๐Ÿ“ฐ What's New

News & Release Notes

Product updates, new features, new modules and company announcements โ€” all in one place. Updated regularly.

New module in Guard: Profile Monitoring

We have expanded Notmining Guard with Profile Monitoring, a new module designed to watch official accounts and detect unexpected changes that may indicate compromise or abnormal use. The goal is to help teams react sooner when an account starts showing signals that do not match its usual activity.

  • Provides visibility into suspicious changes in profile photos, links, bios and posts.
  • Helps detect potentially compromised accounts earlier before they affect reputation and user trust.
  • Extends Guard beyond impersonation by adding coverage for altered official accounts.

Platform update: SSL Observer, Sandboxes and more operational context

We have expanded Notmining Platform with new improvements focused on investigation and technical visibility. Among them, SSL Observer now monitors domain expiration in addition to SSL certificates, and the platform strengthens its analysis capabilities with Email Sandbox, URL Sandbox and a more actionable Analyst Workspace.

  • SSL Observer now includes domain expiration monitoring to detect soon-to-expire assets and reduce operational risk.
  • Email Sandbox and URL Sandbox provide stronger investigation capabilities from a single working environment.
  • Analyst Workspace and the commercial positioning of Platform have been updated to reflect a more useful workflow for security and cyber intelligence teams.

New module: URL Sandbox

Introducing URL Sandbox, a secure, isolated environment (Remote Browser Isolation) to detonate and interact with suspicious URLs. It provides visual evidence, network analysis and the ability to interact live without risks to your team or infrastructure.

  • Automated detonation with anti-evasion technology and full-page screenshots.
  • Live interactive sessions to bypass CAPTCHAs, Cloudflare challenges and trap forms.
  • Mobile (iOS/Android) and desktop profile emulation to bypass mobile-specific phishing protections.

New module: Email Sandbox

Introducing Email Sandbox, a new workflow to investigate suspicious emails with more context and less operational friction. The module lets teams analyze sender identity, authentication, received hops, real URLs, attachments and the final verdict from one place.

  • Upload support for .eml and .msg messages.
  • Authentication, URL, attachment and analyst-summary analysis.
  • Built for triage, investigation and AI-assisted reporting.

Read the full update

New update: more AI, stronger prioritization and more actionable reporting

This release strengthens the platform's ability to surface the most important findings sooner, reduce noise and accelerate operational workflows across key modules such as Threat Intel, Workspace, Domain Monitoring, Dark Web, Defacement and Zero Scam SSL.

  • New AI-assisted criticality prioritization.
  • More control over notifications and keyword-level customization.
  • More AI-assisted reporting, campaign correlation and operational monitoring improvements.

Read the full update

Improved AI prioritization for critical domains

We have strengthened the platform's ability to more accurately identify potential cases of digital impersonation and prioritize the domains that can truly represent a risk to the brand.

  • Better detection of potential impersonation attempts across suspicious domains.
  • Reduced noise to help focus attention on the most relevant cases.
  • More useful prioritization to accelerate analysis and decision-making.

New real-time monitoring for earlier visibility

We have introduced a new real-time monitoring capability to provide earlier visibility into relevant signals and improve response capacity against potential threats.

  • Greater immediacy in detecting relevant activity.
  • More context to review findings and prioritize actions.
  • Designed to help teams act earlier on initial risk signals.

New environment: Analyst Workspace, Dark Web Redesign & Core Updates

We are introducing a new integrated workflow designed to streamline incident management and asset intelligence, alongside major platform-wide updates.

  • Analyst Workspace: New module for active case management. Transform raw intelligence into documented investigations with support for analyst notes, automated IOC extraction, and correlated threat discovery. Now featuring Vis.js interactive graphing and advanced PDF report exports (Executive Summary, TTPs, Infrastructure).
  • Dark Web - Asset Monitoring: We have completely redesigned the Dark Web module. It now operates as a strict Asset-Centric radar, filtering out global noise and alerting exclusively on the domains and keywords configured in your rules.
  • Threat Intel Correlation: Real-time cross-integration. If a Threat Actor claims an attack on one of your monitored domains (Defacement), the system now triggers an automatic preventive alert.
  • Discovery - Offline Host Tracking: The Discovery module now tracks subdomain lifecycles. Hosts that stop resolving are explicitly marked as [OFFLINE] ๐Ÿ‘ป, preventing false positives, accompanied by completely redesigned PDF reports and email alerts.
  • Anti-Spam Filtering: The ingestion engine now features improved heuristics to ignore irrelevant spam (promotions, flights, fake refunds) across Dark Web and Telegram channels.
  • Usability Improvements (UX): Deployment of stylized modal windows (SweetAlert) to prevent accidental actions, and complete standardization of the session logout popup across the platform.

