Intelligence Security X

@0xLAEY You can do it from here - intelligencesecurity.io//search

@IntelSecX 1 file download (credentials, cookies, sessions) where I can find the download button? can't see it

🔓 New: Sign up with Email — no Telegram required Intelligence Security now supports dual login. Register with email + password, Telegram, or link bot to one account. Search 500 billion+ indexed records from public breaches, dark web sources & infected devices. Every free account gets: ├ 🔍 1 search across breach databases ├ 📦 1 file download (credentials, cookies, sessions) └ 🔐 Full access to all search types What you can search: ├ Leaked credentials & passwords ├ Browser data from compromised systems ├ Session cookies └ Paste sites & dark web mentions Your email might already be in a breach. Search it and find out — takes 30 seconds. 🌐 intelligencesecurity.io #OSINT #CyberSecurity #ThreatIntelligence #InfoSec #BreachIntelligence #BugBount

@0xLAEY You need to perform a intelligent search and you will be able to download a result.

🔍 EMAIL RECON: nasa.gov — 46,000+ Emails & 22,000+ Subdomains From One Query NASA builds rockets. But their digital footprint is just as massive. We ran Email Recon + Domain Recon on nasa.gov using only publicly indexed sources. 📊 Results: ├─ 📧 46,000+ corporate emails indexed ├─ 🌐 22,000+ subdomains discovered ├─ 🏢 12 NASA centers identified └─ 📋 630+ mailing lists & distribution groups 🚀 12 NASA centers — mapped from email patterns alone: ├─ 🛰️ JPL (Jet Propulsion Lab) — 8,100+ emails ├─ 🌍 Goddard Space Flight Center — 3,700+ ├─ ✈️ Ames Research Center — 1,900+ ├─ 🔬 Langley Research Center — 1,500+ ├─ ⚡ Glenn Research Center — 1,200+ ├─ 🧑‍🚀 Johnson Space Center — 1,200+ ├─ 🚀 Marshall Space Flight Center — 1,000+ ├─ 🏗️ Kennedy Space Center — 840+ ├─ ✈️ Armstrong Flight Research — 840+ ├─ 🏛️ NASA HQ (Washington DC) — 570+ ├─ 💻 NASA Supercomputing Division — 250+ └─ 🔥 Stennis Space Center — 150+ 🏗️ Subdomain analysis reveals: ├─ 📧 Hundreds of mail server configurations ├─ 🔧 1,000+ development & testing environments ├─ 📡 100+ API endpoints ├─ 📖 Documentation & wiki platforms └─ 📋 Admin & monitoring infrastructure ⚠️Why this matters: Email patterns reveal organizational structure, team sizes, naming conventions, and internal project names — all without accessing a single system. For security teams: if an attacker can map your entire organization from public sources, so should you. All data sourced from publicly indexed breach databases. 🔗 intelligencesecurity.io/en/search 🤖 t.me/intelligencese… #OSINT #CyberSecurity #InfoSec #NASA

Gaining Initial Access and Outsmarting SmartScreen .zip email attachment that includes a VHDX (Hard Disk Image File) + Mark of the Web and SmartScreen bypass using Trusted Executable Reputation and DLL Sideloading github.com/g3tsyst3m/Code… #dfir #blueteam #redteam #pentesting #ThreatHunting

GitHub - suuhm/CVE-2026-21509-handler: PowerShell script to check, apply, and test the Kill-Bit protection for the CVE-2026-21509 Microsoft Office zero-day vulnerability affecting Office 2016/2019/LTSC. github.com/suuhm/CVE-2026…

🔍 How Bug Bounty Researchers Use Stealer Intelligence T-Mobile has been breached 9 times since 2018. Before touching a single endpoint, we queried publicly indexed breach data through our platform. One query returned: ├─ 🏗️ Internal engineering environments ] ├─ 🔐 SSO & authentication portals ├─ 📋 Project management systems ├─ 📦 Source code platforms ├─ 🌐 VPN access points ├─ 🍪 Post-auth session data └─ 📧 Thousands of corporate emails across 6 subsidiary brands This is how modern recon works in bug bounty: You don't scan. You don't bruteforce. You search what's already been indexed from infected machines. Stealer logs show you what employees accessed — internal tools, admin panels, staging environments — all visible before writing a single exploit. No hacking. Just intelligence. 🔗 intelligencesecurity.io/en/search 🤖 t.me/intelligencese… #OSINT #BugBounty #InfoSec

