Hi Everyone,

As you know, I’ve started collaborating with i-intelligence, and in October and November we’ll publish special issues dedicated to Russian, Chinese, and Arabic OSINT. We want to make sure the content is truly relevant and useful for you, so your input is very important. In the previous issue, you’ll find more details about this collaboration.

📝 Reminder: Surveys still open for 2 more weeks!

If you haven’t shared your input yet, there’s still time.

👉 Language OSINT Form – help shape the upcoming issues with i-intelligence trainers.

👉 Darknet Form – tell us what you’d like covered in the Darknet section.

The survey is anonymous, I only see your answers. By the way, Tally, where the surveys were created, is my latest discovery.

Now let’s recap what happened in the past weeks. The cybersecurity part was prepared with the help of my best friend in OSINT, Adam - because for the first time I felt stuck. But with his support, while creating and collecting information again, I found my flow. So from time to time, Adam will be helping me with research.

Cybersecurity News 

• U.S. and Polish intelligence agencies co-author global cybersecurity advisory: U.S. CISA, NSA, FBI, and others including Poland’s Agencja Wywiadu (Intelligence Agency) and Służba Kontrwywiadu Wojskowego (Military Counterintelligence Service) jointly issued an alert on Chinese state-sponsored APTs targeting global network infrastructure. Find out more.

  

Vulnerabilities & Exploits & Hacks

• Automated sextortion malware “Stealerium” snaps webcam and browser images: An open-source infostealer now automatically captures webcam images and screenshots when users visit NSFW websites for blackmail purposes. Find out more.

• Chess[.]com data breach: Chess.com disclosed a recent data breach affecting users via a file transfer application. Find out more.

Threat Hunting & Malware

• Salesloft Drift breach impacts Cloudflare, Zscaler, Palo Alto Networks: A data theft incident leveraging the Salesloft Drift integration with Salesforce exfiltrated customer data from multiple major cybersecurity companies. Find out more.

• Amazon disrupts APT29 watering-hole attack targeting Microsoft authentication: Amazon’s security team uncovered and halted a watering-hole campaign by Russia’s APT29 that aimed to compromise Microsoft’s device-code authentication flow. Find out more.

Learning 

• pwn.college: Free hands-on cybersecurity learning platform
  offers practical, hands-on exercises to help learners improve their cybersecurity skills, from basic exploitation to advanced challenges.
  

Acquisition

• Atlassian agrees to acquire The Browser Co. for $610 million: Atlassian has agreed to buy The Browser Co., which is behind the Arc and Dia web browsers. OpenAI and Perplexity both reportedly looked at acquiring the startup. Find out more.

📰 Reports

• Cybersecurity Update H1 2025: Malware and Vulnerability Trends — Report by Recorded Futur

• Singapore Cyber Landscape 2024/2025 — Report by CSA (Cyber Security Agency of Singapore)

Espionage & Counterintelligence

• Israel finds a weak link in protecting Iran’s leaders: Attacks targeting bodyguards reveal vulnerabilities in Iranian security. Find out more.

• Maxwell family’s intelligence ties under scrutiny: Investigations highlight ongoing connections between the Maxwell family and intelligence agencies. Find out more.

• Former Austrian intelligence chief charged in espionage case: Egisto Ott faces accusations of spying and abuse of office in one of Austria’s largest espionage scandals. Find out more.

• Spy Versus Spy: Iran’s Playbook for Espionage in Israel. Find out more.

• Russia bans UK think tank RUSI: Russian authorities labeled RUSI “undesirable” over its research on Russian military tactics. Find out more. (.ru)

SOCMINT

• WhatsApp Privacy Update: Users on iOS and Android mobile devices can no longer take screenshots of profile photos.

  • Screenshots are still possible on the WhatsApp desktop app.

    

• So, the Ministry of Communication and Information Technology of Nepal just announced that any social media platform not registered in Nepal will get blocked. Some of the apps on the list are pretty unknown to me, so I figured you might be curious too. Here’s a quick rundown:

  • MeWe — A privacy-focused social network, kind of like Facebook without ads or tracking.

  • IMO — A messaging and video call app, popular in Asia for quick chats.

  • Zalo — A Vietnamese messaging app with calls, stickers, and social features.

  • Soul — A social networking app that focuses on connecting people through interests and hobbies.

  • Hamro Patro — A Nepali app for calendars, news, festivals, and general daily info.

AI

• SEO vs GEO: Generative Engine Optimization is reshaping how content is found on AI-powered platforms, complementing traditional SEO. Read more here.

  • GEO isn’t a buzzword. It’s already happening. Language evolves, and so should the way we define search in the AI era. GEO is a concept I’m seeing more and more often.

Sanctions

• Russia Routes Sanctioned Oil to China via Iran’s 2019 Shadow Network: A complex maritime oil trading scheme has enabled billions of dollars' worth of sanctioned Iranian, Russian, and Venezuelan oil to reach China. Facilitated by the Iranian broker Ocean Glory Giant, the network utilized naval mortgages to disguise oil shipments. Between 2019 and 2024, at least 130 million barrels of oil, valued at $9.6 billion, were transported, with 93% landing in China.

