MITRE Releases F3: A Shared Fraud-Cyber Framework Built From Real Attack Data: MITRE's Center for Threat-Informed Defense launched the Fight Fraud Framework (F3) on April 9, extending the ATT&CK model to financial fraud with two new tactics absent from ATT&CK: Positioning and Monetization. Built from real-world incidents with contributions from Group-IB and major financial institutions, Find out more

Windows Defender RedSun 0-day Grants SYSTEM Privileges: Researcher "Chaotic Eclipse" released a PoC abusing Defender's cloud file rollback mechanism to overwrite system binaries and escalate to SYSTEM on fully-patched Windows 10, 11, and Server. Still works after the April Patch Tuesday fix for CVE-2026-33825. Find out more

JanelaRAT Targets Brazilian and Mexican Banks: A new variant of BX RAT logged 14,739 infection attempts in Brazil and 11,695 in Mexico in 2025, using "title bar detection" to trigger fake banking overlays only when users visit specific banks or crypto exchanges. Spreads via DLL side-loading and infected MSI installers. Find out more

[Free]Mandiant Launches FLARE Learning Hub: Google's Mandiant opened public access to three training modules by the FLARE team: Malware Analysis Crash Course, Go Reverse Engineering Reference, and Introduction to Time Travel Debugging. Find out more

NÚKIB (The National Cyber and Information Security Agency) Quarterly Cyber Threat Landscape Q4/2025 (Czech Republic). Report

DNSC (Romanian national cyber security and incident response team) Cybersecurity Indicators and Trends Bulletin H1 2025 (Romania). Report

Russia Publishes European Addresses of Ukrainian Drone Makers. Moscow released 20 addresses across 12 countries and called it "a list of potential targets for the Russian armed forces." One listed Vilnius street hosts 700+ unrelated companies. Find out more

Former US Army TS/SCI Holder Charged With Leaking to Journalist. Courtney Williams was arrested April 8 after 10+ hours of calls with a journalist. Her own texts: "probably going to jail for life." Find out more

Pakistan's ISI Exploits Chinese CCTV to Spy on Indian Military. 9 solar-powered cameras connected to a Chinese surveillance platform streamed live feeds of Indian army cantonments to ISI handlers for nearly three months. 11 arrested. Find out more

Japan's Fronteo Builds AI Tool to Flag Leak-Risk Researchers. The Tokyo startup's Cabinet Office-backed prototype quantifies researcher risk by scanning 280 million papers for funding sources and coauthors. Find out more

Black Cube Sting Operation Exposes Cyprus Corruption. The Israeli private intelligence firm confirmed its role in a sting that forced the resignation of a senior aide to the Cypriot president. Black Cube said it was "proud" to have exposed corruption. Find out more

XChat: X Launches standalone Encrypted Messenger. Musk's new app launched April 17 on iOS with E2E encryption, screenshot blocking, and group chats up to 481 people. Experts have already questioned its encryption claims. Find out more

Eurosky: Europe's answer to Big Tech Social Media. An EU-hosted digital identity built on the AT Protocol (Bluesky's framework), with access to European social apps including Flashes (Instagram alternative). Find out more

Last Issue's Challenge: How the World Laughs Online

In the last edition, I asked if you knew what these chat expressions mean. Here are the answers:

Hungary's Secret Spyware Arsenal Exposed by Citizen Lab & VSquare. Hungary is the first confirmed EU country deploying Webloc, a mass surveillance tool tracking hundreds of millions via smartphone advertising data. Find out more

Session Messenger Faces Shutdown in 90 Days. The encrypted messenger serving 1.7M monthly users has entered its final countdown. Needs $1M to survive: ~$72K raised so far. Find out more

Claude Design dropped yesterday: letting you turn text prompts into interactive prototypes, pitch decks, slides, and UI mockups, carousels.

30 MCP Servers That Supercharge Your AI Workflow. A guide to the top 30 Model Context Protocol servers across dev, cloud, productivity, and data extraction, plus where to find 10,000+ more in the ecosystem. Find out more

MCP Market: Directory for the MCP Ecosystem. A searchable directory of MCP servers for AI assistants, covering databases, cloud storage, browser automation, and design tools. Find out more

Google Maps Adds Custom Icons for Lists. Each list can now have its own emoji icon: a 🍔 for "Top Burger" or a ⛰️ for "Future Hikes."

Start a new list and select "Choose icon." Find out more

Chrome Rolls Out Vertical Tabs. After years of user requests (and Arc/Edge envy), Chrome finally supports vertical tabs natively on desktop. Right-click any window and select "Show Tabs Vertically." Find out more

Robin: AI-Powered Dark Web OSINT Tool. Apurv Singh Gautam's open-source tool uses LLMs to refine queries and summarise findings from dark web search engines via Tor. Find out more

Operation Alice Dismantles 373,000 Dark Web Sites. A Europol-coordinated takedown across 23 countries. The twist: the CSAM and cybercrime platform was a pure fraud scheme that made €345,000 scamming ~10,000 "customers" with fake packages.

Look What You Made Me Do: FIMI Actors Weaponise Pop Culture (EU DisinfoLab): Cardigan Collective's Rachele Gilman and Zoé Fourel break down how Eurovision, viral controversies and meme-driven moments are used as entry points for geopolitical narrative shaping. April 30 | Register here

The Evolving Role of Open-Source Intelligence (Fivecast + techUK): Industry briefing on how AI and deep learning enhance OSINT in defence, law enforcement, national security and financial intelligence. May 11 | Register here

2026 Global Summit on Disinformation: Two full days of panels, case studies and research discussions with journalists, technologists and academics, EN/ES simultaneous interpretation. May 27–28 | Register here

OSINT Tech Expo 2026 (OSINT Foundation): Two-day expo hosted by Carahsoft, free for OSINT Foundation members and US Government personnel only. April 30 – May 1 | Agenda

OSMOSISCon 2026 (Bonita Springs, Florida + virtual): Annual OSINT & cyber intelligence conference, registration includes a seat for the Open-Source Certification (OSC) exam. May 31 – June 2 | Details

LABScon 2026 (Scottsdale, Arizona): SentinelOne's invite-only threat intelligence conference - world's top cybersec researchers, no vendor pitching, talks 20min + 5Q&A. CFP deadline in June. September 16–19 | Request an invite

Midnight Sun CTF 2026 Quals: 179 teams already signed up, jeopardy. April 25–26 Online | Details

CyberDefendHERs CTF (Geneva, women only): Full-day CTF hosted alongside FIRST CTI Conference, with challenges in Forensics, Cryptography and Threat Hunting. May 5 Geneva | Tickets

DEF CON CTF Qualifier 2026: Qualifier for one of the most prestigious CTFs in the world. May 22–24 Online | Details

Google Capture The Flag 2026: Google's annual CTF, high-weight event. June 19–21 Online | Details

Bulos y crisis: estrategias contra la desinformación (Prodigioso Volcán, Spanish): Paid online training on disinformation narratives, AI-driven manipulation and crisis response. April 21–22 Online | Register here