2026 Releases
2025 Releases
47 min
december 2025 đ pii values from auto fills of stealer logs release date dec 18, 2025 ⨠whatâs new personally identifiable information (pii) such as addresses, phone numbers, and emails are now automatically surfaced for stealer logs this information appears directly in the infected devices event card content, enabling faster insight without manual digging đŻ why it matters this enhancement empowers security analysts to quickly assess the specific types of pii exposed for any given leakâcritical for vip protection, executive risk assessments, and targeted incident response đ you can read more about infected devices https //docs flare io/illicit networks#yvejy đ emerging source shai hulud github exfil repos release date dec 16, 2025 ⨠whatâs new weâve added a new emerging source to monitor github repositories created by the shai hulud 2 0 npm worm , which exfiltrates secrets and credentials to public repos using compromised github tokensâoften via tools like trufflehog đŻ why it matters this source gives you early visibility into possible compromises via npm malware campaigns, offering critical insights before attackers weaponize leaked secrets đ you can learn more https //docs flare io/emerging sources#8xsm1 đ
sort tenant feed by matched date release date dec 16, 2025 weâve added a new way to organize your https //app flare io/#/events you can now sort events by their matched date âthe moment flare detected and added the event to your feed whatâs new toggle between creation date (when flare estimates the event occurred) and matched date (when flare ingested the event) when sorting your feed why it matters depending on your workflow, you may prefer to see events in the order they were detected versus when they occurred this added flexibility helps tailor your investigation view to match the urgency and context of the situation see our full documentation on https //docs flare io/event date fields#ttyj4 đ new collection page metrics driven transparency into dark web coverage release date dec 2, 2025 weâve launched a brand new https //docs flare io/collection page in flareâyour go to destination for understanding how and where we collect dark web and illicit data this update brings our collection process into the spotlight with greater visibility, accountability, and user confidence đ value metrics view daily, weekly, monthly, and yearly stats that showcase the growing value flare delivers to your organization đ go to the https //app flare io/#/collection in the flare app â
source reliability with slos for the first time, weâre publicly sharing service level objectives (slos) for each of our dark web sources, including clear indicators of https //docs flare io/collection overview#0y4ut and coverage đŞoperational transparency see the real time status of each source, including whether weâre meeting slos or experiencing temporary issues flare is proud to be the only provider offering this level of visibility into dark web data reliability learn more https //docs flare io/collection overview#5dsgu đď¸ tenant admins can edit integrations page release date december 2, 2025 ⨠whatâs new tenant admins can now setup and edit entra id integrations đŻ why it matters giving tenant admins the ability to set up and edit entra id integrations unlocks more precise role based control over who can manage critical integrations this has been a frequent customer request, and it helps organizations reduce bottlenecks, improve operational ownership, and tighten governance around integration setup and changes november 2025 đ¤ identity profile exposure level release date november 26th, 2025 ⨠what's new for identities actively monitored with identity exposure management, an docid\ wl3hdzqylk5shvy 7towz now include current severity ("what needs to be resolved right now") identity posture tags to provide context for this identity based on entra id config and vip statuses severity level timeline to easily spot when an identity's exposure level spiked or dropped due to remediation đŻ why it matters surface clear, consolidated risk indicators directly on the identity profile đ credentials browser metrics and hide duplicate credentials toggle release date november 26th, 2025 ⨠whatâs new you can find high level metrics on top of the https //app flare io/#/credentials browser to keep the pulse on recent leaked credentials volumes you can now filter credentials to hide duplicates to easily remove noise and focus on credentials when they first appear in the credentials browser đŻ why it matters instantly gauge volumes of credentials per tenant remove noise from credentials and focus on those that matter most đĄď¸ severity level for leaked credentials events release date november 26th, 2025 ⨠whatâs new leaked credentials events now include a severity panel in the event details, highlighting which rule has been triggered by this credential for iem customers, their severity level now reflects whether a credentials has been marked as valid with entra id, whether it relates to a vip identity, etc link to identity profiles from leaked credentials events đŻ why it matters leaked credentials severity rating helps triaging leaked credentials events, prioritize those that matter most in their current context đ¨ iem alerting release date november 26th, 2025 ⨠whatâs new you can now configure alerts to trigger when a user's password is confirmed valid and mitigation actions occur on the identity đŻ why it matters you will now be notified when a successful password is found and validated enabling the team to better understand which accounts were leaked ideally this would set off an ir process to evaluate if the account has been accessed by a malicious actor đľď¸ search query assistant release date november 26th, 