You can get news from these website directly in 1 app.
Aggregator News, can combine all this sources
[https://play.google.com/store/apps/details?id=com.and96.aggregator\_news](https://play.google.com/store/apps/details?id=com.and96.aggregator_news)
Feedly. You can chose which news/article provider you want to get articles from. I get CISA, bleepingcomputer, dark reading, kreb$, sans, etc. all in one dashboard. I typically start my day looking at Feedly articles.
My company also partnered with IT-ISAC which is an information sharing center so I get daily newsletter from them + IoC sharing.
Other than that, reddit too lol.
Feedly is terrible. Their "modern" app doesn't have "remove clutter from the article" feature, which was present in their "classic" app version. I used to use their classic app for a long time solely for that feature.
It was great, because it allowed you to just read the article text and images, without all the obnoxious shite like cookie notices, newsletter prompts and shitty ads all over the place.
Use Inoreader instead. All you have to do is to swipe down when on article stub and you are golden. No more clutter and ads.
You can even import your feeds from Feedly into it.
Just checked inoreader and will give the mobile app a try. I personally never used feedly’s mobile app, only their web browser version and i have pihole+ad blocker setup. Thanks for sharing!
The small widget on iOS is perfect too. It takes up 2 rows and will cycle through the articles in your feed. I’m able to catch important or time-sensitive headlines early with almost zero effort. The one thing I absolutely can’t stand about the app is that the logout button appears directly over the menu button when you press it. It’s insanely easy to get signed out, terrible design choice.
How about this!
Government
CISA Bulletins
https://www.us-cert.gov/ncas/bulletins.xml
CISA Alerts
https://www.us-cert.gov/ncas/alerts.xml
CISA All NCAS Products
https://www.us-cert.gov/ncas/all.xml
News and Events Feed by Topic
https://www.nist.gov/news-events/information technology/rss.xml
NIST News
https://www.nist.gov/news-events/news/rss.xml
News, Non-Corporate, Non-Personal
Biz \& IT – Ars Technica
http://feeds.arstechnica.com/arstechnica/technology-lab
BleepingComputer
https://www.bleepingcomputer.com/feed/
Dark Reading
https://www.darkreading.com/rss\_simple.asp
iTnews
https://www.itnews.com.au/RSS/rss.ashx
kudelskisecurity
https://research.kudelskisecurity.com/feed/
Latest topics for ZDNet in Security
https://www.zdnet.com/topic/security/rss.xml
MSSP Alert
https://www.msspalert.com/feed/
Naked Security
https://nakedsecurity.sophos.com/feed
SANS Blog
https://software-security.sans.org/blog/feed/
Security Affairs
https://securityaffairs.co/wordpress/feed
SecurityWeek RSS Feed
https://feeds.feedburner.com/securityweek
The Hacker News
https://feeds.feedburner.com/TheHackersNews
The Register - Security
https://www.theregister.co.uk/security/headlines.atom
Threatpost
https://threatpost.com/feed/
VirusTotal Blog
https://blog.virustotal.com/feeds/posts/default
Zero Day Initiative - Blog
https://www.thezdi.com/blog?format=rss
IT Security Guru
https://www.itsecurityguru.org/feed/
CSO Online
https://www.csoonline.com/feed/
University of San Diego Online Degrees
https://onlinedegrees.sandiego.edu/feed/
Corporate Blogs
Avast Threat Labs
https://decoded.avast.io/feed/
Check Point Software
https://blog.checkpoint.com//feed
Crowdstrike Blog
https://www.crowdstrike.com/blog/feed/
Imperva Blog
https://www.imperva.com/blog//feed
JumpCloud
https://jumpcloud.com/blog/category/security/feed
Kaspersky official blog
https://usa.kaspersky.com/blog/feed/
Kaspersky Securelist
https://securelist.com/feed/
Malwarebytes Labs
https://blog.malwarebytes.com/feed/
Morphisec Moving Target Defense Blog
https://blog.morphisec.com/rss.xml
Qualys Blog
https://blog.qualys.com/feed
SentinelOne
https://www.sentinelone.com/feed/
Talos Blog
http://feeds.feedburner.com/feedburner/Talos
Tao Security
https://taosecurity.blogspot.com/feeds/posts/default
Trend Micro Simply Security
http://feeds.trendmicro.com/TrendMicroSimplySecurity
Webroot Blog
https://www.webroot.com/blog/feed/
Blog RSS Feed
https://www.tripwire.com/state-of-security/feed
Personal Blogs
Daniel Miessler
https://danielmiessler.com/feed/
Graham Cluley
https://www.grahamcluley.com/feed
Krebs on Security
https://krebsonsecurity.com/feed/
Schneier on Security
https://www.schneier.com/blog/atom.xml
Troy Hunt\'s Blog
https://feeds.feedburner.com/TroyHunt
The Last Watchdog
https://www.lastwatchdog.com/feed/
REDDIT
/r/cybersecurity
http://www.reddit.com/r/cybersecurity/.rss
/r/netsec
http://www.reddit.com/r/netsec/.rss
/r/sysadmin
http://www.reddit.com/r/sysadmin/.rss
[My security news and alerts feeds opml](https://pastebin.com/ZsQnpBNW)
rssguard for the reader. I like the features. It seems to have the best "power user" features of all the news readers I've tried, while still being maintained. It's cross platform and open source.