Ad analysis

• Vietnamese Clickbait Factory Behind Swedish AI Hoaxes: Swedish fact-checkers have uncovered a Vietnamese clickbait operation responsible for spreading AI-generated hoaxes on Swedish social media. The network leveraged viral emotional stories to drive traffic, ultimately leading to ad revenue.This case highlights the effectiveness of ad analysis in tracing misinformation back to its source.

  • Craig Silverman 👋 and his newsletter Indicator are also mentioned in this article. Follow Indicator to learn more about ad analysis and other OSINT tips.

OSINT Section

GeoGuessr World Cup 2025 – Copenhagen

Who here has ever played GeoGuessr? 🙋‍♀️ For those who haven’t, it’s this addictive game where you guess locations using Google Street View images. The 2025 World Cup went down on August 29–30 in Copenhagen, bringing together 16 of the best players from around the globe. In a nail-biting final, American-Romanian Radu "Radu C" Casapu edged out Hungarian Attila "Debre" Szabolcs 3–2 to take home the $40,000 prize.

Poland was on the map too! Strefan snagged third place after a tight 3–2 win over Australian Leero, bagging $10,000 and making it the best Polish finish in GeoGuessr World Cup history.

Tools

• AnswerThePublic – a tool that visualizes search queries and questions from users to uncover trends, popular topics, and insights for content research.

• Deflock Map – provides an interactive map showing the locations of ALPRs (Automated License Plate Readers) around the world.

• Information Laundromat – a tool created by Peter Benzoni that helps OSINT researchers track the spread of misinformation and disinformation across websites by analyzing similarities in content, metadata, and images..

Privacy

• Proton Launches Free Cross-Platform Authenticator App: Proton released a free cross-platform 2FA app (Windows, macOS, Linux, Android, iOS) generating time-based one-time passwords for improved account security.

• Perplexity AI Updates Consumer Terms and Privacy Policy: Perplexity AI has updated its Consumer Terms and Privacy Policy, effective September 28, 2025. Users must decide whether to allow their chats and coding sessions to be used for model training. If consented, data retention will be extended to five years for new or resumed interactions; otherwise, the existing 30-day retention period applies. Users can change their preferences at any time in their privacy settings.

Google Updates

• Google Denies Widespread Gmail Breach:Google dismissed reports of a widespread Gmail breach as false; a limited incident involved compromised OAuth tokens from third-party apps, with no credentials exposed.

• US Judge Orders Google to Share Search Data with Competitors: A US judge ruled Google must share search data with competitors and cannot block rival apps on devices; Google plans to appeal.

Darknet

• DarkwebAI – an AI-powered chatbot that helps users search for and access sites on the Tor network, including darknet markets, forums, and informational resources.

Upcoming CyberSec / OSINT Events

Free

• Mediarecovery Webinar: Jak zwiększyć bezpieczeństwo biznesu dzięki analizie OSINT? - Thursday, September 11, 2024, 11:00 AM (in Polish). Registration here.

• Future Security Talks Webinar: Deepfake: Nowa broń w rękach cyberprzestępców - Friday, September 12, 2024, 10:00 AM - 11:30 AM (in Polish). Registration.

• Alliance4Europe together with the Counter Disinformation Network and partners from leading European organisations, invites you to our Digital Events Series this fall. This project is funded by the Ministry of Foreign Affairs of the Republic of Poland under the grant competition “Public Diplomacy 2024–2025 – the European dimension and countering disinformation.”

  Below are two upcoming events. The full list can be found here.

  • How the Belarusian Opposition is Attacked by Regime Propaganda – and How It Fights Back - September 18, 2025, 4:00 PM CET

  • Operation X-ploitation - X's Failure to Address Child Sexual Abuse Content and Influence Operations - October 2, 2025, 4:00 PM CET

• EU DisinfoLab Webinar: Operation Overload - Smarter, Bolder, Powered by AI - September 18, 2024 - More info here.

• Deepfakes Explained & How to Protect Yourself – on September 24, 2025, James McQuiggan will lead a free online session exploring how deepfakes are used in phishing, social engineering, and disinformation, and how to detect and defend against them with practical tools and exercises. More info here.

Courses

• Free courses on TCM Security — Three courses by Andrew Bellini are now available for free. Practical Help Desk, Practical Security Fundamentals, and AI 100: Fundamentals.

CTF

• HackTheBox – HOLMES CTF 2025; First all-blue CTF, 22–26 September

  Compete individually or as a team for over £10,000 in prizes.

  Free registration: Link.

Paid

• CINTiA (Criminal Intelligence & Technology Analysis) 2025 – scheduled for 23–25 September 2025 at the Faculty of Computer Science, AGH University of Krakow, this international conference is organized by the Polish Platform for Homeland Security (PPHS) and AGH University of Krakow. Link.

• Predict 2025 (London), October 21–22, 2025, this international cybersecurity and intelligence conference is organized by Recorded Future. Link.

🙃 Bonus

Oppi – built by Amaury Lesplingart, founder of CheckFirst Network, this OSINT platform teaches information manipulation through simulated disinformation campaigns on platforms like X, Telegram, and TikTok. Trainers design scenarios based on real-world tactics, and participants access the platform using a 6-character session code, ensuring complete anonymity.