The OSINT Team blog was compromised via a Ghost CMS flaw: Attackers reached the database without authentication and injected malicious JavaScript posing as a fake Cloudflare dialog to push malware. The flaw also exposed the newsletter subscriber list; whether any addresses leaked is unconfirmed. The site has moved to a fresh host and returns shortly with full content.

Bright Data SDK turns smart TVs into AI-scraping proxies: Include Security found Bright Data's SDK quietly enrols always-on smart TVs (Samsung Tizen, LG webOS) as residential exit nodes for AI scraping, routed through the owner's home IP. Roku, Fire TV and Google dropped the practice; Samsung and LG did not. Find out more.

Pokémon Go scans now train military drone navigation: Player location scans since 2021 trained Niantic's visual positioning system; in December 2025 its mapping spin-off partnered with US defence firm Vantor to feed the tech into drones that navigate where GPS is jammed. Find out more.

Malware authors poison their code to trigger AI refusals: Developers embedded weapons-related text into spyware to trip an LLM's safety refusals, so AI scanners would decline to analyse the sample. Socket shows how first-order safety alignment creates exploitable second-order blindspots. Find out more.

threatactorusernames.com (created by CTI__Updates): type in a username and it surfaces active forum accounts tied to it.

EU Global Threats Programme takes over the GIFP organised crime portfolio: The Global Illicit Flows Programme legacy continues under the EU's new Global Threats Programme. Find out more.

CrowdStrike 2026 Technology Threat Landscape Report

2026 European Drug Report (EUDA + EU Commission): The annual snapshot of EU drug markets and trends. Report.

Finland Probes Unusual Espionage Case: Finland's National Bureau of Investigation opened a preliminary probe into suspected intelligence activity carried out in Finland but targeting a third country. Find out more

US Raises Israel Counterintelligence Threat Level to "Critical": The Pentagon elevated its assessment of the counterintelligence threat posed by Israel to the highest possible level. Find out more

CIA Officer Caught With $42M in Gold Built a "Fake" Program: The FBI arrested 17-year CIA officer David J. Rush after finding 303 gold bars (~$40M) plus over $2M in cash at his home; he allegedly invented an unacknowledged "continuity of government" program and read in two colleagues to funnel funds into it. Find out more

Several Suspected Espionage Cases in Northern Norway: PST arrested a Chinese woman on Andøya over an alleged satellite-receiver scheme via a front company, and a Chinese man near Bodø air station (home to NATO's newest air operations centre). Find out more

Ireland Launches a Dedicated Security Service: An Garda Síochána is standing up An Garda Síochána Security Service (GSSS) to counter hostile states, terrorism and extremism alongside a drone first-responder trial, an anti-terror hotline and a deradicalisation programme seen as the biggest shift in Irish policing since the Criminal Assets Bureau. Find out more

Hackers just asked Meta AI for high-profile Instagram accounts: No malware, no zero-day attackers set a VPN to the target's region, started a password reset, then told Meta's AI chatbot to swap the recovery email; accounts without 2FA fell instantly. The flaw reportedly ran April 17–May 31, 2026, hitting up to 20,225 accounts, including the Obama White House and US Space Force. Bot to check if your username was caught: @F_FFbot. Find out more

Reddit Launches Video Replies: Reddit is rolling out video in comments. More info here.

X Limits Free Accounts to 50 Posts / 200 Replies a Day: New caps land on free-tier accounts, with direct knock-on effects for monitoring and scraping workflows. Find out more.

Update to How 1Password Families Handles Member Removal: A quiet but significant change to family account management on 1Password has stirred up community discussion about trust and who really owns an account. Worth a look if you share a vault with anyone. Find out more.

A Look at Hardware Security Keys for Passkeys: Google's practical guide to pairing hardware security keys with passkeys for a more robust authentication setup handy if you're tightening up your account security. Find out more.

What your WiFi name gives away: Rainbolt’s “change your wifi name” shows how a distinctive SSID signatures can be searched straight back to a specific house. Source.

OpenAI Ships "Lockdown Mode" for ChatGPT: An optional setting that limits ChatGPT's outbound requests to cut data-exfiltration risk from prompt injection disabling agent mode, deep research, image retrieval and downloads. It severs the exfil channel, not the entry point. Find out more

UK Launches "PoliceAI" Centre: A national centre to develop, test and roll out approved AI tools across all 43 forces in England and Wales, backed by £75M covering footage analysis, deepfake detection, redaction and transcription. Find out more

NetAskari's "Sharp Eyes" — Part 2: In the last edition I shared Part 1 of NetAskari's investigation into China's mass surveillance of foreigners; Part 2 is now out. The starting point is a publicly exposed dashboard, the "Dynamic Control Platform for Overseas Personnel" (DCPOP) from Zhangjiakou prefecture, tied to the local Ministry of Public Security. In this part the author shows how they verified it's a genuine government system rather than someone's hobby project, and what else was sitting on the server.