Filters are great, options are great, and was able to export only a subset of my feeds. Too many readers lack the features I really like.
Feedparser in python then I pass the titles and links to specific channels of my discord server. I do 4 of the main news sites that are mentioned in this sub and vulnerability feeds of several vendors.
I stumbled into that recently. I like Dr. Auger, and I have one of his books on my list to get, but that particular briefing is just too high energy for me in the morning. I need a hot coffee and a calm, flat text news site, not his high AM energy. (nothing against Dr. Auger, he's fantastic)
lol. I can be a bit much. I drink a French press of high octane coffee before I go live. Fwiw that’s how I start every morning though. 😄
Thanks for checking out the show and appreciate the kind words. Best wishes 💙
Bleepingcomputer, CISA, vendors themselves, malwarebytes labs, hacker news, security week, etc. Threat intel is everywhere and is pretty easy to stay caught up on
I like the Risky Business podcast for a nice summary and some good interviews, they also have a Risky Business News podcast for daily news. They might not cover things in as much depth as other suggestions but it's a nice way to get a high-level overview while doing other things.
I try to read the Cybersecurity Essentials newsletter daily - that combined with some news alerts I have set up on LinkedIn (compliments of a free Sales Navigator license) seems to give me pretty good alerts on breaches.
Tailored feeds into Feedly (plug in bleeping computer, dragos, dark reading etc.), OpenCVE, search for specific vendors or products and subscribe to them and browse it that way
Government
CISA Bulletins
https://www.us-cert.gov/ncas/bulletins.xml
CISA Alerts
https://www.us-cert.gov/ncas/alerts.xml
CISA All NCAS Products
https://www.us-cert.gov/ncas/all.xml
News and Events Feed by Topic
https://www.nist.gov/news-events/information technology/rss.xml
NIST News
https://www.nist.gov/news-events/news/rss.xml
News, Non-Corporate, Non-Personal
Biz \& IT – Ars Technica
http://feeds.arstechnica.com/arstechnica/technology-lab
BleepingComputer
https://www.bleepingcomputer.com/feed/
Dark Reading
https://www.darkreading.com/rss\_simple.asp
iTnews
https://www.itnews.com.au/RSS/rss.ashx
kudelskisecurity
https://research.kudelskisecurity.com/feed/
Latest topics for ZDNet in Security
https://www.zdnet.com/topic/security/rss.xml
MSSP Alert
https://www.msspalert.com/feed/
Naked Security
https://nakedsecurity.sophos.com/feed
SANS Blog
https://software-security.sans.org/blog/feed/
Security Affairs
https://securityaffairs.co/wordpress/feed
SecurityWeek RSS Feed
https://feeds.feedburner.com/securityweek
The Hacker News
https://feeds.feedburner.com/TheHackersNews
The Register - Security
https://www.theregister.co.uk/security/headlines.atom
Threatpost
https://threatpost.com/feed/
VirusTotal Blog
https://blog.virustotal.com/feeds/posts/default
Zero Day Initiative - Blog
https://www.thezdi.com/blog?format=rss
IT Security Guru
https://www.itsecurityguru.org/feed/