2025 ⨠whatâs new the https //app flare io/#/events now suggests fields to research on when you type in your search terms you can find recent searches to reuse instantly search with ai beta create search queries based on natural language input đŻ why it matters this makes building advanced queries accessible to everyone, to find the data points that matter most đ identifiers metrics release date november 11th, 2025 ⨠whatâs new visual widgets now display key metrics about identifier usage directly on the identifiers page instantly see usage trends and volumes without navigating away đŻ why it matters these updates help you monitor identifier utilization at a glance, making it easier to manage limits, track trends, and maintain visibility across your usage october 2025 đŁ phishing kit credentials release date october 28th, 2025 ⨠whatâs new we now automatically extract credentials found in telegram phishing messages gathered from telegram phishing backends details can be found https //docs flare io/leaked credentials#jms4r đŻ why it matters this adds a unique new source of leaked credentials, improving visibility into active phishing operations and increasing our chances of detecting intrusions earlier đ§ named leaks browser release date october 27th, 2025 ⨠whatâs new we have launched a named leaks browser within the collection page, which lists of all the verified breaches (named leaks) that flare covers the number of credentials matching your tenant are shown in this table, you can click through to view them in the credentials browser đŻ why it matters you can now verify which named leaks flare covers and how your organization has been impacted quickly and easily đ identity exposure management release date october 15th, 2025 weâre excited to introduce identity exposure management , a new capability that helps you proactively detect, validate, and remediate exposed employee identities â reducing breach risk and accelerating incident response ⨠what's new identity identifiers introduces a new identifier type to represent people and their associated identity attributes replaces the legacy email , name , and username identifier types â all of which have now been consolidated under âidentity â authorized identities â synced directly from entra id , enabling full functionality such as identity profiles , blast radius visualizations , and automated validation and remediation unauthorized identities â created manually within flare and support manual password validation only identity profiles identity profiles provide a centralized view of each employeeâs identity, attributes, exposures, and associated risk for authorized identity identifiers identity attributes pulled from entra id (e g , last password change date, session validity, token validity, job title, department, user type, and account status) a blast radius visualization showing the potential impact if an identity were compromised automation capabilities identity exposure management supports the following automated workflows for authorized identity identifiers password validation mark user as compromised revoke session disable user đŻ why it matters identity driven breaches remain one of the most common and damaging cyber threats with identity exposure management, flare unifies credential exposure data, identity context, and remediation workflows â giving you visibility and control over compromised accounts before attackers can exploit them for more details đ september 2025 đ§ forum thread intelligence release date september 29th, 2025 we've launched forum thread summaries to help you rapidly understand forum discussions and extract actionable intelligence without manually reviewing every post ⨠what's new first post summary providing detailed context about the thread's origin, including the original poster's claims, topics introduced, and supporting materials referenced actor intent analysis assessing why the thread was createdâwhether to expose information, warn the community, conduct business, or achieve other objectives first post indicators displaying urls and references shared in the original post for pivoting and investigation replies summary analyzing the complete community response, including main themes discussed, key debates, concerns raised, and collective intelligence gathered sentiment analysis evaluating the community's overall attitude toward the thread's subject, revealing consensus, division, or mobilization around the topic top actors identification showing the most active contributors by reply volume and percentage of thread participation đŻ why it matters forum thread summaries transform threat intelligence workflows by providing rapid threat assessment to quickly determine if a thread contains actionable threats or critical intelligence context at a glance eliminating the need to manually read through hundreds of posts to understand the discussion sentiment insights revealing whether allegations are validated, disputed, or escalating within the threat actor community contributor tracking identifying highly engaged actors who consistently participate in relevant discussions intelligence extraction distilling key claims, evidence, and community knowledge into actionable summaries efficient monitoring enabling analysts to track multiple forum discussions simultaneously without information overload this release enables security teams to scale their forum monitoring efforts and extract meaningful intelligence from community discussionsâleading to faster threat detection and more informed security decisions for more details đ đ network tab in actor intelligence release date september 25th, 2025 we've launched the network tab within actor profiles to help you visualize actor to actor relationships and discover connected threats across