DMZ//THREAT INTEL
FEED ACTIVELAST SYNC: 06:03:37ZSOURCES: 14CRITICAL: 15
⚠ ACTIVE ALERTS
SYLVANITE CRITICAL — SYLVANITE is a newly named Dragos-tracked threat group identified as a dedicated… /// @MsftSecIntel CRITICAL — We are tracking TeamPCP (UNC6780) activity following the GitHub internal repository… /// @GossiTheDog CRITICAL — The GitHub / TeamPCP breach is now being monetized on BreachForums. Listing is up — $95k… /// @struppigel CRITICAL — SUPPLY CHAIN ALERT: Laravel-Lang PHP packages backdoored May 22-23 via hijacked GitHub… /// @MalwareHunterTeam CRITICAL — Seeing fresh DebugElevator stealer log batches already appearing for sale on Exploit.in —…
15Critical Threats
8Active CVEs
0IOCs Tracked
0New Advisories
INTEL FEED/ARCHIVE/EDITORIAL
DMZ INTEL DESK//FILED: 2026-05-15//05:57Z
INFO#editorial

Why I'm Building DMZ

A note from the founder.

By Jordan

I served nine years in the Navy as an Aviation Boatswain's Mate before I ever touched a SIEM. I came up around aircraft and ordnance — not a place that softens you about consequence. You learn fast that small details, missed early, become big problems later. You learn that the signal is almost never in the announcement. It's in the thing nobody flagged because it didn't feel urgent yet.

I transitioned into cybersecurity five years ago, certified up — A+, Security+, CySA+, Microsoft SC-401 — and started living on Hack The Box. I'm a Pro Hacker rank now, full range of boxes from easy to insane. A year into my first real analyst role, working through alerts on real production environments, and I love this work. I love hunting. I love the moment when a pattern that looked like noise turns out to be the first quiet step in someone's plan.

But here's the problem I keep running into, and it's the problem DMZ exists to solve.

The intel gap nobody talks about

There is no shortage of threat intelligence sources. There are too many.

I'm subscribed to vendor PSIRTs, government advisory feeds, X lists of researchers, two paid threat intel platforms my employer pays for, a half-dozen newsletters, an RSS reader that's basically given up, and a Discord I can't keep up with. Every morning I'd open all of them and try to figure out what mattered today.

What I noticed: the things that mattered most were almost never in the loudest channels.

The CVE that got patched on Tuesday with a 9.8 score and a vendor blog post — that one is everywhere. Every news aggregator picks it up. Every vendor security newsletter mentions it. By the time I read the third writeup, I already know everything I need to know.

The thing that actually keeps me up is the post from a researcher with 2,000 followers who's been tracking an initial access broker for six weeks. The dark web listing for VPN access to a vendor we have a procurement relationship with. The advisory that drops in a vendor PSIRT at 11 PM Friday and gets seven views before Monday morning. The thread where someone goes "hey, has anyone else seen this beacon pattern?" and three people quietly say "yeah, since Tuesday."

This is where the real signal lives. Not in the press releases. Not in the trending hashtag. In the gaps between the loud channels, where the work hasn't been packaged yet.

The mainstream cybersecurity press is good at the announcements. They're not built for the gaps. That's not a knock on them — they have publishing economics and audience expectations to manage. But the gaps are where defenders need to be looking, and there's no publication built specifically to live there.

So I'm building one.

What DMZ is

DMZ is a threat intelligence publication built around one principle: surface the threats hiding between the headlines.

We monitor 40+ X accounts, 18 vendor PSIRTs, government CERTs, dark web forums, and the kind of researcher blogs that don't show up on aggregators. Every night the pipeline runs, correlating signals across those sources. When the same threat shows up on an underground forum AND in a researcher's post AND in a vendor advisory — that's signal. We mark it as correlated. You can see it on the dark web page right now: a purple line connecting cards that are talking about the same thing.

No other publication I've found does this visually. Most threat feeds dump raw IOCs. Most security news sites curate articles. DMZ tries to do both — surface the threats before mainstream coverage, AND format the IOCs so you can paste them directly into your SIEM. Splunk SPL, Microsoft KQL, Sigma rules, firewall blocklists. The work that eats hours of an analyst's week gets done in the pipeline.

If you're a SOC analyst, threat hunter, or anyone running a SIEM — DMZ is built for the workflow I wish I had a year ago.

What I'm not trying to build

I'm not trying to compete with Recorded Future. I don't have a sales team. I don't have a $50K/year price point. I'm not building a platform for enterprise threat intel programs with dedicated analyst seats.

I'm not trying to be The Hacker News either. I don't want to publish 12 articles a day. I don't want SEO-optimized headlines. I don't want to write the same OpenSSH RCE breakdown that's already on four other sites.

I'm building the publication I wish existed when I was sitting at my desk a year ago, scrolling through 30 tabs trying to figure out what mattered today. Something an actual practitioner reads in the morning to feel like they're not behind. Something with the IOCs already formatted so you can paste them into your SIEM and move on. Something honest about what it's seeing on the underground side of the internet without pretending it has more access than it does.

Why I'm doing this

A lot of people would tell you to build something like this for the business case. The threat intelligence market is real. Subscription newsletters can hit serious revenue. There's a path here.

That's not why I'm building it.

I'm building DMZ because I want a community where I feel like I belong.

The security industry can be cliquey. There's a real version of it that lives at DEF CON parties and on small private Discords and in conference hallways at BSides. Most of us — the analysts grinding through tickets, the people who came up through certifications and HTB instead of a CS degree, the ones who transitioned in from somewhere else — we read the work that those people produce, but we're not in those rooms.

I want DMZ to be one of those rooms.

I want it to be a place where someone who's a year into their analyst career can read something and feel like they got smarter that morning. Where someone who's been doing this for fifteen years can read it and find one thing they hadn't seen yet. Where the work of researchers who don't have huge platforms gets surfaced and credited and pointed to.

Eventually I want DMZ to do more than publish. I want it to be a place to ask questions, share what you're seeing in your environment, and not feel like you're shouting into a void.

For now — it's a publication. Every morning, fresh intel. Every advisory, formatted IOC packages. A correlated signal mechanic for the dark web page. No noise, no engagement bait, no "10 cybersecurity trends to watch" content. Just the threats that matter, delivered by someone who actually has to defend against them.

If that sounds like something you'd read — the email signup is on the homepage. Free forever, daily intel brief, no spam. If you have feedback, found a bug, or want to share intel: my inbox is open.

If you've been doing this work and you've felt the same gap — I'd really like to know I'm not the only one.

Welcome to DMZ.

— Jordan

FILED UNDER:
founders-note · intel-philosophy · manifesto
STAY AHEAD OF THREATS
Daily intel briefs and IOC packages — delivered to your inbox the moment a new advisory drops.
SUBSCRIBE — $29/MO →
SHARE BRIEF:✕ Post on Xin Share on LinkedIn