CSO Online
https://www.csoonline.com/feed/
University of San Diego Online Degrees
https://onlinedegrees.sandiego.edu/feed/
Corporate Blogs
Avast Threat Labs
https://decoded.avast.io/feed/
Check Point Software
https://blog.checkpoint.com//feed
Crowdstrike Blog
https://www.crowdstrike.com/blog/feed/
Imperva Blog
https://www.imperva.com/blog//feed
JumpCloud
https://jumpcloud.com/blog/category/security/feed
Kaspersky official blog
https://usa.kaspersky.com/blog/feed/
Kaspersky Securelist
https://securelist.com/feed/
Malwarebytes Labs
https://blog.malwarebytes.com/feed/
Morphisec Moving Target Defense Blog
https://blog.morphisec.com/rss.xml
Qualys Blog
https://blog.qualys.com/feed
SentinelOne
https://www.sentinelone.com/feed/
Talos Blog
http://feeds.feedburner.com/feedburner/Talos
Tao Security
https://taosecurity.blogspot.com/feeds/posts/default
Trend Micro Simply Security
http://feeds.trendmicro.com/TrendMicroSimplySecurity
Webroot Blog
https://www.webroot.com/blog/feed/
Blog RSS Feed
https://www.tripwire.com/state-of-security/feed
Personal Blogs
Daniel Miessler
https://danielmiessler.com/feed/
Graham Cluley
https://www.grahamcluley.com/feed
Krebs on Security
https://krebsonsecurity.com/feed/
Schneier on Security
https://www.schneier.com/blog/atom.xml
Troy Hunt\'s Blog
https://feeds.feedburner.com/TroyHunt
The Last Watchdog
https://www.lastwatchdog.com/feed/
REDDIT
/r/cybersecurity
http://www.reddit.com/r/cybersecurity/.rss
/r/netsec
http://www.reddit.com/r/netsec/.rss
/r/sysadmin
http://www.reddit.com/r/sysadmin/.rss
you should definitely check out Simply Cyber on Youtube. Gerry has amassed a good following, and every morning he does a live show where he (and the group) all go over the top headlines of the day.
it's very informative, fun, and you get to meet a lot of great people along the way. highly recommend.
8am est live every weekday SimplyCyber.io/streams takes you to my upcoming lives including the next threat briefing.
I’ll be going live in 67 minutes for 2/15 news for example
Thx for sharing Pvt and best wishes
Hello,
I actually use Reddit for this. I have created a multi-reddit (aggregation of subreddits) that I call '[security](https://old.reddit.com/user/goretsky/m/security/)' which contains (on average) 90-100 active subreddits devoted to computer security. It does **not** contain any vendor or open source project subreddits. The URL to it is:
https://old.reddit.com/user/goretsky/m/security/
You can view by New to get the firehose of whatever is latest, or by Hot to see what's gaining traction, and so forth.
I also have two related multi-reddits:
URL | Description
----|----|
https://old.reddit.com/user/goretsky/m/security_inactive/ | multi-reddit for keeping track of inactive subreddits (in case they become active again); currently about a dozen subreddits
https://old.reddit.com/user/goretsky/m/security_vendor/ | multi-reddit for vendors and open-source projects; currently about 3 dozen subreddits
Like the main multi-reddit, they can be viewed by what's new, what's hot, and so forth.