forum interactions ⨠what's new interactive relationship mapping showing the top 25 connected actors based on recent activity patterns visual connection strength with line thickness indicating interaction frequency between actors relationship groupings automatically categorizing connections into five types friendly, neutral, authoritative, hostile, and collaborative actor node interactions allowing you to click any connected actor to view relationship details and behavioral analysis color coded relationship types providing immediate visual context for connection dynamics relationship type definitions accessible by clicking on group nodes to understand categorization criteria đŻ why it matters the network tab transforms actor investigations by providing relationship discovery to identify previously unknown connections between threat actors influence mapping to understand hierarchies and key players within threat networks lateral threat expansion enabling analysts to pivot from one actor to discover related threats social engineering insights by revealing communication patterns and relationship dynamics threat group validation to confirm suspected associations between malicious actors this release enables security teams to move beyond individual actor analysis and understand the broader threat landscape through relationship mappingâleading to more comprehensive threat intelligence for more details đ đ new behavior when updating identifiers release date september 18, 2025 ⨠whatâs new when adjusting an identifierâs parameters (severity, sources, ignored terms), events previously collected will remain in the feed if they still match the updated settings ď¸đŻ why it matters previously, changing an identifierâs parameters would reset its feed this implied additional wait times when adjusting an identifier with the improved behavior, updated event feed will be available faster after each change when fine tuning your identifiers august 2025 âď¸ new tenant admin role & ui updates release date august 20, 2025 weâre excited to roll out a new tenant admin role and a set of ui updates that give clients greater flexibility in managing their tenants and assigning responsibilities this update incorporates feedback from clients to make tenant assignment smoother and more intuitive ⨠whatâs new tenant admin role in addition to tenant viewer and tenant editor , you can now assign the new tenant admin role manage users, integrations, and tenant details within their assigned tenant tenant admins only see data related to their tenant (not the full organization) only org admins can add tenant admins to tenants team page ui updates org admins can now bulk select team members to assign them to a tenant with a specific role permissions overview when assigning a role or creating a new org member, an overview of permissions is displayed for better clarity helps customers feel confident and informed when managing access updated documentation a brand new https //docs flare io/roles and permissions is available, serving as a reference for assigning roles effectively and better understanding permissions đŻ why it matters these improvements give organizations more control and flexibility when managing tenants by introducing a clear tenant admin role, enhancing bulk assignment actions, and making permissions more transparent, flare aims to ensure the right people have the right level of access đ secret detection enhancements for source code release date august 20, 2025 weâve refined our secret detection engine to better identify sensitive information across source code platforms like github and docker hubâhelping your team spot real threats faster while reducing false positives ⨠whatâs new dual source monitoring all github and docker hub events collected by flare are scanned using a rule based engine trained to detect known secret formats risk based scoring non generic secrets trigger an increase in severity score due to their strong signal of real risk generic secrets trigger a decrease in severity score to minimize alert fatigue from false positives đŻ why it matters by distinguishing between high confidence leaks and generic patterns, flare prioritizes what really mattersâgiving your team a smarter, more focused response strategy đł new data source docker hub release date august 20, 2025 weâve expanded our data collection capabilities to include key metadata from docker hub, giving you deeper visibility into container based development risks this update helps identify exposed secrets and organizational identifiers embedded in container metadataâcritical for securing modern devops environments đ actor profiles release date august 15, 2025 we've launched comprehensive actor profiles to help you investigate actors and understand behavioral patterns across the flare platform ⨠what's new centralized actor investigations with dedicated profile pages accessible from any underlined actor name activity tab showing timeline visualization, volume breakdowns, and most recent events analysis tab (forum based events) providing behavioral insights, linguistic analysis, and potential threat assessment activity breakdown chart with filterable categories and date ranges weekly discussion heatmap displaying posting patterns by hour and weekday with timezone analysis đŻ why it matters actor profiles transform how analysts investigate and assess actors by providing behavioral trend analysis to identify patterns and assess risk levels cross event pivoting to trace activity across multiple incidents tied to the same actor false positive validation by understanding actor context and intent threat actor investigations with comprehensive behavioral and linguistic profiling this release enables security teams to move beyond isolated events and develop