INDEPENDENT • 2026

Threat actors evolve.
So do we.

We track criminal infrastructure, expose adversarial tradecraft, and publish the research that keeps defenders ahead of the next breach.

ACTIVE MONITORING
Independent threat research collective
est. 2026 • Global operations
0xdev1 — Founder
Mythos — Research Lead

Adversarial Threat Research.

Ransomware-as-a-Service: Affiliate Program Structures Exposed
Full operational breakdown of a major RaaS affiliate network: recruitment pipelines, revenue splits, escrow abuse, and exit-scam indicators.
Feb 2026
Zero-Day Memory Poisoning in Autonomous AI Agents
Novel technique for persistent context injection across multi-turn LLM sessions — exploitation primitives, detection gaps, and patch analysis.
Jan 2026
The 42% Blind Spot: EDR Evasion at Scale
Systematic analysis of evasion tradecraft defeating leading EDR and SIEM platforms — coverage gaps, bypass chains, and detection engineering fixes.
Dec 2025
Dark Web Marketplace Infrastructure Mapping
OSINT-driven cartography of hidden service hosting, escrow provider clusters, and admin opsec failures across active criminal marketplaces.
Nov 2025
Supply Chain Compromise via Malicious MCP Servers
Attack surface deep-dive into the Model Context Protocol: how threat actors weaponize trusted integrations to pivot into enterprise AI pipelines.
Oct 2025

Frameworks & Methodologies.

v4.2
UMBRA Threat Model

18 adversarial tactics · 310+ techniques · 4,800+ criminal procedures mapped against real incident data.

Explore Documentation →
v2.1
PromptForge

2,100+ validated adversarial prompts for red-teaming LLM deployments — jailbreaks, injection chains, and alignment bypasses.

View Playbook →
v1.8
ThreatVector OSINT

87 curated intelligence sources covering criminal forums, paste sites, leak channels, and infrastructure registries.

Download Framework →

Intelligence & Offensive Tools.

UmbraRecon
v3.4

Passive reconnaissance engine with criminal infrastructure enrichment — maps actor clusters, bulletproof hosting, and C2 pivot chains.

View on GitHub →
ThreatMapper
v2.1

Automated attack surface discovery — identifies exposed assets, misconfigured cloud resources, and shadow IT before adversaries do.

View on GitHub →
V-Forge
v1.9

Adversarial red-team CLI for LLM deployments — tests prompt injection, context manipulation, and alignment boundary erosion.

View on GitHub →

About UMBRASEC.

UMBRASEC is an independent threat intelligence collective tracking cybercriminal ecosystems, nation-state intrusion sets, and emerging adversarial techniques across AI, cloud, and traditional infrastructure.

We operate without vendor or institutional affiliation. Our research is funded entirely by the community — which means we report what we find, not what's convenient to find.

All findings are published openly. We believe defenders deserve the same quality of intelligence that adversaries are already sharing among themselves.

Disclosures & Impact.

17
Threat Intelligence Reports
6
Open-Source Frameworks
21
Offensive Research Tools
109
Coordinated Disclosures
Adversarial Echoes — Full Thesis. Free.

Our complete methodology for tracking criminal infrastructure: from initial indicator to full actor attribution. No paywall, no email gate.

Download Free →