Hi Everyone,

There is a small delay with this issue because last week I was in hectic city called the Maximum City. Why? Because it never sleeps 😄. Now, I am in a place where everything has slowed down. I’m starting my days surfing at sunrise with dolphins 🐬, followed by an ice bath, then prepping this newsletter and finishing the day with a yoga sesh.

This edition I am also testing something new: as the newsletter grows, so does its reach and if that reach can help someone land their next role in osint or cybersecurity or any related field, why not use it.

Meet the first entry in OSINT Talent Spotlight a space for analysts looking for their next opportunity. If you want to be featured in a future edition, get in touch.

Now, let's catch up on what happened over the last few days.

Cybersecurity News

  • Iranian APT Infrastructure: State-Aligned Clusters: Hunt.io maps active Iranian APT infrastructure across state-aligned clusters useful for defenders and analysts tracking post-strike cyber escalation. Find out more

  • APT36 Floods Indian Govt Networks With AI 'Vibeware': Pakistan-linked APT36 (Transparent Tribe) is mass-producing AI-generated malware in niche languages like Nim, Zig, and Crystal to evade detection by sheer volume rather than sophistication. Find out more

  • 17 Critical Alerts: APTs, AI Adoption, Pre-Auth Zero-Days & Supply Chain Worms: SISA InfoSec's weekly roundup covers the most significant threat activity of the past week. Find out more

Vulnerabilities & Exploits & Hacks

  • Coruna iOS Toolkit - US Exploits Proliferating: A surveillance toolkit that migrated from a US commercial customer → Russian intelligence → Chinese-speaking criminal group a textbook case of the exploit proliferation lifecycle that intelligence services increasingly struggle to contain. Find out more

  • Cloudflare Deploys LLMs Against 'Invisible' Phishing: Cloudflare deployed large language models to analyze millions of emails in real-time, catching subtle 'Sales Outreach' phishing patterns that traditional reactive systems miss. Find out more

Threat Hunting & Malware

  • TSUNDERE Botnet - Commercialized Infrastructure Analysis: Tammy Harper (Senior Threat Intelligence Researcher, Flare.io) published a deep-dive into commercialized botnet infrastructure, tracing the TSUNDERE botnet's business model, customer base, and operational patterns. Find out more

  • Iranian Cyber Groups' 'Strategic Quiet': Shieldworkz decodes why Iranian cyber groups appear to be holding back and what that restraint signals about post-strike escalation calculus. Find out more

  • Ukrainian Hacktivists Publish Russian Defence Database: Ukrainian operators released a massive database of Russian defence facilities and employee data significant OSINT and counterintelligence resource. Find out more

📰Reports

  • Italy's 2026 Intelligence Report: Italy's annual report warns of Russian cyber espionage targeting central public administrations, increased pro-Russian hacktivist DDoS against NATO-aligned countries, and AI-generated video in active disinformation campaigns. Find out more

  • Turkish MİT Annual Report 2025: The annual activity report of Turkey's National Intelligence Organization (MİT) covers the full scope of Turkish intelligence priorities across 2025. Find out more (in Turkish) | Summary in English.

Espionage & Counterintelligence

  • Japan Creates National Intelligence Committee: Japan announced a new Cabinet-level National Intelligence Committee chaired by the Prime Minister with authority over counter-espionage, influence operations, and cross-ministry coordination. A national intelligence bureau will replace the current Cabinet Intelligence and Research Office. Find out more

  • Scotland Yard Arrests Three on China Espionage Charges: Three men arrested on suspicion of spying for China including the husband of sitting Labour MP Joani Reid. Find out more

  • South Korea Expands Espionage Law to All Foreign Countries: South Korea's National Assembly passed an amendment broadening the espionage statute from 'enemy states' to all 'foreign countries' closing a legal gap that had long prevented espionage charges against those spying for China, Russia, or other non-North Korean actors. Find out more

  • Estonia Expels Russian Citizen for FSB Intelligence Collection: A Russian national was expelled from Estonia after being caught attempting to collect information for the FSB. Find out more

  • Epstein, Military Intelligence & Sensitive Networks: Dropsite News examines connections between Jeffrey Epstein, sensitive military intelligence, Bill Gates, and Pakistan's polio programme. Find out more

Global Organized Crime & Trafficking

  • Black Market Ozempic: From Andorra to Gibraltar, organized crime is exploiting Ozempic scarcity to build a booming black market for the weight-loss drug. Find out more

  • Zombie Ships Through the Singapore Strait: The number of Iranian-flagged tankers and 'zombie' vessels sailing under the name and flag of long-scrapped ships transiting the Singapore Strait has increased markedly in recent months. Find out more

  • Obscuring the Money Behind the Bombs: New data on terrorist financial tradecraft reveals increasingly sophisticated layering techniques used to fund attacks. Find out more

SOCMINT

  • WhatsApp introduces parent-managed accounts for under-13s: Meta's new model limits pre-teen accounts to messaging and calls, with parents controlling contacts, group access, and privacy settings via a linked account.

  • TikTok launches a location-based Local Feed in the US: The new opt-in tab surfaces nearby content on restaurants, events, and shopping using GPS data - available to users 18+ only.