a deeper understanding of actor behavior, motivations, and potential threatsâleading to more informed threat assessments and faster incident response for more details đ ⊠optimization of look alike domain scanning release date august 13, 2025 we've significantly optimized the performance of look alike domain scanning ⨠what's new a 90% reduction in the time it takes between scans for all domain identifiers a daily scan for look alike domains that are a single character off from the original đŻ why it matters this enables faster results, faster alerts, and simply better detection, enabling our customers to act on potentially malicious domains quicker and prevent phishing attacks from taking place july 2025 âď¸ bulk actions in credentials browser release date july 28, 2025 weâve added faster ways to triage exposed credentialsâso you can act with confidence at scale ⨠whatâs new bulk remediate / un remediate credentials bulk ignore / un ignore credentials clearer visuals for remediated and ignored statuses to improve at a glance scanning if your tenant has an idp connection enabled, you can now filter credentials by identity provider (idp) validation status ânot validated, valid, invalid, unknown, or error đŻ why it matters these updates are designed to streamline remediation workflows and improve visibility into credential statusâespecially when working at scale empower users to decide when and how to mark credentials as remediated or ignored quickly identify which credentials need attention by filtering based on idp verification status this release supports our ongoing efforts to make the credential browser more actionable and intuitiveâenabling faster response times and better informed decisions june 2025 âď¸ combolist filtering in credentials browser release date june 30, 2025 weâre releasing an impactful enhancement to the credentials browser you can now filter out combolists, making it easier to focus your investigations on actionable leaks ⨠whatâs new a new toggle to exclude combolist entries while browsing leaked credentials cleaner views that reduce noise, helping you prioritize relevant credential leaks this feature directly addresses requests to manage data more effectively during investigations đ entra id exposed credential verification release date june 17, 2025 we're super excited to announce a major milestone in our identity focus roadmap entra id exposed credential verification is now live! ⨠whatâs new you can now validate leaked credentials discovered by flare directly against your microsoft entra id environment this powerful integration helps your team validate whether exposed credentials are still active prioritize which threats to respond to address identity risks swiftlyâcutting down mean time to respond and lowering operational costs đŻ why it matters not all credential leaks are created equal credential validation allows you to separate real risks from outdated data by confirming if the leaked username and password pairs are still valid in entra id this means fewer false positives and more targeted, effective responses đ§ easy to set up we've created a step by step setup guide to help you get started quickly once connected, you can seamlessly pivot from flare to entra id for manual response đŽ what's next entra id validation is the first step in flare's broader identity intelligence strategy stay tuned for future updates, including automated identity detection and response workflows â
available now to all flare customersâat no additional cost đˇď¸ pii tagging in the credentials browser release date june 12, 2025 we have added pii tagging to the credential details view in the credentials browser for credentials that were published as part of a named breach, alongside the details of this leak's source we have now added the details around which types of pii were also leaked đˇď¸ major dark web crawling infrastructure expansion release date june 11, 2025 weâve significantly upgraded our crawl infrastructureâresulting in faster, more reliable, and broader data collection across all key dark web sources crawl throughput has increased by over 3x , vastly expanding our daily data coverage system operations have grown 5x , unlocking greater stability and resilience weâve removed bottlenecks across forums, markets, blogs, and pastes , positioning us to scale even further this sets a strong foundation for delivering fresher, more complete threat intelligence to customersâfaster than ever đŁ improvements to the identifiers experience đŁ release date june 5th, 2025 weâre excited to announce a set of updates to the identifiers page these improvements are designed to make your workflow smoother and more intuitive ⨠whatâs new 	⢠full width table view the identifiers table now spans the entire page for better visibility and easier navigation 	⢠new creation modal creating new identifiers and groups is now cleaner with a modernized modal interface 	⢠simplified navigation interactions like opening and browsing identifiers are more intuitive and efficient 	⢠refreshed layout key actions like search, filter, create, and usage info are easier to find and use 	⢠bug fixes weâve also resolved several issues to improve overall performance and reliability đŻ why it matters this update delivers a cleaner, faster, and more consistent experience when working with identifiers itâs built to help you stay focused, move faster, and feel more in controlâso you can get more done with less friction april 2025 đ enhanced search & filtering in credentials browser release date april 23, 2025 weâre rolling out a major update to the credentials browser that significantly boosts your ability to explore and manage leaked credentials within your tenant ⨠whatâs new search within tenant feed you can now search your