Journalists in politically-isolating environments face increasing threats from commodity spyware, often relying on NGOs for digital security support, not without bottlenecks and privacy risks. Recent abuses of mobile forensics tools, such as Cellebrite, highlight the dangers of centralized mobile security falling into the wrong hands. This proposal introduces a distributed Cyber Threat Intelligence (CTI) network integrating Traffic Light Protocol (TLP) and zero-knowledge proofs (Semaphore) to enable privacy-preserving, trustless indicator sharing. By leveraging honeypot-driven threat indicators and decentralized pub/sub mechanisms, at-risk users can safely contribute to and benefit from a broader CTI ecosystem without exposing personal metadata.