VN#025
special edition with a guest
Alicja Pawlowska & Geoffroy Pellevoizin
August 24, 2025
Hi Everyone,
The summer holidays are winding down the perfect time to slow the pace a little.
Welcome to our third newsletter edition, and this time I’m especially excited because we have a guest contributor joining us.
Back in April, at InCyberForum ’25 in France, during networking after OSINT Day, I had the chance to meet Geoffroy Pellevoizin. Our conversation stuck with me, and today I’m thrilled to host him here. He’s working on something fresh for the OSINT market.
In this issue, you’ll find an introduction to Geoffroy and his early-stage project Sightswarm – OSINT as a Service.
Before launching Sightswarm, Geoffroy worked at the French cybersecurity agency ANSSI and later as an investigative journalist at Intelligence Online, where he developed a deep passion for OSINT. Even better — he’s building Sightswarm together with Arnaud Garrigues and Hugo Benoist, co-founder of one of the largest OSINT communities in France, OSINT-FR.
I’ve always wanted this newsletter to be more than just updates - a space for community voices, collaboration, and showcasing new projects that move our field forward. That’s why I’m so excited this idea is still going strong. So far, the guest newsletter comes out every two months. If you’d like to be a future guest and share something with the wider community, feel free to DM me!
Now, let’s dive into this week’s stories.
Cybersecurity News
Why OSINT must be a Cornerstone of U.S. National Security: Open-Source Intelligence (OSINT) has become indispensable in modern national security strategies, enabling real-time analysis and proactive threat detection. Find out more.
DPRK Email List Leak – Spotting North Korean IT Hiring Patterns: Recent leaks exposed nearly 1,400 DPRK-linked IT worker emails; analysis reveals username and domain patterns (like birth years or service providers), useful in spotting suspicious candidates. Find out more.
DPRK Hack brings down Crypto Startup Lykke
North Korea’s Lazarus Group is implicated in siphoning off £17 million (~$23 million) from UK crypto startup Lykke - leading to its liquidation and bankruptcy. Find out more.What is the DPRK? The Democratic People’s Republic of Korea (DPRK), commonly known as North Korea.
Vulnerabilities & Exploits & Hacks
Chrome VPN Extension Caught Secretly Spying on Users: The Chrome extension FreeVPN.One (100k+ installs) was found by Koi Security to silently capture screenshots of every page visited including banking and healthcare sites and send them to a remote server. The spyware has been active since July 2025.
Apple Patches actively exploited Image I/O Zero-Day (CVE-2025-43300): The vulnerability in its Image I/O framework, used in “extremely sophisticated” targeted attacks via malicious image files affecting iOS, iPadOS, and macOS. Find out more.
Threat Hunting & Malware
Thorium - CISA & Sandia’s new Open-Source Malware Analysis Platform: CISA, in collaboration with Sandia National Laboratories, launched Thorium - an open source, scalable platform for automated malware and forensic analysis, capable of processing millions of files per hour. Find out more.
Gathering Malware Intelligence: Watch how malware analysis in a secure Tracelab environment uncovers attacker identities. Watch now.
Funding
AI Hacker Agents: Xbow Raises $117M to develop AI-powered hacker agents, while Alias Robotics has open-sourced their related research and source code - making it easier for the community to explore and build on these innovations. GitHub
Other news
GitHub CEO Resigns; Platform Fully Integrates into Microsoft’s CoreAI. Thomas Dohmke is stepping down as GitHub CEO as the company transitions from independent operation to being part of Microsoft’s CoreAI team, signaling deeper AI-focused integration. Find out more.
📰 Reports
Espionage & Counterintelligence
Fake News Campaign Targets Armenian Presidency Using Stolen Identities: Six France 24 journalists had their identities hijacked by a disinformation site potentially linked to Russia or Azerbaijan as part of an influence operation. Find out more.
German BND Struggles With Foreign-Language Intelligence Processing: Bild reports that Germany’s Federal Intelligence Service is facing major challenges in handling large volumes of non-German language data efficiently. Find out more.
Turkey Develops Counter-Kamikaze Naval Defense System: Ankara is advancing the Arida-M USV, designed to intercept and neutralize explosive-laden boats and kamikaze drones. Find out more.
Egypt in Talks With Thales to Build Military Satellite C2 Systems: Cairo’s Ministry of Military Production is negotiating with Thales Group (France) to co-develop satellite communication systems for secure command and control (C2). Find out more.
Porsche and Deutsche Telekom to Back €500M Defense Venture Fund: Bloomberg reports the Porsche family may abandon its long-held stance against military investments, joining Deutsche Telekom in a new European defense fund. Find out more.
