Best OSINT Newsletters: Staying Current in Open Source Intelligence

OSINT moves fast. New tools pop up, platforms shift their APIs, and investigative techniques get refined daily.

To keep up, you need trusted info sources. I've put together a list of key newsletters and publications for OSINT practitioners. These aren't marketing emails. They're packed with actionable content to keep you ahead.

The essentials include Bellingcat Newsletter, OSINTTraining Newsletter, SANS Institute Publications, IntelXchange Newsletter, Cybergison Newsletter.

These sources offer practitioner-focused content, no fluff. Stay sharp.

OSINT-Focused Newsletters

Sector035's Week in OSINT sets the bar high. The newsletter is essential reading for active OSINT practitioners. New tools, technique updates, and community discussions get covered weekly. Years of consistent publishing have honed the quality.

The newsletter covers tool release notes. It also includes tutorial links. Worthwhile Twitter discussions and technique updates get summarized.

For deeper dives, OSINT Combine delivers. Their output is less frequent but packs more detail. They cover phone number investigations, geolocation strategies, social media sleuthing methods.

The Bellingcat Newsletter supports conflict zone investigations, disinformation tracking, human rights documentation. Their investigative reports, methodologies, and tool documentation are key resources. The newsletter includes recent case updates, explainers on methods, tool guides, and community news.

It keeps you current.

Threat Intelligence Newsletters

The provided frontmatter and content will be preserved, with only the prose being rewritten to match the target style.

The SANS Internet Storm Center's Daily Diary provides a daily dose of threat intel. It covers active exploits, new attack patterns, and IoC digests. Security analysts and threat teams rely on it.

Brian Krebs investigates cybercrime, fraud, and breaches. His email updates alert you to major pieces, often including OSINT techniques and criminal infrastructure.

Risky Business is a weekly newsletter and podcast. Patrick Gray filters out the noise. You get relevant security news. Sources include SANS Internet Storm Center's Daily Diary, Krebs on Security, and Risky Business.

Geopolitics and Intelligence Analysis Newsletters

The Intel Brief delivers geopolitical OSINT, conflicts, state actors, and open-source evidence of military and political events. It's a go-to for verifying conflict zone intelligence.

Lawfare provides deeper analysis. The focus is on national security law and policy, intelligence oversight, and cyber conflict. The topics covered are vital for understanding the legal landscape of intelligence gathering.

Community Newsletters

OSINT Curious puts out a weekly roundup of techniques. Real investigations use these methods. The community there is about practitioners sharing knowledge.

Trace Labs sends out a newsletter. It covers their CTF events, new techniques, and community news. This is for people using OSINT to find missing persons.

What Makes a Good OSINT Newsletter

Good OSINT newsletters are written by people who actually do investigations. They cover specific tools, techniques, case studies. You'll see links to original sources and tools. The publication schedule is consistent. Often, the authors are pseudonymous, but their track records check out.

Avoid newsletters that read like a product pitch from security vendors. They might cover vague OSINT trends without getting into details. They sometimes republish press releases. They sporadically land in your inbox.

Twitter can be faster for breaking news. Accounts like @sector035, @nixintel, @hatless1der often share useful information. Newsletters help you catch up with a weekly roundup of what's been happening in the community. They are useful for this purpose.

Telegram Channels as Real-Time Newsletters

Several Telegram channels act like real-time newsletters. @cybdetective posts OSINT tool updates and techniques. @osint_mindset focuses on Russian-language OSINT and strong techniques. @bellingcat_en shares updates on Bellingcat investigations. @thehackernews provides security news digests.

These channels fill a gap, offering real-time awareness without a full Twitter feed. becomes

Several Telegram channels act like real-time newsletters. @cybdetective posts OSINT tool updates and techniques. @osint_mindset focuses on Russian-language OSINT and strong techniques. @bellingcat_en shares updates on Bellingcat investigations. @thehackernews provides security news digests. They offer real-time awareness without a full Twitter feed.

---

Updated April 2026. See also: OSINT Training Resources, Best OSINT GitHub Repositories, What Is OSINT?.

Maltego's classic tool does entity extraction, focusing on websites, people, and organizations. It surfaces connections you didn't know existed. The free version lets you test the waters.

Maltego's entity extraction works by dropping in a seed—a domain, an IP address, or a name. Maltego then starts graphing connections, providing a map with linkages to other entities, possible handles, and associated IP addresses.

The goal is to identify your target's digital footprint. Maltego helps find blind spots, showing where they're exposed, and where you can gather more information.

The free version has limits, capping at 250 entities. However, it's enough to get a feel for the tool and see if it fits your workflow.

The paid tiers offer more capabilities, allowing you to dig deeper, analyze larger datasets, and get more precise.

Maltego's not the only tool out there; other options exist. If you're already using it, these tips help you get more from it. The free version's worth checking out; you might be surprised what turns up.

Users often hit roadblocks and miss features, but training helps. Maltego offers resources to walk you through.

Maltego surfaces information, which is what OSINT's about—finding what's out there. I've seen it work.

Further Reading

• Sector035 Week in OSINT
• OSINT Curious newsletter