Last Issue's Challenge — Who's Behind the Telegram Bot: In the previous edition I shared d4rk_intel's puzzle on tracing who or what sits behind a Telegram bot.

DNSDumpster: A solid, free DNS recon tool for mapping domains and infrastructure.

Trace Labs OSINT VM 2026.05: The new quarterly release migrates the build from Kali to Debian 13, ships Obsidian with Trace Labs templates by default, and adds Owlculus to the tooling script. VirtualBox and VMware builds plus the standalone setup script come with checksums.

Building Height Calculator: Estimate a building's height from a satellite image using shadow length, location and date even when you don't know the capture time. made by Fabian Hinz.

Google Launches "Search Profiles": Google is rolling out a new profile feature to help creators and publishers shape how they show up in Search. To be eligible you need a public profile with at least 100,000 followers on a single supported platform (Instagram, YouTube or X), or 300,000 on TikTok. Note that the profile URLs are indexable and crawlable.

What "AI Mode" Actually Means: At I/O 2026, Google made AI Mode the global default search experience its biggest change to Search in 25+ years. Powered by Gemini 3.5 Flash, it synthesises queries into direct answers with conversational follow-ups before you reach the blue links.

Apple + Met Police: Stolen iPhones Made Unusable: The Met now shares stolen-device identifiers with Apple, so a phone marked lost via Find My becomes an "unusable brick." Reactivations of London-stolen devices reportedly fell from ~80% to under 20%, with phone thefts down 18% year-on-year. Find out more

Apple Adds an AI-Based Password Changer: A new iOS Passwords feature detects compromised passwords and uses an Apple Intelligence agent to log in and change credentials for you. Expected with iOS 27 later this year. Find out more

Apple Builds an Anti-Snatch Lock: Code seen by 9to5Mac shows Apple developing a feature that auto-locks an iPhone the instant it's snatched, using motion sensors and Apple Watch proximity to trigger Stolen Device Protection. It closes the gap left when a thief grabs a phone while it's still unlocked. Find out more

Georgia Detains Two Behind "AudiA6" Crypto Exchange and "Dark2Web" Forum: Georgian authorities, working with US and European partners, arrested a Ukrainian and a Russian national on June 10 in Batumi over the AudiA6 laundering service (~$389M processed) and the linked Dark2Web cybercrime forum; both sites now show seizure banners and the US is seeking extradition. The case followed an earlier Polish Police action in September 2025. Find out more

Can You Spot Fake News? (Centro per lo Sviluppo Creativo Danilo Dolci): A free session on recognising and countering disinformation. June 17, 15:00 CEST | Register

From Bitcoin Wallet to Dark Web Infrastructure (StealthMole): Following financial indicators to map the hidden network behind "Snuff Cinema." June 17, 4:00 PM SGT | Register

Media and Information Literacy: Combating Hate Speech in the Digital Age (UNESCO / Centre for Human Rights, Pretoria): Launch of UNESCO's new Issue Brief on countering online hate speech. June 18, 13:30–15:00 CEST | Register

Investigating Leaks & Large-Scale Data (GIJN): Techniques for handling and investigating large leaked datasets. June 18, 2026 at 9:00am US EDT (3:00pm CET) | Register

Combatting Mis- and Disinformation: How High-Quality Journalism Strengthens the Web and Wikipedia (ICFJ): How quality reporting reinforces the integrity of the open web. June 23, 4:00 PM GMT / 11:00 AM EST | Register

Drug Trafficker Detection with Targeted Typology Analytics (Verafin): How precision analytics surface trafficking patterns in financial data. June 24, 12:30 PM EST | Register

Right Click, Investigate: Open Source Secrets in Plain Sight (KeyNorth Group): A webinar with speaker Chantale Vahey on open-source tools to reveal hidden data on webpages and spot digital breadcrumbs others miss aimed at frontline investigators and analysts. June 24 (EN) / June 25 (FR) | Details

[PL] Narzędzia i techniki OSINT (Kyndryl / PWCyber): Polish-language OSINT training for public-sector staff in the national cybersecurity system with Polish sign-language interpretation. June 30, 10:00–12:10 | Registration closes June 29, 13:00

JournalismAI Skills Lab (Polis, LSE): A 14-week, free, virtual programme on implementing LLMs, GenAI and agents in journalism. Apply by June 21. Find out more

leHACK 2026 (HackerZVoice): France's biggest and oldest hacking event returns to Paris, with English-language conference tracks, a leLAB, wargame and an OSINT village in preparation. June 26–28 | Cité des Sciences et de l'Industrie, Paris | Register

OSINT Olympics 2026 (Sofia Santos): A new, deliberately very hard public OSINT challenge - only one person solved it in the original 90-minute slot. Free and open to all.

Internet Intelligence & Investigations Conference 2026 (CJS). June 30 | Check it here.