🔍 DOMAIN RECON: onlyfans.com — 208 subdomains mapped with a single query OnlyFans processes billions in creator payments annually. We ran Domain Recon through our platform and verified each subdomain. 📊 Results: ├─ 📡 208 subdomains discovered ├─ 🌐 18 resolving to live IPs └─ ☁️ Infrastructure across 3 cloud providers 🔎 Key findings by category: 🔐 Authentication & Identity: ├─ oauth.onlyfans.com → Auth endpoints ├─ id.onlyfans.com → KYC system (Azure) └─ autodiscover.onlyfans.com → Exchange services ⚙️ Internal Tools: ├─ bug2.onlyfans.com → Error tracking (Sentry) ├─ webhook-beta.onlyfans.com → Beta webhooks └─ Multiple staging/test environments detected 📺 Streaming Infrastructure: ├─ 12+ live streaming servers identified ├─ Multiple stream processors and converters ├─ Geo-distributed nodes (US, UK, DE, SG, CA) └─ Release canary pipeline detected 🛒 Third-Party Integrations: ├─ store.onlyfans.com → Shopify ├─ status.onlyfans.com → StatusPage └─ KYC provider integration visible 💡 What this reveals for security teams: ├─ Full tech stack identification ├─ Cloud provider distribution mapped ├─ Development/staging environments discoverable ├─ Third-party dependencies exposed └─ Geographic infrastructure layout visible One query. No scanning. Just public intelligence. 🔗 intelligencesecurity.io/en/search 🤖 t.me/intelligencese… #OSINT #CyberSecurity #InfoSec

Odyssey Stealer (macOS) malware being spread through Kimi chatbot AI artefact: kimi[.]com/share/19c6bb6c-c172-82d9-8000-0000b6baa613 Base64 encoded curl to: kayeart[.]com

‼️🇺🇸 A threat actor is allegedly selling scraped Polymarket user data, including 93K username lines with wallet IDs, usernames, X/Twitter accounts, deposit volumes, PnL, and exchange funding sources. The full 180K scrape is also available. The dataset is being offered to a single buyer for $4,999.

🔍 EMAIL RECON: uber.com — 10,000+ Corporate Emails From One Query In 2022, Uber was breached by a teenager using stolen contractor credentials + MFA fatigue. We ran a single Email Recon query on uber.com through our platform. 📊 Results: 10,000+ corporate emails indexed 📂 What Email Recon reveals: ├─ 👥 7,227 employee emails (firstname.lastname pattern) ├─ 🔗 2,773 external contractor emails (@ext.uber.com) ├─ 📋 12+ distribution/group lists ├─ 🧪 20+ test accounts └─ 🌍 Regional emails from 8+ countries 🏢 Organizational structure visible: ├─ 🔐 Security teams ├─ ⚖️ Legal & Compliance ├─ 💰 Finance & Billing ├─ 🍔 Uber Eats operations ├─ 🛴 Jump/mobility teams └─ 🌎 Regional support (LATAM, Europe, Asia) ⚠️ Why this matters: The 2022 breach started with ONE contractor credential. Today, 2,773 contractor emails are publicly indexed. Email patterns reveal: ├─ Naming conventions (predictable) ├─ Team structures ├─ Third-party partnerships ├─ Internal project names └─ Geographic operations 🛡 Recommendations for organizations: ├─ Monitor your domain in breach intelligence databases ├─ Audit which emails are publicly indexed ├─ Implement stricter email exposure policies ├─ Train contractors on security awareness └─ Review distribution list visibility 10,000+ emails. Team structures. Naming patterns. All from one query. The data exists. The question is: do you know your exposure? 🔗 intelligencesecurity.io 🤖 t.me/intelligencese… #OSINT #CyberSecurity #InfoSec