SOCMINT
Instagram: As of 10th July 2025, individual Instagram posts from creator and business accounts can now appear in search results. This development goes beyond your Instagram handle appearing in search results, a feature that has been available for indexing for some time now.
Max Messenger now linked to Russian Security Center
The Russian Interior Ministry announced that the Max messaging platform now has a 24/7 connection to the Security Center, enabling users to report illegal or harmful content in real time.First Cybercrime case reported on Max. Despite previous claims of Max being a safer alternative to foreign messaging apps, Russian authorities reported the first case of fraud on the platform. The Interior Ministry arrested a suspect in connection with the incident, highlighting that even state-backed apps are not immune to misuse.
In Issue#022, I wrote about this app.
OSINT Guest Section
What is Sightswarm?
Sightswarm was born from a simple observation: today’s organizations increasingly need investigations whether it’s due diligence, understanding competitors, or digging into fraud and cyberattacks. And in many cases, the answer is OSINT.
But here’s the challenge:
OSINT isn’t a core skill for most organizations.
Building in-house teams is expensive and complex.
Finding trusted OSINT freelancers for specific missions can be time-consuming.
Enter Sightswarm — our solution to all these challenges. We created a marketplace connecting organizations with elite OSINT talent.
Imagine a community of hand-picked experts, tested in a CTF-style challenge, ready to tackle any mission. From due diligence to off-chain crypto investigations, digital footprint analysis, and de-anonymization — our specialists are at the top of their game. Every task is matched with the person best equipped to handle it. The result? Flexibility, speed, and cost efficiency.
But Sightswarm is more than people:
An investigation platform that connects multiple OSINT tools (think facial recognition or Epeios) and integrates results into one seamless, visual workspace.
Collaborative capabilities, allowing multiple investigators to work in real time.
Standardized and partially automated reporting - designed to make the investigative process faster and more efficient.
The platform is still under development; once it’s ready, I’ll share it here so we can test it 😁
👉 Check out sightswarm.com, follow us on LinkedIn, or drop a line at [email protected]
Privacy
UK Backs Down from Apple Backdoor Request. The UK government has withdrawn its demand that Apple create a backdoor into encrypted iCloud data, following pressure from U.S. officials who warned it would compromise civil liberties.
UK Considers Blocking VPN Access for Minors. UK officials are exploring measures to prevent children from using VPNs to bypass online age restrictions and access inappropriate content. The proposal aims to enhance online safety for minors by restricting access to VPN services.
Proton was reporting a 1,400% hourly increase in signups over its baseline so far on Friday, July 25, the day the UK's age verification law goes into effect.
Google Updates
Gemini Introduces “Guided Learning” Mode
Google’s Gemini AI now features “Guided Learning,” enabling step-by-step tutoring with custom images, diagrams, quizzes, and interactive media to help students understand complex topics.Gemini Storybook - AI-Powered Illustrated Narratives
The new Storybook feature in Gemini lets users generate personalized, 10-page illustrated storybooks with read-aloud narration, supporting uploads of user files and photos in over 45 languages.Perplexity’s $34.5 Billion Bid to Acquire Chrome
AI startup Perplexity made an unsolicited all-cash offer of $34.5 billion to acquire Google’s Chrome browser amid antitrust scrutiny, pledging to keep it open-source and fund its development.
Darknet
Upcoming CyberSec / OSINT Events
Free
Inside the Cyber Battlefield – Iranian Cyber Operations from an FBI Perspective — webinar on August 27, 2025, 1:00 PM – 2:00 PM. Link
Inside a Prompt Injection Attack: Anatomy, Risks, and Proven Defense Strategies — live virtual event on August 27, 2025, 1:00 PM EST. Link
Inside Thailand's Cyber Shadows: Threats, Hacks, and the Hunt with OSINT — webinar organized by StealthMole x Secure D Global, September 4, 2025, 2:00 PM Link
How To OSINT the Ocean — webinar organized by Pulitzer Center, September 9, 2025, 4:00 PM – 5:00 PM UTC. Link
Course
OSINT Operator Mini — free 3-part workshop teaching OSINT fundamentals for beginners. Link
CTFs
Blue Arena – Bugku CTF Platform — China’s online CTF, August 29–31, 2025. Link
In one of my early issues#004, I shared an inside look into China’s CTF ecosystem.
Flare On CTF #flareon12 — challenge organized by FireEye Mandiant. This CTF is the FLARE team's annual CTF contest. It is a single-player series of Reverse Engineering puzzles that runs for every fall. September 26, 2025, 8:00 PM EST. Link
Paid
🙃Bonus
Bonus for Polish fellows: Check out Bartosz Nakielski’s new project - a cryptography video series in Polish! Start with the beginner friendly “no math” course, move to intermediate lessons with guided math explanations, and get ready for the advanced course coming in 2026.
