Changelog

Product updates, new data sources, API improvements, and bug fixes.

April 2026

NewApr 25, 2026

Glossary of threat intelligence terms

Added a searchable glossary of 50+ security terms covering threat intelligence, malware, network security, vulnerability management, and API security concepts.

NewApr 25, 2026

Methodology page

Published a detailed breakdown of our 6-factor confidence scoring engine, 17 source reliability weights, data freshness guarantees, and false positive handling — available at /methodology.

NewApr 20, 2026

Programmatic CVE intelligence pages

Launched individual pages for high-severity CVEs including CVSS scores, EPSS probability, CISA KEV status, SSVC exploitation classification, and correlated IOCs. Available at /cve/[CVE-ID].

DataApr 20, 2026

CVE database expanded to 50K+ entries

Ingestion pipeline now pulls daily from NVD, CISA KEV, GitHub Advisory Database, Exploit-DB, OSV, CERT-FR, MSRC, and VulnCheck. EPSS scores updated every 24 hours.

APIApr 15, 2026

Bulk indicator check supports up to 10,000 IOCs per request

The /api/bulk endpoint now accepts batches of up to 10,000 mixed IP, domain, and URL indicators in a single request. Responses stream via chunked transfer encoding.

NewApr 10, 2026

Ransomware victim tracker launched

Real-time tracking of ransomware group activity including victim organizations, attack timelines, and associated infrastructure IOCs. Updated hourly from 40+ group leak sites.

ImprovedApr 5, 2026

Streaming threat feed latency reduced by 40%

Internal pipeline rewrite reduced median latency for the /api/streaming endpoint from 1.2s to 720ms. P99 latency is now under 2.5 seconds.

March 2026

DataMar 28, 2026

Dark web monitoring: 5 new markets added

Coverage expanded to include 5 additional dark web markets and paste sites. Total monitored sources: 80+. Domain exposure alerts now include the specific market and post date.

APIMar 20, 2026

STIX 2.1 export now available for all plans

The /api/stix endpoint now produces STIX 2.1 bundles (previously STIX 2.0 only). Includes SRO relationships linking indicators to threat actors, malware families, and attack patterns.

NewMar 15, 2026

NRD (newly registered domain) feed

Launched a daily feed of newly registered domains with age, registrar, nameserver, and isMalicious verdict for each entry. Available as CSV and JSON. Updated every 24 hours.

SecurityMar 10, 2026

API key scoping — read-only keys

API keys can now be scoped to read-only access, preventing accidental use of write-capable keys in automated pipelines. Existing keys retain full access until explicitly downscoped.

ImprovedMar 1, 2026

Confidence scoring now factors in source age

The confidence engine now applies a time-decay penalty to older signals from lower-reliability sources. This reduces false positives from stale community-sourced reports.

February 2026

NewFeb 20, 2026

DNS history lookup tool

New threat-intel tool showing full DNS record history for any domain — A, AAAA, MX, NS, TXT, and CNAME records with timestamps going back 3 years.

APIFeb 10, 2026

Webhook delivery retry with exponential backoff

Webhook deliveries now retry up to 5 times with exponential backoff (1s, 2s, 4s, 8s, 16s). Failed deliveries after 5 attempts are logged and visible in the dashboard.

January 2026

DataJan 28, 2026

AlienVault OTX and Emerging Threats added to correlation engine

Two new sources integrated into the multi-source correlation engine, bringing the total to 17 threat intelligence feeds. Source reliability scores published at /methodology.