🔍 DOMAIN RECON: stake.com — Mapping the External Footprint of the World's Largest Crypto Casino $1B+ in annual revenue. Drake as ambassador. Lost $41M in 2023 breach (attributed to Lazarus Group). We ran Domain Recon through our platform and verified every subdomain. 📡 33 subdomains discovered. Key findings: 🌐 stake.com → 403 (Cloudflare protection) ⚙️ api.stake.com → 404 (Node.js backend) 🔐 oauth.stake.com → 404 (OAuth endpoint) 🛒 shop.stake.com → 301 (Shopify redirect) ❓ help.stake.com → 302 (Intercom helpdesk) 🎮 evolution.stake.com → 404 (Gaming integration) 📰 news.stake.com → 301 (Blog redirect) 🏗 beta/old/play.stake.com → 404 (Legacy endpoints) 🔎 What Domain Recon reveals: ├─ 🛠 Tech stack identification (Node.js, Shopify, Intercom) ├─ 🔐 Authentication endpoints mapped ├─ 🌐 Third-party integrations visible via CSP headers ├─ 📍 Wildcard DNS configuration detected └─ 🏗 Infrastructure patterns across subdomains 💡 Why this matters for security teams: ├─ Understand your organization's public exposure ├─ Identify forgotten or legacy subdomains ├─ Map third-party dependencies ├─ Detect misconfigurations before others do └─ Baseline for continuous monitoring All from a single Domain Recon query. No scanning. No intrusion. Just public intelligence. 🔗 intelligencesecurity.io/search 🤖 t.me/intelligencese… #OSINT #CyberSecurity #InfoSec

🔍 CASE STUDY: jeff@amazon.com — What 796 Records Reveal About a Billionaire's Email We searched Jeff Bezos' known corporate email jeff@amazon.com on Intelligence Security. 📊 RESULTS: 796 records found 📂 Breakdown: ├─ 🔒 leaks.restricted (312) → Credential dumps with jeff@amazon.com ├─ 📁 leaks.logs (207) → Compromised systems referencing this address ├─ 🌐 web.public (233) → Cached references and mentions ├─ 🧅 darknet.tor (24) → Tor marketplace & forum mentions └─ 📰 usenet/pastes/docs (20+) 🌍 207 Leak Logs from 25+ Countries: ├─ 🇳🇬 Nigeria: 25 ├─ 🇺🇸 USA: 21 ├─ 🇮🇳 India: 10 ├─ 🇹🇷 Turkey: 10 ├─ 🇿🇦 South Africa: 8 ├─ 🇧🇩 Bangladesh: 8 ├─ 🇨🇦 Canada: 7 ├─ 🇫🇷 France: 5 ├─ 🇧🇷 Brazil: 5 ├─ 🇵🇰 Pakistan: 4 ├─ 🇲🇦 Morocco: 3 ├─ 🇻🇳 Vietnam: 3 ├─ 🇬🇭 Ghana: 2 ├─ 🇨🇳 China: 2 └─ 76 unidentified ⚠️ Why are 207 compromised systems linked to jeff@amazon.com? These aren't breaches against Jeff Bezos personally. They're systems where users: ├─ Typed jeff@amazon.com in a form ├─ Had it saved in browser autofill ├─ Listed it in email databases for outreach ├─ Stored it in contact lists or CRM exports └─ Used it as a "test email" in configurations 📂 The restricted leaks tell a bigger story: 312 credential dumps containing this email: ├─ Large compilation files (Nov-Dec 2025) ├─ Multi-million record combo lists ├─ Private channel distributions └─ Actively traded in 2025-2026 🧅 24 Darknet Tor references: ├─ Tor mirrors of news articles about Amazon ├─ Forum discussions about Amazon security └─ Underground marketplace mentions 🎯 The lesson: You don't need to be "breached" for your email to appear in 796 records. Every service you signed up for, every form you filled, every database that was compromised — it all accumulates. Even the world's richest man has 207 leak logs linked to his email. How many do YOU have? 🔗 intelligencesecurity.io/search 🤖 t.me/intelligencese… #OSINT #CyberSecurity #InfoSec

