June 2026

the cyber threat intelligence (cti) module release date june 24, 2026 the cyber threat intelligence (cti) module brings threat intelligence research, reporting, operationalization, and analysis together in the flare platform, and offers the following capabilities intelligence browser research threats, actors, campaigns, and indicators and follow the relationships between them to build a full picture of a threat threat flow generate technical and executive ready intelligence reports scoped to your organization's context, with the ability to pivot any named entity back into the intelligence browser enterprise ioc feed deliver iocs surfaced during research and reporting to your detection and response tools in stix 2 1 format over the taxii 2 1 protocol, compatible with siems, soars, edrs, tips, and firewalls sandbox and file analysis (add on) investigate suspicious files and urls discovered inside or outside flare with enterprise grade sandbox and analysis technology learn more docid\ rrhh7 7ulnlxqtkg ijtc | see how it works https //flaredemo storylane io/hub/atjmfwrb4wrp platform navigation updates release date june 24, 2026 the flare platform navigation has been reorganized to make key features easier to find here's what has changed there are dedicated sections in the left navigation for identity exposure and threat intelligence modules settings and help menus have moved to the top right corner click through the following product tour to learn more okta integration release date june 24, 2026 as part of the identity exposure management (iem) module, you can now integrate with okta to sync user identities as identity identifiers with proper configuration, the okta integration provides the following benefits identity sync pulls users from your okta directory and creates identity identifiers to match against leaked credentials identity profiles each synced user gets an identity profile used for investigation following a credential exposure event automated credential validation leaked credentials can be automatically validated to determine whether they are still valid bulk password validation bulk password validation allows you to select leaked credentials and validate them all at once remediation actions when a credential is confirmed valid, manual or automated remidiation actions can be performed on it learn more docid\ gvu3v0xvtlo ej0kylebb domain matching policy for identifiers release date june 17, 2026 domain matching policy for identifiers is now available for astp subscribers it monitors for compromised credentials associated with your domain and scopes detections to the user population most relevant to your threat model compromised credentials are surfaced using two match modes email domain surfaces detections where the compromised credential includes an email address at your organization's domain authentication domain surfaces credentials that can potentially grant access to your platform, identifying any user who authenticates on your domain regardless of where their email is hosted this gives security teams precise visibility into credential exposures without noise from out of scope identities learn more docid\ zg1zxobulcijhudrj hkg usage dashboard release date june 17, 2026 the usage dashboard now includes an overall organization usage section at the top of the page it provides an at a glance view of how your organization is consuming key flare resources for the current month, with a summary card for each of the following identifier usage current identifier count with your total allotment idp synced identities total identities synced from your connected identity provider global search usage searches run against your quota, with a breakdown by module, member, and tenant takedowns takedown request usage when the service is enabled sandbox usage sandbox quota consumption learn more docid\ jr9fd wclv88vilng3694 audit logs release date june 12, 2026 the following enhancements have been made to audit logs filtering is now available to focus the view to the actions most relevant to your investigation active filters are reflected in the url, making filtered views easy to share directly with others log entries are now retained for one year learn more docid\ iuroor uuh1f318v4boqy identifier api endpoints release date june 9, 2026 five new endpoints are now available in the public api for managing identifiers https //api docs flare io/api reference/v4/endpoints/list identifiers list identifiers https //api docs flare io/api reference/v4/endpoints/list identifiers create identifier https //api docs flare io/api reference/v4/endpoints/create identifier update identifier https //api docs flare io/api reference/v4/endpoints/update identifier retrieve identifier https //api docs flare io/api reference/v4/endpoints/retrieve identifier delete identifier https //api docs flare io/api reference/v4/endpoints/delete identifier these new endpoints follow a standardized request and response structure, with clearly defined payloads, parameters, and response schemas, improving on the previous assets based format that caused inconsistencies for some users the original endpoints remain available alongside the new ones to support current integrations for new integrations, we recommend using the new endpoints the breaches directory release date june 9, 2026 the breaches directory has been updated with the following changes breaches without credentials now appear in the directory alongside credential breaches three new columns (verified, credentials, and pii) support granular filtering and clearer at a glance context active filters are reflected in the url, making it easy to share a filtered view directly with others breaches with credentials link directly to the credentials browser and leaked events breaches without credentials link directly to the global events feed learn more docid\ mfophcda703rhauixoisj updates to ransom leak events release date progressive rollout beginning june 9, 2026 flare now detects when a ransomware blog post is updated after it has already been crawled and generates a new ransom leak event the update event includes a structured view of what changed between the original and updated versions learn more docid\ w6hs sglbc zgv1rthowm jira service management support in jira alert channels release date june 10, 2026 jira alert channels now include custom fields which can be used to configure jira service management (jsm) request types this allows flare alerts to be routed directly to jsm projects and tracked alongside existing service requests learn more docid\ kxvmcnotecpsblk ypofr sharing events from the events feed release date june 3, 2026 a new share event action is now available in the event details > actions menu selecting it copies a link to the event to your clipboard, which automatically routes recipients to the correct tenant context when opened learn more docid\ dtls7nx5g qwodcs3ydpd