Security pros already subscribe to ten feeds in Feedly. Our job is not to publish faster than them — it is to read all of it, throw out the noise, and surface what matters. This page shows exactly what we read, so you can judge our curation for yourself.
We track 47 sources today: 31 active, 8 under review, and 8 we have deliberately excluded.
Reviewed quarterly. Last reviewed: 2026-04-22.
The feeds that currently drive our daily coverage. Trusted sources carry the most editorial weight; standard sources are read for breadth and cross-confirmation.
Official U.S. CISA cybersecurity alerts and advisories — authoritative primary source.
CISA's KEV catalog — the authoritative list of actively exploited vulnerabilities requiring immediate remediation.
Official Fortinet PSIRT advisory feed for vulnerability disclosures and remediation guidance.
Elite vulnerability research team publishing deep technical zero-day write-ups.
Official Ivanti security advisory feed with vulnerability disclosures and mitigation guidance.
Kaspersky GReAT team's APT and crimeware research — widely cited primary source.
Brian Krebs' original investigative security reporting — the gold standard for attribution and follow-the-money analysis.
UK National Cyber Security Centre all-content RSS feed; the threat-report-only feed currently returns zero items.
NIST NVD 2.0 CVE API queried over a rolling 48-hour publication window — authoritative source-of-truth for the vulnerabilities category's CVE hard-gate.
OpenAI Daybreak is OpenAI's cybersecurity accelerator for security startups building the next generation of cybersecurity tools.
Official OpenAI news feed filtered at ingest to cybersecurity, security, provenance, supply-chain, and AI-safety items.
Official Palo Alto Networks security advisory RSS feed for PAN-OS, Prisma, Cortex, and related product vulnerability disclosures.
In-depth APT, ransomware, cloud, and IoT research — one of the most cited vendor research outlets.
Daily SANS ISC Stormcast feed with topic links and summaries; replaces the handler diary RSS where Stormcast entries carried boilerplate-only descriptions.
Bruce Schneier's long-running blog on cryptography, security policy, and privacy — essential for big-picture analysis.
Independent cybersecurity journalism covering nation-state operations, ransomware, and policy — staffed by career security reporters.
Small independent research shop with a consistent track record of zero-day discoveries (Ivanti, Atlassian, Exchange).
Trend Micro's ZDI advisories from their bug-bounty program — primary-source vulnerability disclosures.
Practitioner-level pentest, threat hunting, and active defense content from the BHIS team.
Breaking breach news, ransomware leaks, and malware analysis — fast wire coverage.
Internet-scan-based research on exposed infrastructure, IOC enrichment, and attack-surface trends.
Vendor research arm publishing malware analysis and campaign reports.
Enterprise-focused security analysis aimed at CISOs and SOC leaders.
Malware analysis, detection engineering, and threat hunting techniques.
Threat intelligence on malware, scams, and enterprise threats.
Emergent threat analysis and Metasploit-adjacent vulnerability research.
Nation-state threat research and geopolitical cyber risk analysis.
Major independent cybersecurity outlet covering breaches, vulnerabilities, and policy.
SentinelLabs research on malware families, threat actors, and exploitation.
High-volume daily security news aggregator covering CVEs, breaches, and disclosures.
ESET research on APT campaigns and Eastern European threats.
On probation. We are monitoring feed stability, editorial signal, and overlap with other sources before confirming long-term inclusion or exclusion.
Strong threat research, paused pending vendor-heavy-coverage review against independent sources.
Official MyF5 security advisory surface for BIG-IP, BIG-IQ, NGINX, and related F5 product vulnerability disclosures.
Why excluded: F5 advisories require MyF5/custom RSS handling; keep under review until we confirm a stable machine-readable feed that does not produce empty or dirty results.
Chinese-language security community — first native ZH source added to the pool; enters as ingest-only per the contract spec for a 30-day audit before promotion.
Why excluded: Feed returns HTTP 405 to Node-based ingestion clients as of 2026-05-05; keep under review until a reliable machine-readable endpoint is available.
Google's TAG on government-backed attacks and zero-day tracking — authoritative primary research, but the configured category RSS URL now returns 404.
World-class APT attribution research; paused pending feed-reliability verification.
Authoritative Microsoft security disclosures; paused pending feed-format stability confirmation.
Official Progress community advisories for MOVEit Transfer, MOVEit Cloud, and MOVEit Automation vulnerability bulletins.
Why excluded: No stable public RSS endpoint confirmed yet; keep visible for transparency while coverage is cross-checked through NVD, CISA KEV, and vendor bulletin URLs.
Strong X-Ops research; paused pending feed noise review (product posts interleaved with research).
Deliberately not carried. Listed here so you can verify what we read — and what we don't.
Vendor blog mixing threat research with sales and product marketing at roughly a 1:4 ratio.
Why excluded: Signal-to-noise threshold — majority of items are commercial/sales content rather than research. Revisit via whitelist on /blog/threat-research/ if the ratio improves.
Low-authority aggregator that re-writes content from BleepingComputer and The Hacker News.
Why excluded: Signal-to-noise threshold — duplicates higher-authority primary sources.
Vendor patch summaries that typically lack CVE detail and independent analysis.
Why excluded: Signal-to-noise threshold — contributed to the April 2026 CVE-hedging ship quality issue; patch advisories without identifiers downstream.
General tech community feed — off-topic for a security-focused newsroom.
Why excluded: Signal-to-noise threshold — majority of items are general tech, not security.
Predominantly vendor surveys, product roundups, and press releases.
Why excluded: Signal-to-noise threshold — product/survey content outweighed incident reporting.
Primarily product marketing interleaved with research.
Why excluded: Signal-to-noise threshold — marketing content outweighed standalone research value.
Mix of threat research with webinar and analyst-report promotions.
Why excluded: Signal-to-noise threshold — promotional content interleaved with research reduced the usable yield.
Patch Tuesday analysis and cloud posture findings that largely duplicate ZDI, Rapid7, and The Hacker News.
Why excluded: Signal redundancy — patch coverage already provided by higher-authority sources in our pool.
Email us the name, URL, and one sentence on why it belongs here. We read every message and re-review the list quarterly. We use email on purpose — no web forms, no submission queues, no public suggestion box to game.
Suggest a sourceReplies typically within a few business days. No auto-responders.