VN#034
Final issue of the year — Happy New Year!
Alicja Pawlowska
December 28, 2025
Hi Everyone,
It’s the season for summaries, and if there is one thing we can all agree on in this industry, it’s that we love a good set of numbers 😃 As you can see from the graphic, 2025 has been quite a journey. For those who joined recently, this newsletter is still a passion project - a side hustle I curate in my spare time. Of course, when time is tight, I’m lucky to have friends 🙌 who step in to assist with research for the cyber or dark web sections (always credited if I can, thank you!).
Looking back at the timeline, I originally launched in September 2024. After testing the waters on two different platforms, I made the official jump to Beehiiv in April 2025, which explains the "April Migration" spike you see on the chart.
But beyond the metrics, what I value most is the connection. I genuinely love that you stay in touch. Whether you are asking follow up questions, giving feedback on tools, sharing your own investigations, or even keeping me honest by correcting my mistakes - that dialogue is what makes this worthwhile.
A snapshot of your feedback from this year:
One of the few newsletters I haven't unsubscribed from! Great content, every edition!
Your newsletters is very informative and I can recommend anyone to subscribe!
Excellent insights throughout the newsletter.
This year also marked the launch of the OSINT Guest Section, an initiative close to my heart. I always wanted to create a platform for community voices, and it gave us the space to share unique insights from guests like:
Riccardo Tani - Founder of ricta.io, focusing on web forensics and virtual HUMINT tools (Bricobrowser, Eviquire, Forsint) and creator of a free Advanced Web Forensics Course; (VN#021)
Geoffroy Pellevoizin - Creator of Sightswarm, an OSINT-as-a-Service project (VN#025)
We also explored Chinese (VN#028), Russian (VN#029), and Arabic (VN#030) OSINT together with trainers from i-Intelligence.
The Second Sunday is Yours in 2026 I want to keep this momentum going. If you think this is something for you, mark your calendars: every second Sunday of the month belongs to the community.
If you are working on a new tool, building an OSINT community, have written a CTF writeup, or simply want to showcase your skills by sharing something educational this is your space. It is open to everyone, regardless of experience level. I especially encourage OSINT beginners and freshers to use this opportunity to put yourselves out there.
Thank you for staying, reading, writing back, and building this community together.
Happy New Year! 🎉
Cybersecurity News
Cybersecurity predition for 2026: AI crime, automation, and regulation reshape the threat landscape. Find out more.
Flashpoint - Dark Web Outlook for 2026 actors will move past experimentation to fully operational "Agentic AI" weaponized against API integrations. Find out more.
Vulnerabilities & Exploits & Hacks
Anna’s Archive: Founded in 2022 by the pseudonymous "Anna" following the shutdown of Z-Library. The Justice Department arrested and charged two Russian nationals in 2022 for running Z-Library, which at the time was “the world’s largest library” and claimed to have at least 11 million e-books for download. Anna’s Archive was initially recommended as an open-source shadow library aggregating over 61 million books and 95 million research papers. However, the platform is now explicitly labeled a "pirated search engine" following aggressive data scraping, including causing $5 million in damages to OCLC (Worldcat database).
Spotify: This latest data scrape, described as the biggest in music history, covering 99.6% of all metadata and reportedly led to account suspensions.
After the Spotify scrape, the platform became widely labeled as pirated; earlier, it had been promoted as an open-source library and recommended within OSINT communities.
Anna’s Archive is funded by subscription-based donations, offers high-speed downloads to registered users, and recruits volunteers with reported rewards of $50–$5,000.
Current access:
Active domains include:annas-archive[.]organnas-archive[.]seannas-archive[.]li
Other their accounts: Reddit, Gitlab, Archived view of shutdown Telegram channel
Search engine response: Google reportedly blocked 749 million Anna’s Archive URLs in November 2025.
Threat Hunting & Malware
Threat Hunting Labs launching soon: A new platform (now open only for beta users) offering realistic, "choose your own adventure" investigations in Elastic and Splunk, moving away from standard CTFs. Find out more.
ESET spots BlackHawk loader: Researchers have identified a new malware loader. Find out more.
Other
📰Reports
Espionage & Counterintelligence
A massive recruitment of foregin mercenaries: Russia launched mercenary recruitment in Africa, China, Iraq, Iran, Colombia, Egypt and CIS countries offering $20,000 signing bonus and $2,000 monthly via Telegram. Find out more.
