Microsoft Edge Stores Saved Passwords in Plain Text in Memory: Norwegian researcher showed Edge loads the entire password vault into plaintext at startup, making it trivial to scrape with infostealer malware. Microsoft confirmed the behaviour is "by design." Find out more

Telegram Marketplace Industrialises Stolen iPhone Unlocking: Infoblox traced a Telegram economy selling iPhone unlocking kits and Apple-impersonation smishing templates for $5 to $50 per device. DNS telemetry tied to verified smishing domains rose 350% in 2025. Find out more

Dutch Universities Disconnect Canvas After Second ShinyHunters Breach: Seven Dutch universities disconnected Canvas after ShinyHunters posted a message inside the live platform on 7 May, proving they still had access after Instructure's initial patches. The original breach hit 275 million users across 9,000 institutions. Instructure later confirmed a deal with the hackers and shred logs for the data. Find out more

Cisco SD-WAN Zero-Day Hits Maximum Severity: CVE-2026-20182, a maximum-severity auth bypass in Cisco Catalyst SD-WAN, is seeing active exploitation by threat cluster UAT-8616. Find out more

Expired Domain Backdoors node-ipc npm Package: Attackers re-registered an expired domain to hijack a dormant maintainer's email, publishing three trojanized versions of the popular npm package (700K weekly downloads). Find out more

HumanitarianBait Hides Payload on GitHub: Cyble Research identified a cyberespionage campaign disguised as a Russian-language humanitarian aid request. The RAR archive builds a fake "WindowsHelper" Python environment in AppData, then sideloads RustDesk or AnyDesk for remote access. Find out more

Void Stealer Quietly Goes Mainstream: A mid-tier infostealer running as MaaS via Telegram, Void Stealer features syscall-level EDR bypass and an operator-configurable webcam capture. Find out more

Gartner Magic Quadrant for Cyber Threat Intelligence 2026: Gartner released its first-ever MQ dedicated to Cyber Threat Intelligence, naming five Leaders (including CrowdStrike and Group-IB) out of 18 vendors. Find out more

Mandiant M-Trends 2026.Read report

Berlin Arrest, Kazakh National Charged With Spying for Russia: German authorities arrested a Kazakh national who photographed NATO convoys, profiled defense contractors, and offered to recruit more assets for Russia. Find out more

Japan Launches First Centralised Intelligence Agency Since WWII: PM Sanae Takaichi's National Intelligence Bureau goes live as early as July 2026 with ~700 staff, upgrading the existing Cabinet Intelligence and Research Office. Find out more

South Africa's Counter-Intelligence Boss Arrested in Gold Smuggling Case: Major-General Feroz Khan, head of SAPS Counter and Security Intelligence, was arrested on 10 May along with Gauteng Hawks chief Ebrahim Kadwa. Out on bail, next court date 14 July. Find out more

SVR Disinformation Network Head Detained in Argentina: Argentina detained a 26-year-old Russian national running "La Compañía," an SVR-controlled propaganda network operating across Latin America. Find out more

FBI Boosts Reward for Defector ($200K): The FBI increased the bounty for Monica Witt, a former US Air Force counterintelligence officer who defected to Iran in 2013 and leaked classified programs. Find out more

Podcast Recommendation: Secrets & Spies, hosted by Chris Carr and Matt Fulton, covers espionage, geopolitics, and intelligence community deep-dives. Worth a listen if you don't already follow them.

Meta Launches "Instants" to Rival Snapchat: Instagram's new feature allows sharing disappearing photos (view-once or 24-hour limits) with strict screenshot blocking. Interestingly, this rolled out just days after Meta disabled E2E encryption for Instagram DMs. Find out more

TikTok Real Targets Counterfeit Listings on TikTok Shop: New IP protection program brings 300+ IP experts into TikTok's detection pipeline, with a brand verification module letting rights holders review seller authorization claims directly. Find out more

YouTube Opens AI Likeness Detection to All Adults: Deepfake detection tool, previously limited to Partner Program creators and politicians, now open to anyone 18+ via government ID plus a selfie video. Find out more

Clockout - Invite-Only Professional Networking App: US-based localised social network for young professionals, passed 400,000 downloads and $1M ARR in beta. Find out more

iOS 26.5 Brings End-to-End Encryption to iPhone-Android RCS: Released 11 May, E2EE for cross-platform RCS is on by default and rolls out gradually as carriers sign on, putting iPhone-Android chats on par with iMessage. Find out more

Meta Kills Instagram DM Encryption, Keeps WhatsApp Encrypted: As of 8 May, optional E2EE for Instagram DMs is gone, with Meta redirecting users to WhatsApp, which remains default-encrypted. Viral claims that WhatsApp encryption was also removed are false. Find out more

