Monitor de actividad
Ransomware en México
Seguimiento de la actividad de ransomware observada en organizaciones mexicanas. Grupos más activos, sectores afectados y víctimas recientes.
- Ciudad de México16
- Nuevo León7
- Chihuahua4
- Jalisco4
- Baja California3
- México1
- Michoacán1
- Quintana Roo1
- Sinaloa1
- Sonora1
- Veracruz1
- Yucatán1
Sin estado determinado: 216
- PLAY Ransomware Allegedly Claims U.S. Firm J&J Gaming28 de junio de 2026
A U.S. amusement, arcade & attractions company added to the PLAY ransomware data-leak site.
- Canadian Clinic WELL Health Kensington Medical Centres Allegedly Breached, 307,000 Patient Records Held to Ransom28 de junio de 2026
A threat actor using the alias Kazu is extorting WELL Health Kensington Medical Centres (kmc.cortico.ca), a community medical clinic in Canada that provides family medicine, same-day appointments, virtual care, and specialist referrals to patients of all ages, operating as part of WELL Health Technologies on the Cortico platform.
- US Electronics Wholesaler Flawireless Allegedly Breached, Customer and Order Database Leaked28 de junio de 2026
A threat actor using the alias 0xSec has posted what they describe as the database of Flawireless, a US-based wholesaler of mobile phone accessories and refurbished electronics that also trades as Techy Extra.
- Alleged GOV.CO Colombia Leak Claims 4.3 Million Records, but the Posted Sample Is German Taxpayer Data26 de junio de 2026
A threat actor using the alias NormalLeVrai has posted a “comeback” teaser headlined as a leak of GOV.CO, the official digital platform of the Colombian government, claiming 4,300,002 records.
- Leroy Merlin Spain Customer Database of Nearly 55,000 Records Allegedly Leaked25 de junio de 2026
A threat actor using the alias Saturne has posted what they describe as the customer database of leroymerlin.es, the official Spanish e-commerce site of Leroy Merlin, a major home-improvement and DIY retail chain.
- Alleged Full Texas Parks and Wildlife Database Offered for Sale After Confirmed Breach of 3.1 Million Records25 de junio de 2026
.dwi-root *, .dwi-root *::before, .dwi-root *::after { box-sizing: border-box; } .dwi-root { --bg: #0a0e16; --bg-2: #0d131f; --ink: #e8eef7; --ink-soft: #9fb0c7; --ink-dim: #5d6b82; --cyan: #34e0ff; --cyan-deep: #0bb6da; --amber: #ffb020; --red: #ff4d5e; --line: rgba(120, 160, 210, .14); --line-2: rgba(120, 160, 210, .26); --card:
- Around 347,000 Ecuadorian Citizens' Facial and Biometric Records Allegedly Offered for Sale25 de junio de 2026
A threat actor using the alias Albertcamus is advertising what they describe as a database of facial images and identity records for 347,178 Ecuadorian citizens.
- Squidbleed: A 29-Year-Old Heap Over-Read Leaks Cleartext HTTP in Squid (CVE-2026-47729)24 de junio de 2026
CVE-2026-47729, nicknamed Squidbleed, is a heap buffer over-read in the FTP gateway of the Squid web proxy.
- Illicit Access to France's Vehicle Registration System SIV Allegedly Offered For Sale23 de junio de 2026
A threat actor using the alias shabat is advertising the sale of unauthorized access to France's SIV (Système d'Immatriculation des Véhicules), the country's official national vehicle-registration system.
- Around 30,700 Records Allegedly Leaked From France's Hospital Federation FHF23 de junio de 2026
A threat actor using the alias Saturne has posted what they describe as the database of FHF.fr, the official website of the Fédération Hospitalière de France (French Hospital Federation), which represents public healthcare and medico-social institutions and runs a major job board for the public health sector.
- Argentine Telemedicine Platform Meducar Allegedly Breached, 3.1 Million Patient Records Held to Ransom23 de junio de 2026
A threat actor using the alias Kazu is extorting Meducar (meducar.com), a Latin American telemedicine and patient-management platform owned by Grupo Cormos, an Argentine health-tech company.
- European Real Estate CRM Whise Allegedly Breached, Over 40 Million Records Leaked22 de junio de 2026
A threat actor using the alias ChimeraZ has posted what they describe as the database of Whise.eu, a European real-estate CRM used by agencies and agents to manage leads, properties, and transactions.
- US Stock-Market Forum Stockaholics Allegedly Breached, Member Database Leaked22 de junio de 2026
A threat actor using the alias TomTom has posted what they describe as the member database of Stockaholics.net, a US-based online forum for stock-market, trading, cryptocurrency, and financial-market discussion.
- Durango State Education Department Allegedly Breached, Exposing Records of Thousands of Primary School Children26 de junio de 2026
A threat actor using the alias D3spair157 (operating as “Sociedad Privada 157”) has posted what they describe as a data leak from the Secretaría de Educación del Estado de Durango (SEED), Mexico's Durango state education department, reportedly obtained using administrator credentials to its student-management portal.
- Taxpayer Database From Mexico's Coahuila State Government Allegedly Leaked25 de junio de 2026
Threat actors using the aliases M1sery157 and D3spair157 (operating as “Sociedad privada 157”) have posted what they describe as a database scraped from a Coahuila state government portal in Mexico.