📊B2B Data Brokers - The Industry Trading Your Information Did you know companies exist solely to collect and sell professional data? We searched apollo.io on Intelligence Security: → 6,940 results found 📂 What's exposed: ├─ 🔑 Passwords: 403 files ├─ 🍪 Cookies: 537 files ├─ ⌨️ Autofills: 114 files ├─ 📁 Browser data: 990 files ├─ 📋 Combo lists: 2,164 files └─ 📄 Other: 2,696 files 🏢 B2B platforms commonly found in leaks: ├─ Apollo.io → 200M+ professional contacts ├─ Clearbit → Business data enrichment ├─ Exactis → 340M records leaked (2018) └─ People Data Labs → 1.2B records exposed 📋 What these databases contain: ├─ Corporate & personal emails ├─ Direct phone numbers ├─ Job titles & departments ├─ Employment history ├─ Linked social profiles ├─ Company revenue estimates └─ Technology stack information ⚠️ The risk: When data brokers get breached, professional intel becomes accessible beyond sales teams: ├─ Detailed org charts exposed ├─ Executive contact info circulating ├─ Corporate structures mapped └─ Years of enriched data in one place 🛡️ How to protect your organization: ├─ Search your corporate domain regularly ├─ Request data removal from brokers (GDPR/CCPA) ├─ Monitor executive exposure ├─ Train employees on data sharing risks └─ Implement email obfuscation policies Your professional data is a product. Know where it's circulating. 🔗 intelligencesecurity.io/search 🤖 t.me/intelligencese… #OSINT #InfoSec #B2BData

🔍 The Epstein Flight Logs: Publicly Unsealed Records In January 2024, 950+ court documents were unsealed, including flight manifests from Epstein's private aircraft. We indexed these public records in our database. 📊 Top passengers by documented flight count: ├─ Ghislaine Maxwell: 520 flights ├─ Bill Clinton: 25 flights ├─ Alan Dershowitz: 12 flights ├─ Kevin Spacey: 11 flights ├─ Chris Tucker: 11 flights ├─ Naomi Campbell: 5 flights ├─ Prince Andrew: 1 flight └─ Donald Trump: 1 flight 📂 What's indexed: ├─ Flight_Logs/ → Passenger manifests ├─ Names/ → Cross-referenced individuals ├─ Jan-03-2024-Documents/ → Court filings ├─ Names-vs-Docs/ → Document correlations └─ 721 files total from darknet.i2p archives 💡 Why this matters: Public court documents often end up fragmented across multiple sources. Intelligence Search consolidates them into a single searchable database. Flight logs. Court filings. Name correlations. Seconds to search. ⚠️ Note: Flight records indicate travel only, not involvement in any crimes. All data from publicly unsealed court documents. 🔗 intelligencesecurity.io 🤖 t.me/intelligencese… #OSINT #Epstein #PublicRecords #CourtDocuments #Investigation 🔍 The Epstein Flight Logs: Publicly Unsealed Records In January 2024, 950+ court documents were unsealed, including flight manifests from Epstein's private aircraft. We indexed these public records in our database. 📊 Top passengers by documented flight count: ├─ Ghislaine Maxwell: 520 flights ├─ Bill Clinton: 25 flights ├─ Alan Dershowitz: 12 flights ├─ Kevin Spacey: 11 flights ├─ Chris Tucker: 11 flights ├─ Naomi Campbell: 5 flights ├─ Prince Andrew: 1 flight └─ Donald Trump: 1 flight 📂 What's indexed: ├─ Flight_Logs/ → Passenger manifests ├─ Names/ → Cross-referenced individuals ├─ Jan-03-2024-Documents/ → Court filings ├─ Names-vs-Docs/ → Document correlations └─ 721 files total from darknet.i2p archives 💡 Why this matters: Public court documents often end up fragmented across multiple sources. Intelligence Search consolidates them into a single searchable database. Flight logs. Court filings. Name correlations. Seconds to search. ⚠️ Note: Flight records indicate travel only, not involvement in any crimes. All data from publicly unsealed court documents. 🔗 intelligencesecurity.io/search 🤖 t.me/intelligencese… #OSINT #Epstein #Investigation

Intelligence Security Discover If your data has been leaked. 1 email/domain search day/free. Top Leak URLs Subdomains Related Domains Sample Credentials Risk Factors intelligencesecurity.io #osint