credentials by email domain, email, username, password, and url â all directly in the tenant feed advanced filtering options 	⢠date imported 	⢠identifier scope 	⢠source 	⢠password policy bulk actions quickly remediate or ignore multiple credentials at once with new bulk selection capabilities đŻ why it matters this update makes triaging and managing credentials far more efficient, giving you faster access to the data that matters most the tenant and global tabs in the credentials browser now offer a consistent experience, streamlining your workflow and boosting operational speed please find more detailed information https //docs flare io/credentials browser#kqtqr đľď¸ actor profiles release date april 19th, 2025 we've introduced brand new actor profile drawer whenever you click an actor in any event think of it as your quick look dossier for threat actors ⨠whatâs new actor profile drawer one click from any event opens a side drawer with everything we already know about that actorâno context switching required activity timeline visualizes spikes in activity over time; the larger the node, the more activity during that period category & date filters easily filter the timeline to focus on specific types of activity or time frames the default source is inherited from the event you clicked switching to all sources can be powerful, but beware identical names across sources donât always point to the same individual đŻ why it matters actor profiles are the first step toward richer entity intelligence inside flare đ introducing the new takedown page release date april, 3rd 2025 weâre excited to introduce a dedicated takedown section in flare this new page centralizes our external threat takedown services, helping you reduce risks from malicious domains, leaked code repositories, social media impersonation, and more the streamlined interface makes it easier than ever to submit , manage , and track takedown requests for more details on how the process works, explore the resources available in this https //docs flare io/takedown services march 2025 đ major boost to credential coverage release date march, 25th 2025 weâve upgraded our credential ingestion engine and just completed a massive import this means you have faster access to leaked credentials, improved coverage, and reduced delays to getting your hands on the data during major leaks what's new faster data ingestion with this release, weâre officially debuting our new automated ingestion system more credentials weâve just completed a massive ingestion effort, processing 36 billion lines across 850 files while 80â90% of the credentials were already in our database, we expect to extract another billion credentials in a follow up pass increased credential coverage this pipeline can now ingest, validate, and import credentials from nearly any ulp or stealer log source with minimal friction this milestone means faster response times, improved credential coverage, and a scalable ingestion system thatâs ready for the next big leak đ dashboard filter by identifier scope release date march, 25th 2025 weâve added the ability to filter the dashboard by identifier scope, so you can now view the data by identifier, identifier group, or tenant this will allow for deeper drilling into the data and segmenting to provide clearer, more actionable intelligence đ alert central quick access to alerts via email notifications release date march, 12th 2025 weâve improved the user experience by adding direct links to specific alerts in email notifications now, when you receive an alert notification by email, you can click a link to open this alert directly in alert centralâmaking it faster and easier to review and edit đ alert central create alerts from the identifiers page release date march, 10th 2025 weâve brought back the ability to create alerts directly from the identifiers pageânow with an improved and more intuitive experience! you can seamlessly create alerts within an identifier, streamlining the process plus, if you donât have a channel set up yet, youâll now have the option to create one on the spot all of your alerts and alert channels are still accessible in alert central, making it easier to view, edit, and organize them in one central location february 2025 đŚ new stealer log severity rule release date february, 27th 2025 we have added a new severity rule for events that contain stealer log data if highly sensitive file types are found in the stealer log file list we will increase the severity of that event learn more in our section đ identifier group moves instant & reliable release date february, 20th 2025 weâve revamped how identifiers move between groups to eliminate data loss, improve speed, and reduce system strain previously, moving an identifier could result in missing events, slow repopulation, and performance issues now, identifiers move seamlessly while retaining all related events whatâs new? retain events all past events stay linked to the identifier, even if they are no longer available online instant updates moved identifier feeds update in real timeâno more waiting for data to repopulate visual feedback a new indicator highlights when events are being updated after an identifier move this update ensures a smoother, more reliable experience when organizing identifiers within your groups đŹ adding all forum sources for threat flow intel and conversation explorer release date february, 14th 2025 threat flow previously summarized conversations from only 10 high value forums now, weâve expanded coverage to include all of flareâs forum sources for more comprehensive results whatâs new? expanded coverage more results your queries will return a larger volume of insights now that all available forums have been included noise filter weâve done work on our