AI

  • Kali Linux Integrates Claude AI: The penetration testing distro now ships with Claude AI integration a notable signal of LLM adoption in offensive security tooling. Find out more

  • ChatGPT Gets Display Ads via Criteo: OpenAI will let advertisers buy ads on ChatGPT through commerce media platform Criteo a significant shift in OpenAI's monetization model. Find out more

  • OpenAI Developing Internal GitHub Alternative: OpenAI is building an internal alternative to Microsoft's GitHub a further sign of strategic decoupling from its biggest investor. Find out more

  • Putin Creates Presidential AI Commission: Vladimir Putin established a presidential commission for AI development. Members include Defence Minister Andrei Belousov and FSB Director Alexander Bortnikov framing AI development as a national security priority. Find out more

OSINT Section

A Financial Times investigation exposed an AI-altered satellite image circulating on X that falsely depicted damage from an Iranian drone strike. The "after" image, purportedly showing post-strike destruction, was AI-generated: cars remain frozen in the same positions as a February 2025 satellite photo, rooftop structures differ, and new buildings appear that did not exist in the original. The case is a textbook example of AI-powered visual disinformation in wartime, where fabricated imagery spreads faster than verification.

Tools

Iran conflict monitoring resources - useful for tracking the post-strike information environment:

  • Iran Monitor: Aggregates open-source reporting on Iran. Find out more

  • WorldMonitor (GitHub): Koala73's tool for monitoring global open-source feeds. Find out more

WorldMonitor tool

  • Global Conflict Awareness: Real-time conflict monitoring dashboard. Find out more

  • Farsi Telegram Channel Monitor: Step-by-step guide to building a Farsi-language Telegram monitor for Iran conflict OSINT. Find out more

  • 4 OSINT Tools for the Middle East & Iran: Special Eurasia curates the best tools for regional monitoring. Find out more

Fact Check

  • Verifying Iran War Strikes (EBU Spotlight): A fact-check guide to verifying footage and claims from the Iran strikes. Find out more

OSINT Talent Spotlight

A space for analysts looking for their next opportunity. If you want to be featured here, get in touch.

Robert is a junior OSINT analyst with commercial experience and an unusual background in biotechnology studies, where source criticism and precise reporting were non-negotiable. That scientific discipline underpins his approach to the intelligence cycle: structured, methodical, and allergic to routine. He built his own Start[.]me dashboard, organised by selector type and technique maturity to reduce cold-start friction at the beginning of every nvestigation.

Follow The White Rabbit - Start.me

Curated OSINT Intelligence Toolkit by Robert Prus

start.me/p/aNrBJX/follow-the-white-rabbit

The left columns cover environment preparation (OPSEC, mind maps) and starter toolboxes from Rae Baker, Bellingcat, and Bruno Mortier—blogs, GitHub repos, and more to break routine and kick off research quickly. Tools are grouped intuitively by function for fast navigation and minimal scrolling.

Robert’s security resume:

https://start.me/p/qbrARb/robert-prus-security-resume

He is also a mid-level Java Site Reliability Engineer with 5+ years delivering resilient, cloud-native microservices in retail e-commerce (identity, notifications, transport domains). Strong in Java/Spring Boot, Docker, GitLab CI, AWS (SQS/SNS, S3, Kinesis), and observability with Grafana and Kibana, with hands-on SLOs and 24/7 incident response.

He completed a commercial OSINT traineeship focused on cyber threat intelligence investigations using tools such as Maltego, Spiderfoot, Shodan, alongside OPSEC environments including Whonix, VPNs, and Kali Linux. Continuous learner: OSINT in Practice, Social Engineering, Sekurak Academy certifications; AWS Certified Cloud Practitioner; regular attendee of Mega Sekurak Hacking Party (Poland).

Fluent in Polish and English, Robert is open to remote or on-site roles in Poland in Threat Intelligence, OSINT/disinformation investigations, or developing OPSEC systems for national security, finance, and corporate sectors.

He is open to collaboration - feel free to explore the evolving dashboard and share feedback!

Get in touch with Robert: [email protected] & Linkedin

Google Updates

  • Circle to Search Analyses Full Images: Google updated Circle to Search to analyze entire images creating broader product discovery opportunities via visual results. Find out more

  • Google API Keys Unlock Gemini AI: An investigation reveals how Google API keys hiding in plain sight can be used to access Gemini AI with significant OSINT and security implications. Find out more

Upcoming CyberSec / OSINT Events

Free

Webinars

  • DEF Talks - March 2026: Upcoming online sessions on defense and security. March 17 | Find out more

  • Geospatial Analysis for Human Rights (OSINT For Ukraine): Online workshop on satellite imagery and investigation tools, March 18, 18:30–20:00 CET. Register here

  • Dismantling a Global PhaaS Network (District 4 Labs): Online webinar on tracing illicit funds and mapping DARKSIDE, March 18, 1:00 PM ET / 10:00 AM PT. Register here

  • Detecting AI-Generated Content (GIJN Tech Focus Week): Online session with Henk van Ess on latest investigative tools, March 26, 3:00 PM CET. Register here

On demand

  • From Data to Decisions: A Practical Guide to OSINT and Intelligence Analysis: An on-demand session hosted by the African Youth Security Network covering the intelligence cycle and collection techniques. Watch on YouTube

CTF & Challenges

  • Hackropole: French CTF platform with a growing challenge library. Find out more

  • HashClue: A new hash-cracking challenge platform. Find out more

  • EuroCrim 2026: European criminology conference in Poland. Find out more

Found this helpful? Forward it to someone who’d enjoy it.

Keep Reading

© 2026 Alicja's OSINT Newsletter.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv