Consulting: A quick, high-impact session for individuals and teams to solve immediate bottlenecks.

1:1 OSINT Mentoring: Step-by-step guidance to sharpen your personal tradecraft over time.

Tailored Training: Custom workshops built strictly around your group's specific goals.

Lithuania Confirms Mass Data Breach Via Migration Department Accounts: Over 600,000 Real Estate Register records, including personal IDs, were pulled using credentials tied to the Migration Department; officials blame a foreign state. Find out more

Netherlands Seizes 800 Servers in Stark Industries Takedown: Dutch FIOD arrested two men and seized 800 servers from WorkTitans and MIRhosting, which kept Stark's infrastructure running after EU sanctions. The hosting network was tied to DDoS campaigns, disinformation, and proxy services used by Russia-aligned threat actors. Find out more

Ghost CMS Flaw Turns Harvard, Oxford, and DuckDuckGo Into ClickFix Malware Hosts: A critical SQL injection bug (CVE-2026-26980) was used to inject malicious JavaScript into 700+ high-trust sites via fake Cloudflare prompts. A patch has existed since February. Find out more

OnlyFans "340M User Mega Leak" Is a Hoax Pushing Infostealers: There was no breach; the seller admitted the dataset was stitched from old Twitter, Instagram, and Spotify leaks, while fake "leak checkers" push Lumma Stealer. Find out more.

EntryPoint Hijacking - A Stealthier Code Injection Technique: Purple Team's deep-dive on overwriting a legitimate DLL's EntryPoint to evade EDRs; code runs only on legitimate thread creation, then restores. Find out more

Group-IB Warns of Synthetic Data Breaches Flooding the Market: Group-IB tracked five Chinese-language Telegram and forum brokers selling "leaks" that are mostly recycled old breaches padded with fabricated data. Find out more

A Researcher's War on Microsoft Goes Public: A researcher known as Nightmare-Eclipse (also Chaotic Eclipse) released six Windows zero-days targeting Defender and BitLocker between early April and mid-May, three of them used in real-world attacks. GitHub disabled the account around May 23 and GitLab on May 26-27; the researcher kept distributing via a personal blog and mirrors, framing it as fighting Microsoft "censorship." On May 28 Microsoft's MSRC condemned the uncoordinated releases and signalled its Digital Crimes Unit could pursue charges. The researcher says they are a mistreated former Microsoft reporter whose MSRC account was deleted over unpaid bounties. An International Cyber Digest OSINT writeup went a step further and tried to name the person behind the alias, citing reused usernames and an on-screen "zdi" folder as the link, but the outlet flagged it as a hypothesis and then deleted the investigation. Mainstream coverage has pointedly declined to publish any name. A useful reminder that attribution built on reused handles and desktop artefacts is a lead, not a verdict, and that publishing it can do real harm if it is wrong. Find out more.

FinCEN Issues Notice on the Threat of Human Trafficking During the 2026 FIFA World Cup. Article | The Notice.

Cyfluence Research: Cyber-Based Influence Campaigns, 18-24 May 2026: A weekly roundup of cyber-enabled influence operations and the actors behind them. Report.

Belpol Maps 100+ Belarusian KGB and GRU Officers Under Diplomatic Cover: A new Belpol (Belarusian opposition group) investigation names over 100 KGB and GRU officers in roughly 40 countries, many also tasked by Russian intelligence. Many also run tasking for Russian intelligence, effectively turning Belarusian embassies into Kremlin branches. Find out more.

Russia Threatens to Rip Up Armenia Gas Deal Over EU Ambitions: Foreign Ministry spokeswoman M.Z warned that Russia could unilaterally suspend or cancel the 2013 agreement guaranteeing Armenia duty-free gas, oil products and rough diamonds, citing Yerevan's EU accession bid. With Russia supplying at least 80% of Armenia's gas and elections days away, Pashinyan rejected the ultimatum. Find out more.

Ukraine Launches Portal to Expose Russia's Foreign Recruitment Network: stoprussianrecruiters[.]org maps how Moscow recruits foreign fighters; over 28,000 nationals identified, mostly vulnerable migrants from Asia, Africa, and Latin America. Find out more.

Russia Signs Military Partnership With the Taliban: Russia and the Taliban signed a military cooperation agreement on May 27 in Moscow, a year after the Kremlin became the first state to recognise the Taliban as Afghanistan's government. Exact terms remain unclear. Find out more.

A Instagram Highlights Could Soon Appear on Facebook.

Reddit's Public API Quietly Erodes "Private" Profile Settings: Sites like ghostddit surface "private" Reddit posts via the public API; Pushshift, PullPush, ArcticShift retain content even after deletion. PowerDeleteSuite or Redact are the realistic mitigation.

WhatsApp Tests Status Reshare Indicator: WhatsApp beta for Android (2.26.17.10) is testing an indicator showing when a Status update has been widely reshared.

‘Instant Data Scraper’ extention Caught Exfiltrating Browsing History: After a quiet ownership change, the popular scraping extension now sends every URL you visit to a remote server, with a hidden channel to silently redirect that data. For OSINT work it logs your sources and methodology; uninstall and block api[.]idscraper[.]com. Find out more.

Mullvad Exit IPs as a Fingerprinting Vector: A VPN's own exit IPs can become a fingerprinting signal, narrowing rather than widening your anonymity set. Find out more.

Bug Bounty Platforms Are Drowning in AI Slop: AI-generated noise is overwhelming programs (HackerOne +76%, Bugcrowd x4, curl shut down), burying genuine findings behind long triage queues. Find out more.

Sharp Eyes: How to Track a Foreigner in China - NetAskari accessed a publicly exposed Public Security Bureau dashboard from Zhangjiakou prefecture the "Dynamic Control Platform for Overseas Personnel." Though a demo, it was partly populated with real data including passport numbers and ID photos of Beijing-based foreign journalists, and shows how China's surveillance stitches train seat numbers, fuel purchases, ski-pass facial recognition, and relationship graphs into a single operator console. As the NetAskari writes: We've all read the reports on China's surveillance capabilities, but rarely seen them laid out as one coherent system. Check this investigation here.

OSINT Challenge: The Missing Pieces: D4rk_Intel's hands-on challenge puts you in the seat of a threat-intel analyst unmasking the creator behind a Telegram bot, walking through the full investigative flow. A good weekend exercise.

Northdata Adds "Ownership and Flags" Beneficial-Owner Mapping: Northdata is previewing a new add-on that surfaces a person's or entity's active participations, listing every company where they are a beneficial owner, with participation type, size, and jurisdiction (showing only stakes above 0.5%). A quick way to map cross-border ownership links that normally takes a trawl through multiple registries.

PastPage: An open-source browser extension for source recovery, letting you pull back and preserve the underlying source of a web page. Handy for evidence capture when a page may change or vanish.

DRISH-X: An open-source tool that detects, counts, and tracks truck traffic on any highway on Earth using only free Sentinel-2 satellite imagery and a browser.

Google Changes Its Search Box for the First Time in 25 Years: At I/O 2026, Google turned its search box into an AI-driven, multimodal input powered by Gemini 3.5 Flash, with conversational follow-ups and background "Information Agents."

RetoSwap "Most Anonymous Exchange" Loses 7,000 Monero: The Tor-based Monero P2P exchange lost ~7,000 XMR (~$2.7M) to a Haveno protocol exploit and suspended trading; the coins can't be traced or recovered. Find out more.

ES] Rastrear Personas utilizando OSINT (Alonso ReYDeS): Free Spanish-language webinar on tracing people using OSINT. June 4, 2026, 4:00-4:45pm. Register.

Introduction to Russian Open-Source Intelligence Collection (i-intelligence): A free 60-minute intro to Russian OSINT collection techniques, part of i-intelligence's OSINT-languages series. Instructor: Vytenis Benetis. Twice on June 29 (identical sessions): 3:00 PM Singapore Time and 2:00 PM Central European Time. Find out more.

Huntress Declassified, Episode 3: A webinar series exposing the realities of cybercrime and identity risk. July 28, 12:00 PM EDT (NAM) / 5:00 PM BST (EMEA); July 29, 10:00 AM AEST (APAC).

Crypto CTF 2026: A jeopardy-format cryptography CTF organised by the Iran-based ASIS team, linked to Sharif University of Technology in Tehran. June 13-14, 2026, online.

OSINT for Executives (CxO Academy / Professio Executive) September 7, 2026. Find out more.

UN Jobs Board: Plenty of interesting openings. Access the complete list of job openings across all the United Nations agencies and major international organisations.