THREAT INTELLIGENCE REGISTRY

Active forensic investigations.

MarTech surveillance infrastructure documented in the open. Each case has pre-consent data exfiltration captured with technical evidence.

Registry stats

0

Total cases

0

Critical

0

Active

ACTIVE CASES

Each case is reproducible. Each finding is verifiable.

BLACKOUT://CASE/BTI-2026-BROWSERGATE
ACTIVE
BTI-2026-BROWSERGATECRITICALBROWSER FINGERPRINTING
Target: LinkedIn / HUMAN Security

BROWSERGATE: LinkedIn Is Scanning Your Browser

LinkedIn probes 6,153 browser extensions by name, collects 48 device fingerprint features via HUMAN Security (formerly PerimeterX), and transmits RSA-encrypted payloads through hidden zero-pixel iframes. Undisclosed adtech data pipeline (crcldu.com) discovered nested inside. None disclosed in privacy policy. Confirmed under oath in German court.

2026-04-02
UPD: 2026-04-03
Access case
BLACKOUT://CASE/BTI-2026-STAPE
ACTIVE
BTI-2026-STAPECRITICALCONSENT DEFEAT DEVICE
Target: Stape.io

Consent Theater: When 'Compliance' Vendors Don't Comply

Stape tracks users who reject consent on their own 'Consent Explained' webinar page. Sells browser API hijacking (5 prototype patches), Safari ITP bypass (7 days → 13 months), click ID recovery, and ad blocker evasion via official app stores. MCP servers enable automated privacy circumvention deployment.

2026-01-23
UPD: 2026-01-23
Access case
BLACKOUT://CASE/BTI-2025-0025
ACTIVE
BTI-2025-0025CRITICALZERO DAY DISCLOSURE
Target: 6sense / TrenDemon

ZeroSense + DemonScript: 5 Zero-Days in the B2B Marketing Stack

Five zero-day vulnerabilities discovered: eval() RCE (DemonScript), cross-customer PII cache (ZeroSense), polyfill.io supply chain (PollyWannaCrack), Marketo cookie theft (MaCook'd), and video completion code execution (RollCredits). Found while reading 6sense.com's privacy policy.

2025-12-04
UPD: 2025-12-04
Access case
BLACKOUT://CASE/BTI-2025-0001
ACTIVE
BTI-2025-0001CRITICALDEFEAT DEVICE
Target: RB2B

Pre-Consent Identity Resolution via Defeat Device

Forensic analysis reveals RB2B's pixel executes visitor identification and data transmission to third-party enrichment services before consent banner renders, creating an unrecoverable privacy violation.

2025-11-03
UPD: 2025-11-20
Access case
BLACKOUT://CASE/BTI-2025-0002
ACTIVE
BTI-2025-0002CRITICALPRE SUBMIT CAPTURE
Target: ZoomInfo

Biometric Surveillance via FormComplete

GTM Studio's FormComplete feature initializes Sardine.ai biometric tracking (mouse movement, typing velocity) immediately on DOM load, prior to any consent interaction.

2025-11-15
UPD: 2025-11-22
Access case
BLACKOUT://CASE/BTI-2025-0003
INVESTIGATING
BTI-2025-0003HIGHHEM EXTRACTION
Target: IdentityMatrix

Hashed Email Extraction Network

Initial forensics indicate client-side email hashing and transmission to identity graph providers. Full analysis pending.

2025-11-18
UPD: 2025-11-23
BLACKOUT://CASE/BTI-2025-0004
INVESTIGATING
BTI-2025-0004HIGHWHITE LABEL
Target: Clay

White-Label Distribution Network Analysis

Investigating Clay's role as a distribution platform for third-party tracking scripts. Systemic risk assessment in progress.

2025-11-22
UPD: 2025-11-24

Suspect a vendor? Scan it.

Outside-in reconnaissance. No agents. No code change. The full forensic kit, run by the same engine behind every published case.

Request a scanor read the methodology →

▸ Reproducible · Verifiable · Adversarially tested