They’ve also set up a dedicated domain:
workinrussia2025[.]ru
Recent UNN report say hundreds of Kenyans promised jobs in Russia ended up fighting in the war in Ukraine.
Germany expands Intelligence powers: Germany’s BND is set to receive a new law allowing sabotage operations. Find out more.
Rare Spy Chief contact: Russia’s foreign intelligence head - Sergei Naryshkin reportedly held a phone call with the MI6 chief during key EU talks on Ukraine funding. Find out more.
US–Nigeria Intelligence cooperation: Nigeria confirmed intelligence sharing with the US that enabled Christmas Day airstrikes on terrorist camps in Sokoto State. Find out more.
Emerging Jihadist threat Lakurawa: A US strike likely targeted Lakurawa, an ISIS-linked group expanding near the Niger border and filling gaps left by Boko Haram. Find out more.
SOCMINT
VK (VKontakte) New Restrictions: VK recently introduced changes that are significantly affecting OSINT researchers. The new measures target “lurker” (passive) accounts: profiles without photos reportedly face immediate suspension, while inactive accounts with photos are being shadowbanned from using search functions - thanks to MN for the tip.
Instagram Date Revealer: Lightweight bookmarklet that converts Instagram’s relative timestamps into exact calendar dates for investigations.
AI
Deepfake-as-a-Service explodes in 2025: A new report by Cyble details the rapid commercialization of synthetic media, warning that accessible "Deepfake-as-a-Service" platforms are significantly lowering the barrier to entry for cybercriminals. Read more.
Dutch Fraudster Uses AI to bypass KYC: A Dutch national successfully opened 46 bank accounts by combining stolen passport scans from rental applications with AI-generated faces to fool biometric security systems. See the case.
Mozilla confirms Firefox AI will be optional: Following the CEO’s announcement of upcoming AI integration, the Firefox team has assured users that they will retain full control with the ability to completely disable these new features.
OSINT Section
Kirby outlines three critical shifts that will redefine OSINT by 2026, from mandatory AI validation and automated workflows to the rise of fully synthetic influence campaigns.
Mandatory AI Validation: By 2026, evidence verification will shift from basic editing checks to deep forensic analysis of AI manipulation, making provenance mapping a standard requirement for all investigations.
Automated OSINT Workflows: AI agents are predicted to handle up to 50% of case preparation by automating data collection and lead generation, allowing analysts to focus on strategy over manual gathering.
Synthetic Influence Campaigns: A shift toward fully AI-generated influence operations where entire personas and communities are synthetic, requiring detection methods based on large-scale coordination patterns rather than individual behavior.
What’s the key OSINT shift you expect by 2026?
Tools
Trace Labs OSINT VM 2025.12 released: The latest OSINT VM ships with new tools, community-driven improvements, and a streamlined install option via the
tlosint-tools script. The project moves to quarterly releases going forward.Awesome Thai OSINT: A curated GitHub repository collecting OSINT resources, tools, and references focused on Thailand and Thai-language investigations.
Google Updates
Year in Search 2025 — Google has released its annual "Year in Search" retrospective, revealing the top trending queries, people, and cultural moments that defined 2025 in the US. Explore the trends.
Change your Gmail address — Google is rolling out a highly requested feature allowing personal users to modify their primary email address without creating a new account. Previously tested in India and similar to Workspace aliases, this update lets you switch handles while keeping your old address active for receiving mail.
How to check: Go to Manage your Google Account > Personal Info > Contact Info > Email. If the feature is available for you, you will see an edit icon (pencil) next to "Google Account email".
The Catch: You can only change your address once every 12 months, and your old address remains linked to your account.
Gmail split view — Google is rolling out a new split-view feature.
Darkweb
Explore this week’s finds
XMR Meet: An open-source, community-driven directory mapping local Monero users for in-person, peer-to-peer exchanges. The project visualizes willing traders on a map to facilitate real-world privacy coin usability. View map or GitHub.
Robin: AI-powered OSINT tool designed to automate reconnaissance and analysis specifically for Dark Web environments. GitHub.
Free training
If you are looking to expand your knowledge base without spending a dime, bookmark this repository of Free OSINT Learning Resources.
Ready to dive into the deep end? Cybersudo is preparing an advanced lecture on hunting leaked databases on torrent networks. The session will cover techniques for identifying and tracking breached data circulating through torrent ecosystems. Early access notifications are now open.
🙃Bonus
[Job] GIS OSINT Specialist – NATO