Public APIs, embeddable widgets, RSS feeds, and automation tools for integrating with blacktemple.net threat intelligence.
The posts API provides programmatic access to all published threat intelligence on blacktemple.net. Responses are cached at the CDN edge for 1 hour with stale-while-revalidate for 24 hours.
GET /api/posts| Param | Type | Default | Description |
|---|---|---|---|
category | string | -- | Filter by category slug. Valid values: vulnerabilities-exploits, malware-threats, data-breaches, privacy-surveillance, nation-state-apt, cloud-security, application-security, hardware-iot, darknet-underground, industry-policy, tools-techniques, tutorials |
severity | string | -- | Filter by severity level: critical, high, medium, low, informational |
tag | string | -- | Filter by tag (case-insensitive match) |
limit | number | 20 | Number of posts to return. Max 100. |
offset | number | 0 | Number of posts to skip for pagination. |
The response returns a JSON object with posts, total, limit, and offset fields. Each post object includes the following:
| Field | Description |
|---|---|
title | Post headline |
slug | URL-safe identifier |
date | ISO 8601 publication date |
category | Category slug |
severity | Threat severity level (or null) |
tags | Array of tag strings |
summary | Brief description of the story |
tldr | One-line actionable takeaway (or null) |
source | Original source publication name (or null) |
sourceUrl | Link to original article (or null) |
readingTime | Object with text, minutes, and words fields |
curl "https://blacktemple.net/api/posts?severity=critical&limit=5"{
"posts": [
{
"title": "Critical RCE in OpenSSL 4.0 Exploited in the Wild",
"slug": "critical-rce-openssl-4-exploited-in-wild",
"date": "2026-02-23T00:00:00.000Z",
"category": "vulnerabilities-exploits",
"severity": "critical",
"tags": ["openssl", "rce", "cve-2026-1234"],
"summary": "A critical remote code execution vulnerability in OpenSSL 4.0 is being actively exploited...",
"tldr": "Patch OpenSSL immediately. CVE-2026-1234 allows unauthenticated RCE.",
"source": "BleepingComputer",
"sourceUrl": "https://example.com/article",
"readingTime": { "text": "3 min read", "minutes": 2.8, "words": 560 }
}
],
"total": 42,
"limit": 5,
"offset": 0
}The widget endpoint returns self-contained HTML that renders a compact threat intelligence feed. Embed it on any page via an iframe with no JavaScript dependencies. Shows posts from the last 7 days only. Cached at the CDN edge for 30 minutes.
GET /api/widget| Param | Type | Default | Description |
|---|---|---|---|
theme | string | dark | Color theme. Accepts 'dark' or 'light'. |
limit | number | 5 | Number of items to display (1-10). |
severity | string | critical,high | Comma-separated severity levels: critical, high, medium, low, informational. |
<iframe
src="https://blacktemple.net/api/widget"
width="400"
height="500"
style="border:none;border-radius:8px;"
title="blacktemple.net Threat Feed"
></iframe><iframe
src="https://blacktemple.net/api/widget?theme=light&limit=5&severity=critical,high"
width="400"
height="500"
style="border:none;border-radius:8px;"
title="blacktemple.net Threat Feed (Light)"
></iframe>Subscribe to the full feed or narrow down to specific threat categories. All feeds are standard RSS 2.0 compatible with any reader.
| Category | Description | Feed URL |
|---|---|---|
| Vulnerabilities & Exploits | CVEs, zero-days, proof-of-concepts, and exploit analysis | /blog/categories/vulnerabilities-exploits/rss.xml |
| Malware & Threats | Ransomware, trojans, botnets, and threat intelligence | /blog/categories/malware-threats/rss.xml |
| Data Breaches & Incidents | Breach disclosures, leak analysis, and impact assessment | /blog/categories/data-breaches/rss.xml |
| Privacy & Surveillance | Privacy legislation, surveillance tech, and data protection | /blog/categories/privacy-surveillance/rss.xml |
| Nation-State & APT | State-sponsored campaigns, APT groups, and geopolitical cyber operations | /blog/categories/nation-state-apt/rss.xml |
| Cloud Security | AWS, Azure, GCP misconfigurations and cloud-native threats | /blog/categories/cloud-security/rss.xml |
| Application Security | Web app vulns, API security, supply chain attacks | /blog/categories/application-security/rss.xml |
| Hardware & IoT | Hardware hacking, firmware vulnerabilities, IoT/OT security | /blog/categories/hardware-iot/rss.xml |
| Darknet & Underground | Darknet markets, underground forums, and cybercrime ecosystems | /blog/categories/darknet-underground/rss.xml |
| Industry & Policy | Compliance news, framework updates, regulations, and standards | /blog/categories/industry-policy/rss.xml |
| Tools & Techniques | Security tools, methodologies, research, and offensive techniques | /blog/categories/tools-techniques/rss.xml |
| Tutorials | Hands-on security guides, walkthroughs, and step-by-step instructions | /blog/categories/tutorials/rss.xml |
Every Sunday, an AI-generated weekly threat intelligence summary is published covering all posts from the past 7 days. These reports provide a consolidated view of the threat landscape.
