hi Chum1ng0,

Thank you for your responsible and detailed disclosure regarding the open directory issue on our server. We sincerely appreciate you taking the time and effort to notify us of this vulnerability, which allowed us to address it quickly. Your commitment to ethical research is truly valued. We want to confirm that the issue has been fixed and access has been restricted. We would also like to clarify that the server you identified is a staging server kept for internal purposes, and not a production environment. Regarding your request for a reward, we currently do not have an official bug bounty program in place. However, we are grateful for your help in securing our infrastructure.

We appreciate your patience and look forward to potentially collaborating in the future should we establish a formal program.

Sincerely
Bondstein

-NOT REWARD-

#VDP #responsibleDisclosure #misconfigurations #Bangladesh #cybersecurity #bondstein

The real risk of the exposure (users with passwords, phone numbers and emails left in an open backup for months) @PogoWasRight

🇧🇩 Today I'm going to talk about Bondstein Technologies Limited, a company based in Dhaka, Bangladesh. One of their servers was found to be completely open and unprotected.

Bondstein Technologies Limited is a Dhaka-based technology company specializing in Internet of Things (IoT) solutions and frontier technologies. Founded in 2014, it has established itself as a leading player in Bangladesh for vehicle tracking, industrial automation, and smart connectivity.

What data was exposed?

On December 26, 2025, I discovered that the server was exposing a 22 GB SQL backup file. According to the file timestamps and metadata, this backup appears to have been publicly accessible since at least July 2025.Among the files in the backup was users.sql, which contained the following sensitive fields:

username, customer_name, First_name, Last_name, Phone_number, Additional_contact-number, email, password.

*I was able to confirm that some of the employee names were real.

Additional findings:

The exposed server's IP resolved to a properly certified HTTPS server using a subdomain under .bondstein.net. The same IP also hosted a login portal (which I did not attempt to access).With this information, we were able to accurately identify the owner and submit a responsible disclosure.

Notification:

All of this was detailed in the email I sent to several Bondstein employees on December 26, 2025. When I checked again on January 5, 2026, the exposure had been fully closed. I followed up via email to inquire about any possible reward. On January 6, they replied with the following message:

Hi Chum1ng0,

Thank you for your responsible and detailed disclosure regarding the open directory issue on our server. We sincerely appreciate you taking the time and effort to notify us of this vulnerability, which allowed us to address it quickly. Your commitment to ethical research is truly valued. We want to confirm that the issue has been fixed and access has been restricted. We would also like to clarify that the server you identified is a staging server kept for internal purposes, and not a production environment. Regarding your request for a reward, we currently do not have an official bug bounty program in place. However, we are grateful for your help in securing our infrastructure.

We appreciate your patience and look forward to potentially collaborating in the future should we establish a formal program.

Sincerely
Bondstein

-NOT REWARD-

#VDP #responsibleDisclosure #misconfigurations #Bangladesh #cybersecurity #bondstein

Chile's cybersecurity agency's annual report 400 incidents, 18 of which are ransomware attacks.

https://www.security-chu.com/2026/01/Balance-anual-2025-Agencia-nacional-ciberseguridad-Chile.html

PD: Our blog has been an important source of information in this area regarding ransomware attacks that operate without any resources.

#report #Chile #cybersecurity #ransomware #government