end to weed out irrelevant conversations and surface only the most relevant discussionsâensuring the content remains informative, even with expanded coverage new sources filter browse by forum even if you havenât entered a search term yet, you can select a specific forum from the new sources filter this immediately narrows down the results to that forum, making it easier to explore conversations on the fly ⨠question based intelligence release date february, 13th 2025 creating custom intelligence from threat flow is now much easier whatâs new? guided intel creation a step by step approach helps you ask the right question and configure your custom intel threat flow handles all the behind the scenes work, so you can focus on what you need preview before finalizing quickly preview your intel output to ensure itâs aligned with your search refine if neededâno more waiting for full generation just to learn it's off target keyword filtering include or exclude specific terms to narrow down conversations threat flow will scan content for these keywords to surface only what matters most to you why it matters? better time management eliminate guesswork by previewing results before finalizing your intel improved relevance guided steps and keyword filters help you zero in on exactly what you need streamlined workflow refine your queries before intel generation, so you can quickly get to insights that matterâwithout sifting through unnecessary information đ alert central channel status & multiple emails to a channel release date february, 10th 2025 weâre introducing a new feature in alert central channel status ! đ weâve added https //docs flare io/alert central#em2fg to help you monitor your alerting channels and ensure alerts are delivered without issues we are also allowing you to attach multiple emails to one channel whatâs new? each alert channel will now display one of three statuses tested connection is verified and working not tested connection hasnât been checked yet connection failed alerts are not being sent due to an issue why it matters? this update gives you better visibility into your alerting setup, helping you quickly detect and fix connection issues ensure critical alerts reach the right emails đ alert central release date february, 3rd 2025 introducing alert central , flareâs unified alert management system designed to streamline how you configure and track alerts across multiple channels https //docs flare io/alert central centralizes everything into a single, intuitive interfaceâboosting efficiency, flexibility, and control hereâs what makes alert central stand out unified alert management â view and manage all your alerts and channels in one place, ensuring complete visibility and control flexible channel selection â choose from multiple communication channels, including email, slack, discord, jira configure each channel with custom settings, such as recipient email or webhooks, to fit your teamâs workflow tailored alerting strategy â assign alerts to specific channels based on the level of severity with alert central, flare gives you greater control over your alerts, ensuring that critical events reach the right people when it counts january 2025 đ introducing a better way to manage your audit logs release date january 28, 2025 weâve enhanced audit log management to give you more control and flexibility you can now filter logs by type, user, and date , making it easier to track specific activities additionally, weâve introduced the ability to export logs, ensuring seamless record keeping for your team why it matters having clear and accessible audit logs helps improve transparency, security, and compliance đ˘ new event count visibility release date january 28, 2025 flare users can now see the total number of events linked to an identifier, making it easier to assess activity levels at a glance why it matters with this update, you can quickly gauge activity levels related to a specific identifier, allowing for better monitoring and faster insights 2024/2025 holiday update here are the updates and fixes we implemented during december, including enhancements to streamline workflows and improve usability đ credential browser see related stealer logs you can now quickly identify the stealer log associated with any credential pair by clicking "view events " why it matters this enhancement makes it easier to investigate credentials, saving time and improving incident response efficiency đ identifiers improved subdomain filters weâve redesigned subdomain property filters with the following options resolves / does not resolve filter subdomains based on dns resolution status is reachable / is not reachable filter subdomains by accessibility why it matters these options provide more control for identifying and managing active subdomains, improving threat surface visibility đ api ignore/remediate events or leaks our api now supports ignoring or remediating events and leaks directly whatâs new access the api to programmatically mark events as ignored or remediated documentation https //api docs flare io/api reference/v4/endpoints/event actions#event actions ignore remediate etc why it matters automating event actions reduces manual intervention, making it easier to scale incident management 𧾠threat flow conversation details & navigation improvements weâve added new features to streamline navigation in threat flowâs conversation explorer thread tab a dedicated "thread" tab now highlights the part of the conversation that created the event "go to event" links quickly jump to the related event in global search from both the "content" and "thread" tabs why it matters this improvement provides better context for events, reducing the time spent navigating between views and ensuring faster data insights