Hi Everyone,

Last weekend, I was at the Pol’and’Rock Festival (formerly known as Woodstock Poland) with the FrontStory/VSquare team. Big kudos to the marketing crew for organizing a fantastic 4 day event! At our booth, we ran OSINT challenges inspired by those in every FrontStory newsletter everything from fiding company connections, checking company finances, analyzing domains, to mapping locations. It was great to see how determined people were to solve the challenges without asking for help.

Even better, awareness of OSINT is clearly growing in Poland - most folks had heard about it, even if they hadn’t tried it themselves.

I also got to do a live presentation for about 50 people. At one point, I felt the crowd could have easily been triple that, and I’d still be comfortable. After running several workshops this year, I’ve realized public speaking live is way easier than online!

Now let’s check what’s happened in the past weeks.

Cybersecurity News 

• MITRE fires ATT&CK Evals leadership: A day ago, Senior Advisor at MITRE Engenuity revealed that MITRE terminated the senior leadership of its Center for Threat-Informed Defense in a cost-cutting move, raising serious concerns about the future of cornerstone cybersecurity frameworks like ATT&CK and CVE. Industry partners - some of which have funded CTID and ATT&CK extensions for years were not informed in advance, prompting calls for an independent consortium to take over their development and governance. We may need to start thinking of creating an industry consortium to take over and support ATT&CK (minus the MITRE). It is a dark time when organizations who purport to make the world a safer place decide to abdicate their leadership in keeping citizens cyber safe. Read it here.

  

• Battle for XSS Forum: On July 22, 2025, Ukrainian law enforcement arrested 36-year-old Oleksandr Ivanov, aka “Toha,” alleged administrator of the Russian-speaking cybercrime forum XSS[.]is, in Kyiv. After nearly two weeks offline, the site resurfaced on a new domain XSS[.]pro, but it’s likely not active. Former moderators claim XSS has become a honeypot operated by Ukraine’s SBU. Find out more.

  • What is XSS Forum? — A closed criminal marketplace for malware, exploits, stolen data, and illicit services. Despite its name, it’s unrelated to the XSS (cross-site scripting) web vulnerability.

  • Someone using the pseudonym “g0njxa” conducted an interview with Anomaly, a moderator from the new DamageLib forum and former moderator of the XSS forum, speaking on behalf of other ex-moderators, to understand and explain the recent events from the perspective of people closely connected to the forum and shared this interview publicly.

    I always wonder whether things like this are legit or staged.

Vulnerabilities & Exploits & Hacks

• TeaSaga faces second massive breach: after leaking 72,000 images, over 1.1 million private messages on sensitive topics were exposed, prompting Tea to disable direct messaging for safety. Find out more.

  • Meanwhile, TeaOnHer, a gender-swapped copy of Tea, mirrors the same security flaws and data breaches.

• DNSSEC Misconceptions: Experts warn against cyber fraud narratives portraying lack of DNSSEC as a major ransomware risk—it’s not. Find out more.

  • DNSSEC (Domain Name System Security Extensions) is a security protocol that uses digital signatures and a hierarchical chain of trust to verify that DNS responses come from an authentic source and haven't been altered in transit, protecting against DNS spoofing and cache poisoning attacks.
    

Threat Hunting & Malware

• Threat Huntbook: A powerful platform for threat hunters to track and analyze threats effectively. Find out more.

• (New) Threat Hunter's Cookbook: Practical recipes for threat detection using Splunk and other tools. Download here.

Acquisition

• Generative AI Security Boost: SentinelOne has acquired Israeli startup Prompt Security for around $250 million, strengthening its position in generative AI security. Find out more.

📰 Reports

• Disrupting Malicious Uses of AI: June 2025 - Report by OpenAI.

• Weapons of Information Warfare: A guide to threat actors’ tools - Report by Center for Countering Disinformation with EU Advisory Mission Ukraine.

Espionage & Counterintelligence

• Poland testing US-Made AI sea drones in the Baltic: Poland conducts covert trials of Havoc AI sea drones to boost surveillance and military capabilities in the Baltic Sea region. Find out more.

• India weaponizes counterterrorism for political propaganda: India faces criticism for using counterterrorism narratives as tools of political influence and propaganda domestically. Find out more.

• Microsoft allegedly assisting Israel in Surveillance of Palestinians since 2021: Reports claim Microsoft aids Israeli intelligence in monitoring millions of Palestinians.Find out more.

• Belarusian Intelligence targets diaspora via Social Media: Minsk uses digital platforms to recruit members of Belarusian diaspora for intelligence activities. Find out more.

• Iran asks Taliban for ‘kill list’ so it can hunt down MI6 spies: A Taliban government official said they obtained the spreadsheet in 2022. In a previous issue, I shared information about the leak. Find out more.

SOCMINT

Telegram

• Telegram Premium: For those who don’t use Telegram often, Telegram offers a Premium version that provides faster downloads without limits, 4GB upload capability, and the ability to view people’s stories without appearing on their viewer list. For highly sensitive conversations, users can create Secret Chats - separate end to end encrypted chats not stored on Telegram’s servers, send self-destructing messages and files. In addition, the app offers auto-translation of messages, although recent reports indicate occasional problems with this feature.

  • Alternative Swiftgram iOS app, Android Nekogram - are alternative third-party Telegram clients offering additional features and customization options, such as built-in translation for users with free plan.