🔒 Why Cookies Can Be More Critical Than Passwords We found in leak logs active sessions from enterprise services: ☁️ AWS Console ├─ JWT tokens with session identifiers ├─ Console session cookies └─ Allow access without re-authentication 💬 Slack ├─ Corporate workspaces exposed └─ Session cookies from multiple organizations 🔐 Okta (SSO Provider) ├─ Employee session tokens └─ Access to federated portals 📊 Salesforce ├─ CRM instances exposed └─ Active session cookies 🔷 Microsoft 365 ├─ login.microsoftonline.com cookies └─ Persistent session tokens ⚠️ Why Cookies Are Critical: With a valid session cookie: ├─ ✗ No password required ├─ ✗ MFA not triggered (already validated) ├─ ✗ Session already authenticated └─ ✗ Valid until expiration or logout 🛡️ How to Protect Yourself: ├─ Log out of sensitive services when done ├─ Use "Sign out all devices" periodically ├─ Enable login alerts ├─ Review active sessions regularly └─ Clear browser cookies periodically 🏢 For Organizations: ├─ Implement session timeout policies ├─ Monitor access from unusual locations └─ Force re-authentication for sensitive actions One exposed cookie = full account access. 🎁 Limited time: Up to 17% OFF on all plans — ends in 3 days intelligencesecurity.io/subscriptions/… Check your exposure: 🔗 intelligencesecurity.io/search 🤖 t.me/intelligencese… #SessionSecurity #CyberSecurity #InfoSec #SecurityEducation #CloudSecurity

Weekly OSINT: February 2026 Vulnerabilities & Threat Activity In the first week of February 2026, security researchers and national CERTs disclosed over 40 new product vulnerabilities across consumer and enterprise platforms, while multiple threat actors ramped up active exploitation and phishing campaigns. CISA updated its Known Exploited Vulnerabilities catalog, and inspections revealed supply-chain compromises, advanced ransomware evasion modules, and new RAT deployments. This report summarizes key disclosures, exploited flaws, emerging campaigns, and associated indicators.

CVE-2026-20841 - Windows Notepad App Remote Code Execution Vulnerability For nearly thirty years, notepad.exe was treated as a simple utility. It functioned as a basic Win32 text editor designed solely to display text. A CVSS score of 8.8 for an application intended only for viewing data is a departure from the principle of least privilege. The vulnerability allows an attacker to trick a user into clicking a malicious link embedded in a Markdown file opened in Notepad. Doing so can trigger untrusted protocols, leading to the download and execution of remote content. #dfir #blueteam #pentest #redteam #cve #notepad

🔑 API Keys in Leak Logs - The Hidden Exposure Your API keys might be in exposed browser data right now. When a system gets compromised, malware captures: ├─ Browser history (URLs with keys in query params) ├─ AutoFill data (saved API endpoints) ├─ Cookies (session tokens) └─ Downloaded files (configs, .env files) We searched for major API endpoints in leak logs: 📊 Live Data Search Results: 🔵 api.stripe.com ├─ Found in: AutoFill data from multiple browsers └─ Context: Payment API endpoints saved in forms 🐙 api.github.com ├─ Found in: Browser cookies └─ Context: Session tokens + user fingerprints 📱 api.telegram.org ├─ Found in: Chrome/Edge AutoFill data └─ Context: Bot API endpoints saved in forms 📞 api.twilio.com ├─ Found in: Downloaded source files └─ Context: Code with API configuration ☁️ amazonaws.com ├─ Found in: Database dumps └─ Context: AWS SES email configurations 📂 Where API Keys Hide in Leak Logs: ├─ 🌐 Browser History │ └─ api.service.com/?key=sk_live_x… │ ├─ ⌨️ AutoFill Data │ └─ Saved API endpoints from dev tools │ ├─ 🍪 Cookies │ └─ Session tokens for API dashboards │ ├─ 📁 FileGrabber │ ├─ .env files with API_KEY=xxx │ ├─ config.json with credentials │ └─ Source code with hardcoded keys │ └─ 📥 Downloads └─ API documentation, SDK configs ⚠️ Why This Is Critical: Exposed API keys can lead to: ├─ Unauthorized access to paid services ├─ Data exposure from connected systems ├─ Financial impact from service abuse ├─ Reputation damage from compromised integrations └─ Compliance violations (PCI, SOC2) 🛡️ How to Protect Your Keys: ├─ Never hardcode keys in source code ├─ Use environment variables properly ├─ Rotate keys regularly ├─ Monitor API usage for anomalies ├─ Use key vaults (AWS Secrets Manager, HashiCorp Vault) └─ Implement IP allowlists where possible 🔎 How to Check Your Exposure: Search for: ├─ Your company domain (api.yourcompany.com) ├─ Service endpoints you use └─ Email domains associated with APIs Your keys are only as secure as every device that's touched them. 🔗 SEARCH intelligencesecurity.io/search 🤖 t.me/intelligencese… #CyberSecurity #DevSecOps #InfoSec