Poland Adds Clothing and Footwear to SENT Transport Monitoring: As of 17 March 2026, Poland extended its SENT (System Elektronicznego Nadzoru Transportu) to clothing and footwear, placing these goods in the same regulatory class as fuels, alcohol, and tobacco. The threshold is low: any transport above 10 kg of clothing or 20 individual shoes triggers a mandatory PUESC registration. Non-compliance penalty: 46% of goods value, minimum 20,000 PLN. The Polish Ministry of Finance points to organised crime groups exploiting EU external transit procedure 42 00 to smuggle Chinese goods through Polish ports, with OLAF investigations confirming the pattern. First month results: 55,000 SENT submissions, 653 inspections, 34 fines. SENT is a Polish national system, not EU-wide. Find out more

OpenAI Brings Personal Finance to ChatGPT: Pro users in the US can now connect their bank accounts and ask ChatGPT where their money is going, turning the chatbot into a personal finance dashboard. Find out more

X User Tricks Grok Into Sending $200K in Crypto via Morse Code: An attacker expanded Grok's wallet permissions by sending it a "Bankr Club Membership" NFT, then asked the AI on X to translate a Morse code message and pass it to a trading bot. The decoded instruction triggered an immediate transfer of 3 billion DRB tokens ($200K) to the attacker. Find out more

VoidAccess - Self-hosted Dark Web OSINT Platform: Free open-source alternative to Recorded Future, DarkOwl, and Flare. Runs a 13-step automated pipeline from query refinement to graph mapping, with STIX 2.1, MISP, and Sigma export. Air-gapped deployment via Ollama. Find out more

OSINTRadar - Curated Tool Directory: Community-maintained index of 338 OSINT tools across 21 categories, with workflows for username, email, domain, image, geolocation, and wallet investigations. Find out more

Pizzagate.online - Network Intelligence Platform v8.0.

Android "Pause Point" Combats Doomscrolling: Announced at Google I/O, this feature forces a 10-second delay before opening designated "distracting" apps. It requires a full phone restart to disable, making it much harder to bypass than standard app timers. Find out more

Googlebook - Google's Chromebook Successor: Announced 12 May, Googlebook is a new laptop standard running "Aluminium OS" - a merged Android + ChromeOS platform. Successor to Chromebook and Pixelbook Go, with first devices launching later in 2026. Find out more

Fitbit Folds into New Google Health App: Years after Google acquired Fitbit, it is officially retiring the legacy app on May 19 to launch a completely unified platform: Google Health. The redesign features a Gemini-powered AI Coach and introduces a screenless tracker called Fitbit Air. Crucial note: Legacy Fitbit accounts not migrated to a Google account by July 15 will be permanently deleted. Find out more

Dream Market Admin Identified Via Dormant Crypto Wallets: German citizen Owe Martin Andresen, alleged main administrator of Dream Market ("Speedstepper"), was arrested 7 May after dormant marketplace wallets moved in late 2022 led investigators to him. He allegedly laundered $2M+ via crypto and Atlanta-shipped gold bars between 2023 and 2025. Faces 12 US counts (up to 20 years each) plus German charges. Find out more

The Passkey Spectrum: Defaults, Choice, and Security Keys (Yubico): Free webinar reframing passkeys as a spectrum rather than a binary choice between synced passkeys and security keys. May 21, 2026 | 9:00 AM PDT. Register

[PL] OSINT a RODO - jak legalnie analizować dane z otwartych źródeł? (Wolters Kluwer): Free Polish-language webinar on the legal boundaries between OSINT and GDPR. May 27, 2026. Register

Investigating the Ocean: How To Track Ships Like a Pro Using OSINT (Pulitzer Center): Free 90-minute session covering vessel tracking. June 9, 2026 | 4:00 PM GMT. Register

CyberGOV 2026: Polish conference on cybersecurity in public administration, with keynotes from the Minister of Digital Affairs and Ministry of Cyfryzacji. Workshops day on Zoom. May 20-21, 2026 | Warsaw. Find out more

ISC2 Poland Chapter Launch Event - Kraków: First educational event of the new ISC2 Poland Chapter, inaugural session "NIS2 Directive: Are You Ready?", held at Euroclear Kraków office. Free, prior registration required. Hybrid participation planned. May 21, 2026 | 17:00-21:00 | Kraków. Register

KITE 2026 Kyiv: Two-day in-person OSINT & cybersecurity conference with an OSINT Tournament, Free. September 1, 2026 Details

[PL]OSINT CTF NASK 2026 (second edition): The second edition of NASK's OSINT CTF is expected this autumn. Worth watching the NASK channels closer to the date.

GOSINTCon 2026: Germany's leading OSINT conference, hosted at the Leica Welt in Wetzlar. June 16, 2026 | Wetzlar, Germany. €469. Find out more

GlobalFact 2026: The 13th annual global fact-checking summit, run by the International Fact-Checking Network at Poynter. Disinformation, AI, and verification at scale. June 17-19, 2026 | Vilnius, Lithuania. Find out more

Hackfest 2026 OSINT/Social Engineering Bootcamp: Two-day advanced bootcamp led by two-time DEF CON black badge winner Shane MacDougall, covering profiling, targeting, and social engineering. October 28-29, 2026 | Quebec City. Find out more