Global Threat Intelligence improvements: Custom alerts

You can now configure targeted notifications by countries of interest. This improvement helps reduce noise and ensures you only receive threat intelligence alerts that are highly relevant to your organization.

New module: Global Threat Intelligence

Access to threat intelligence to identify malicious actors, targeted campaigns, and relevant mentions in an early and actionable manner. Includes the ability to configure personalized alerts by targeted domains.

Zero Scam evolution: Earlier fraud detection

We have strengthened our Zero Scam module capabilities to stay ahead of new attacker tactics. This update significantly improves alert accuracy, reducing noise and helping protect your brand from the very beginning.

New Notmining AI Shield extension: Data Leak Prevention

We are launching our new browser extension designed to protect your company's confidential information. It solves the growing risk of corporate data leaks (DLP) by proactively blocking attempts to share sensitive information, such as passwords, on generative AI platforms or other websites.

Active Monitoring Evolution: Full control over hidden redirections and content changes

We are upgrading our Monitoring engine to uncover stealthy threats attempting to bypass traditional detection methods.

  • Smart visual analysis: The system now interprets the actual page content. You will be automatically alerted if a cloned website drastically changes its appearance to prepare a new attack.
  • Evasive redirection detection: Our engine now navigates like a real user, detecting and tracing complex JavaScript or Meta-Refresh based redirections often missed by basic tools.
  • Transparent history: All these changes and movements are instantly documented in the domain's interactive timeline, cutting investigation times down to seconds.

Update to Spanish Target Notifications, Threat Alerts and Dark Web Monitoring

We have expanded our monitoring coverage to improve the early detection of targeted threats and data leaks.

  • Spanish Target Notifications and Threat Alerts have been updated, with improvements also applying to the Dark Web Monitoring module.
  • We have expanded our active monitoring sources with new dark web forums and ransomware groups. A constantly evolving ecosystem, researched and updated daily by our team to keep you always one step ahead.
  • This improvement enables broader and earlier visibility into potential breaches or fraud campaigns.

Defacement Monitoring: faster detection and improved response capacity

A new improvement designed to accelerate the detection of unauthorized changes and reduce response time in defacement incidents.

  • Monitoring engine optimized to shorten detection times.
  • Greater operational agility across environments with multiple monitored web assets.
  • Designed to speed up triage and improve team response capability.

Dark Web Monitoring: more visibility to accelerate analysis

An update focused on providing more context and visibility around findings to make analysis and prioritization easier.

  • Improved findings visibility for easier review.
  • More clarity around detection context to speed up investigation.
  • Designed to help teams identify what matters sooner and reduce analysis time.

Improvements to Discover and Defacement Monitoring

An update focused on reducing noise and expanding compatibility for web monitoring.

  • Discover: fixed an issue that caused recurring false change detections.
  • Defacement: rules now support protocol (HTTP/HTTPS), IP and port to cover assets that require HTTPS or specific services.

More monitoring context and a new alert timeline view

Improvements to understand why findings happen and to visualize changes more clearly.

  • Monitoring: details now show whether a domain appears in a feed, the report reason, and the originating feed.
  • Also available in Alerts and Hunting to speed up investigation.
  • Alerts: updated timeline view to make changes easier to review.

New module: Defacement Monitoring

Monitor website integrity and detect unauthorized content changes to speed up response and restoration.

OPS API โ€” end-to-end operations automation

A new API designed to automate brand protection and digital fraud workflows: from detection and classification to management and tracking.

  • Consistent filters and states for SOAR, SIEM and ITSM integrations.
  • Support for operational management: alerts, monitoring and actions.

Deep Scan: indicator extraction from HTML

A new capability in Monitoring and Alerts (Deep Scan) that analyzes HTML to extract relevant elements and technical indicators (for example, endpoints, links, forms or redirects). Extracted elements may include Telegram endpoints or other services.

Detection rule exceptions

You can now define exceptions using exact matches or regular expressions to reduce false positives and tailor detection to your environment.

New module: Zero Scam SSL

A new detection module focused on SSL signals and configurations associated with fraud, expanding coverage and speeding up triage.