weekly-roundup.weekly-roundup tag.curl "https://blacktemple.net/api/posts?tag=weekly-roundup&limit=4"Posts are automatically scanned for mentions of 58 known threat actor groups. When a match is found, color-coded badges are applied to the post and linked to filtered tag views for easy tracking.
| Group | Also Known As | Type |
|---|---|---|
| APT28 | Fancy Bear | Nation-State |
| APT29 | Cozy Bear | Nation-State |
| Sandworm | Iridium | Nation-State |
| Turla | Snake | Nation-State |
| Gamaredon | Primitive Bear | Nation-State |
| Ember Bear | UAC-0056 | Nation-State |
| FIN7 | Carbanak | Cybercrime |
| LockBit | -- | Ransomware |
| BlackCat | ALPHV | Ransomware |
| Cl0p | Clop | Ransomware |
| REvil | Sodinokibi | Ransomware |
| Phobos | -- | Ransomware |
| Conti | -- | Ransomware |
| Black Basta | -- | Ransomware |
| Play | Play Ransomware | Ransomware |
| Volt Typhoon | Vanguard Panda | Nation-State |
| Salt Typhoon | GhostEmperor | Nation-State |
| APT41 | Double Dragon | Nation-State |
| APT40 | Leviathan | Nation-State |
| Mustang Panda | Bronze President | Nation-State |
| APT1 | Comment Crew | Nation-State |
| APT10 | Stone Panda | Nation-State |
| Aquatic Panda | Charcoal Typhoon | Nation-State |
| Lazarus | Lazarus Group | Nation-State |
| Kimsuky | Velvet Chollima | Nation-State |
| Andariel | Onyx Sleet | Nation-State |
| APT37 | Reaper | Nation-State |
| MuddyWater | Mercury | Nation-State |
| Charming Kitten | APT35 | Nation-State |
| OilRig | APT34 | Nation-State |
| APT33 | Elfin | Nation-State |
| Sidewinder | Rattlesnake | Nation-State |
| Patchwork | Dropping Elephant | Nation-State |
| Equation Group | EQGRP | Nation-State |
| POLONIUM | Plaid Rain | Nation-State |
| Royal | Royal Ransomware | Ransomware |
| Akira | Akira Ransomware | Ransomware |
| Medusa | Medusa Ransomware | Ransomware |
| BianLian | BianLian Ransomware | Ransomware |
| Rhysida | Rhysida Ransomware | Ransomware |
| ShinyHunters | -- | Cybercrime |
| Scattered Spider | Octo Tempest | Cybercrime |
| Lapsus$ | LAPSUS$ | Cybercrime |
| Vice Society | DEV-0832 | Ransomware |
| 8Base | 8Base Ransomware | Ransomware |
| BlackSuit | BlackSuit Ransomware | Ransomware |
| FIN11 | Cl0p Operator | Cybercrime |
| FIN12 | Pistol Tempest | Cybercrime |
| Evil Corp | Indrik Spider | Cybercrime |
| Wizard Spider | Trickbot Gang | Cybercrime |
| Magecart | Magecart Group | Cybercrime |
| SilverTerrier | Nigerian BEC | Cybercrime |
| TA577 | -- | Cybercrime |
| Anonymous | Anonymous Collective | Hacktivist |
| IT Army of Ukraine | IT Army | Hacktivist |
| Killnet | Anonymous Russia | Hacktivist |
| GhostSec | Ghost Security | Hacktivist |
| Cyber Av3ngers | CyberAv3ngers | Hacktivist |
Actor badges link to filtered tag views. For example, clicking an "APT28" badge navigates to /blog/tags/apt28 showing all posts mentioning that group. Use the API to query programmatically:
curl "https://blacktemple.net/api/posts?tag=apt28&limit=10"