InfoSecBulletin Cybersecurity for mankind
Resecurity found 7.4 million records of Paraguayan citizens’ personal information leaked on the dark web today. Last week, cybercriminals attempted to sell this data for $7.4 million, or $1 per citizen. A ransomware group is extorting the country, marking a major cybersecurity event, with a deadline set for Friday, June 13, 2025.
Stolen data has appeared on various underground forums, including ZIP files of databases and a torrent file for P2P downloads of citizens’ records. This method was also used by LockBit 3.0, which used torrent files on P2P networks to avoid takedowns.
AMD discloses 4 new CPU flaws Affecting Many CPUs
GitLab patched XSS and Authorization Bypass Flaws
CVE-2025-7206
Critical D-Link DIR-825 Router Flaw Remote Crash Via Buffer Overflow
Urgently patch now: Zoom Patches 6 Flaws
Whatsapp rival ‘Bitchat’, message without internet
Splunk Addresses Third-Party Package Vulns in SOAR Versions
Texas-based Tax Credit Consultancy agency exposed PII, ID Numbers, & SSNs
CVE-2025-25257
Fortinet Addresses Major SQL Injection Flaw in FortiWeb
Microsoft July 2025 Patch Tuesday: One zero-day, 137 flaws
Android malware Anatsa infiltrates Google Play targeting banks worldwide
Paraguay has suffered a data breach involving the personal information of its entire population. The attackers, in their ransom demand, criticized the government’s corruption and negligence in protecting citizens’ data. The Paraguayan government refused to pay the ransom and provided little information on how the data of 7.5 million people was compromised, offering only vague comments. Just days before the leak, the President’s Twitter account was also compromised.
The leaked data likely comes from Paraguay’s National Agency for Transit and Road Safety, the Ministry of Public Health, and an unnamed system with personal information. Such leaks are not new in Paraguay, and this recent incident adds to a pattern of data breaches.
In 2025, Paraguay faced two significant data breaches from public institutions. The first breach at the Superior Tribunal of Electoral Justice revealed info on over 7 million individuals. The second, involving the Ministry of Finance, the Central Bank, and Itaipú, leaked a file with more than 17,000 records containing sensitive details such as payments to officials and personal information. In 2023, the National Police also had a breach that exposed documents and personal data of detainees, including their criminal records and photos.
Paraguay dark web
The actors, identifying as “Cyber PMC,” describe themselves as “mercenaries” attacking government systems for profit. It’s uncertain if they are backed by a foreign state or if their actions are solely motivated by cybercrime.
Flax Typhoon, a cyber group associated with China, hacked into Paraguayan government networks last year, as reported by the Paraguayan Ministry of Information and Communication Technologies and the U.S. Embassy in Asunción. This advanced persistent threat involved using malware to access systems and gather sensitive data while staying hidden. There have been no data leaks, and no affected organizations have been named.
Resecurity noted that Paraguay is the only South American country to recognize the independence of Taiwan. China considers the island nation as its territory, and has carried out a global campaign to convince other governments to do the same.
The intensity of cyberattacks and data breaches targeting Paraguay and other countries in South America is alarming. Resecurity highlights the increasing efforts of foreign threat actors to compromise government information systems and portals that store PII of citizens.
