Vulnerabilities Alert!

Staying alert to the latest vulnerabilities & fixes is important whether you are an IT Manager, a Web Developer, or a Cyber Security specialist. We take a look at some of the top online resources to help keep you up-to-date.

APTnotes data (GitHub)

APTnotes is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets.

Cybersecurity and Infrastructure Security Agency (CISA)

CISA provides extensive cybersecurity and infrastructure security knowledge and practices to its stakeholders. They share that knowledge to enable better risk management, and put it into practice to protect the Nation’s essential resources.

Dark Reading

Dark Reading: Connecting The Information Security Community

Long one of the most widely-read cyber security news sites on the Web, Dark Reading is now the most trusted online community for security professionals. Their community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Exploit Database

The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by Offensive Security.

Full Disclosure (

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Information Security News & Discussion (reddit)

A community for technical news and discussion of information security and closely related topics.

Naked Security (Sophos)

Naked Security is Sophos’s award-winning threat news room, giving you news, opinion, advice and research on computer security issues and the latest internet threats.

National Vulnerability Database (NVD)

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security related software flaws, misconfigurations, product names, and impact metrics.

Packet Storm

Packet Storm provides around-the-clock information and tools in order to help mitigate both personal data and fiscal loss on a global scale. As new information surfaces, Packet Storm releases everything immediately through it’s RSS feeds, Twitter, and Facebook.

Safe Computing – Alerts, Advisories & Notices (Univeristy of Michigan)

Information Assurance (IA) incident responders routinely monitor reports of new vulnerabilities along with information from intelligence sources and the U-M IT community. IA determines the risk of a vulnerability contributing to a serious IT security incident as defined by Information Security Incident Reporting (SPG 601.25). It looks at factors such as whether exploit code is available, whether exploits are occurring, if U-M systems are at risk, and more.

SANS Internet Storm Center (ISC)

ISC provides a free analysis and warning service to thousands of Internet users and organizations. They are actively working with Internet Service Providers to fight back against the most malicious attackers.

Secure List (kaspersky)

Your link to our Lab. All about Internet security.

Security Advisories (CERT-EU)

After a pilot phase of one year and a successful assessment by its constituency and its peers, the EU Institutions have decided to set up a permanent Computer Emergency Response Team (CERT-EU) for the EU institutions, agencies and bodies on September 11th 2012. The team is made up of IT security experts from the main EU Institutions (European Commission, General Secretariat of the Council, European Parliament, Committee of the Regions, Economic and Social Committee). It cooperates closely with other CERTs in the Member States and beyond as well as with specialised IT security companies.

Security News (The Register)

The Register is a leading and trusted global online enterprise technology news publication, reaching roughly 40 million readers worldwide. Their core audiences are the UK and US. The bulk of the remaining readership is in Canada, Australia, northern Europe, India, and beyond.

The Hacker News (THN)

THN is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts.

The Hacker News features latest cyber security news and in-depth coverage of current as well as future trends in Infosec and how they are shaping the cyber world.


Threatpost is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.

Are there any top vulnerability alert or news sites that we should add to this list? If so please comment below.

Leave a Reply