  • New feature: Users can search posts from public groups - this is available only with Premium.

• Telegram bot: My friend from the Spanish OSINT community created a Telegram bot that monitors specific words or regex patterns in Telegram groups and channels, sending instant alerts when detected. It offers easy setup, custom alerts, blacklist options, and costs 10 euros/month. You can subscribe via Observatorio OSINT’s Patreon.

AI

• AI Chats Exposed: ChatGPT has removed its content from Google search results after users discovered that private conversations could be found through simple Google searches.

  For example, a common search query was:

  "site:chatgpt[.]com/share intext:email"

  However, it’s still possible to check Grok or Claude using such search queries.

OSINT

Tools

• Atlas Bear’s GitHub list of maritime and supply chain OSINT tools.

  • They led workshops during the last Summer School on Illicit Trade.

• Tip from UK OSINT: How to Search Partial Number Plates in the UK

• SurveillanceWatch.io is a website mapping companies involved in global surveillance and spyware technologies.

Disinformation through OSINT accounts

• Some time ago, I came across two X accounts - OSINT Defender and Open Source Intel - both with large followings. Newarab was the first to report that these profiles spread disinformation, particularly related to Middle East conflicts. OSINT Defender, run by a former US Army officer, posts debunked claims as “verified” intelligence, while Open Source Intel promotes pro-Israel narratives under the guise of genuine OSINT.

  

Google Updates

• Arabic Super Searchers Program: In collaboration with ARIJ Network, Google launched the Arabic chapter of its 'Super Searchers' program to improve digital literacy and critical research skills. The first session trained 400 journalists, researchers, and students on keyword selection, source evaluation, reverse image search, and scam detection. For the first time, in partnership with ARIJ, the program is specifically aimed at the Arab region and Arabic-speaking audiences. More information here (in Arabic).

• Google’s "Big Sleep" AI finds Cybersecurity Flaws: Google DeepMind and Project Zero teams used the "Big Sleep" AI model to identify 20 vulnerabilities in open-source projects, highlighting AI’s role in strengthening cyber defenses.

• Google Earth AI Satellite Embedding Dataset: Google released a new AI-powered satellite embedding dataset, enhancing geospatial analysis and applications.
  

  

• Google Search Vulnerability Exposed: Journalist discovered a flaw letting users remove specific pages from Google search results by exploiting URL capitalization. Archived version of the article.

Darknet

• IS Digital Resilience: The Islamic State’s propaganda network has evolved into a decentralized, multilingual ecosystem across encrypted apps, darknet onion sites, and self-hosted platforms like Rocket[.]Chat, using OPSEC training and generative AI to maintain recruitment and influence. Report by DarkOwl.

• Hosting Dark Web Sites: A technical guide on setting up a .onion site with Kali Linux, Tor, and Nginx, including creating custom vanity onion addresses and ensuring persistence across reboots, aimed at cybersecurity pros and privacy-focused developers.

• Interpol Target Detained Thailand: A Swedish national known by the pseudonym "Toby," wanted by Interpol for running the dark web drug trafficking platform - Archetyp, was arrested by Thai immigration police at a luxury villa.

Upcoming CyberSec / OSINT Events

Free

• Exploring Attack Surface Management with GenAI — event on August 12, 2025, 6PM - 8PM AEST. Sydney NSW, Australia. Link.

• (CS)²AI Online Panel: Salt Typhoon and ICS/OT Impacts — webinar on recent cyberattack targeting industrial control systems, August 13, 19:00 CEST. Registration.

• Trustmi AI Cybersecurity Webinar Series — ongoing series, next webinar on August 28, 2025. Check it here.

• Basic GIS Course by Center for Disaster Risk Management — free GIS and remote sensing course for professionals, September 4–20, evening classes. Certificate included. Register by August 31. More info here.

Courses

• Elastic Security for SIEM — free training available until October.

• Paid course: Critical Thinking and Structured Analysis (CTSA) organized by the Questimation. 1-5 September 2025 -- 09:00-17:00 Daily, UK

CTF

• Project Sekai CTF — starting August 16, 2025, 16:00 UTC, international competition with prizes. Official website.

Paid

• GASS Asia 2025 - Global Anti-Scam Summit, Hybrid, Singapore — September 2-3, 2025. The event website.

• Australian OSINT Symposium 2025 — hybrid event in Sydney and online, September 18–19. Link.

• BSides Cracow - tickets are available as free and paid options, with the event on September 27. The event will be held in English. Check it here.

• For those who haven't heard, Def Con is happening this weekend or rather, wrapping up now following the Black Hat conference that concluded earlier this week.

  

  How my LinkedIn looked this week, thank you guys

  • DEF CON is coming to Singapore! — first DEF CON event in Singapore, April 28–30, 2026, Marina Bay Sands.

🙃Bonus 

Call for Contributors – Locked Shields 2026 (DFIR Track)

NATO CCDCOE is seeking experts, teams, and organizations to contribute to the Digital Forensics and Incident Response track of Locked Shields 2026 — the world’s largest live-fire cyber defence exercise.

If you specialize in memory forensics, malware analysis, log reconstruction, reverse engineering, forensic challenge creation, AI, blockchain, 5G, GPS/GNSS, or SCADA/OT investigations, they want to hear from you!

Contributions can include technical artifacts, VMs, scripts, or domain expertise to help build realistic, challenging forensic scenarios.

Interested? Reply to this email and I’ll share contact details.