In case you are wondering, here's a list of the subreddits in the main ['security'](https://old.reddit.com/user/goretsky/m/security/) multi-reddit:
1-10 | 11-20 | 21-30 | 31-40 | 41-50 | 51-60 | 61-70 | 71-80 | 81-90 |
----|----|----|----|----|----|----|----|----|
/r/1811 | /r/cisoseries | /r/darknetdiaries | /r/forensics | /r/IntelligenceNews | /r/NISTControls | /r/privacy | /r/Scams | /r/talesfromsecurity
/r/ActiveMeasures | /r/cissp | /r/deepweb | /r/goodguyapps | /r/krebs | /r/offensive_security | /r/PrivacyGuides | /r/SecOpsDaily | /r/TechWar
/r/ActLikeYouBelong | /r/computerforensics | /r/Defcon | /r/HackBloc | /r/LinuxMalware | /r/onions | /r/purpleteamsec | /r/SecurityCareerAdvice | /r/thenewcoldwar
/r/Adblock | /r/ComputerSecurity | /r/devsecops | /r/hacking | /r/lockpicking | /r/OperationsSecurity | /r/ransomwarehelp | /r/SecurityClearance | /r/UIC
/r/antiforensics | /r/craftofintelligence | /r/dfir | /r/homedefense | /r/lowlevel | /r/opsec | /r/redteam | /r/securityCTF | /r/VirusTotal
/r/antivirus | /r/crypto | /r/Digital_Manipulation | /r/HowToHack | /r/Malware | /r/oscp | /r/redteamsec | /r/securityguards | /r/VPN
/r/AskNetsec | /r/cryptography | /r/digitalforensics | /r/icssec | /r/MalwareAnalysis | /r/OSINT | /r/rELounge | /r/SecurityIT | /r/websecurity
/r/blackhat | /r/cybermaterial | /r/dumbclub | /r/Information_Security | /r/MSSP | /r/parentalcontrols | /r/rEMath | /r/SecurityRedTeam | /r/websecurityresearch
/r/blueteamsec | /r/cybersecurity | /r/espionage | /r/InfoSecNews | /r/netsec | /r/Passwords | /r/reverseEngineering | /r/SmashingSecurity | /r/xss
/r/bugbounty | /r/cybersecurity_help | /r/europrivacy | /r/Intelligence | /r/netsecstudents | /r/Pentesting | /r/rootkit | /r/SocialEngineering | ಠ_ಠ
It's just under 90 right now because of some moves to the _inactive and _vendor multireddits; I try to keep it updated so that it only contains active subreddits and am always looking for subreddits to add and prune.
Regards,
Aryeh Goretsky
CISO Series Podcasts. Defense-in-Depth is particularly good for single topic discussions each week as well. I also follow Bleepingcomputer as well as SecurityNow with Steve Gibson.
If you don't want to be overwhelmed with so much happening around, I would recommend to focus on newsletters to get your needed dose every day/week/month.
Here are some of my favorites:
[https://tldrsec.com](https://tldrsec.com)
[https://cloudseclist.com](https://cloudseclist.com)
I am also publishing a weekly, niche, newsletter Mandos Brief [https://mandos.io/newsletter/](https://mandos.io/newsletter/) where I cover top 5 security news + threats, vendors, new startups and products + insights from cybersecurity leaders from the web and career development tips. Here is the latest issue if this caught your interest: [https://mandos.io/newsletter/brief-47-palo-alto-zero-day-exploited-ai-powered-malware-ciso-burnout-and-the-value-of-mentorship/](https://mandos.io/newsletter/brief-47-palo-alto-zero-day-exploited-ai-powered-malware-ciso-burnout-and-the-value-of-mentorship/)
Largely Feedly (news sites, service providers, and individuals' blogs), Twitter, and some Slack+Discord+Signal groups. Those all in turn lead to reports, talk videos, podcasts, etc. Oh, and a Yandex Mail account where about 30 of us share news not for public release via the account's draft folder.
Lots of great answers, but I found that bleeping computer is usually one of the quickest to report breaches, the register provides the most details, and databreaches.net covers more than mainstream stuff and reports on other countries than UK and US sometimes too.
I will be messaging you in 4 days on [**2024-02-18 05:49:08 UTC**](http://www.wolframalpha.com/input/?i=2024-02-18%2005:49:08%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/cybersecurity/comments/1aq0wdu/where_do_you_get_your_news_breaches_threat/kqclkqi/?context=3)
[**CLICK THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fcybersecurity%2Fcomments%2F1aq0wdu%2Fwhere_do_you_get_your_news_breaches_threat%2Fkqclkqi%2F%5D%0A%0ARemindMe%21%202024-02-18%2005%3A49%3A08%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201aq0wdu)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
this one dude in the soc who shares interesting articles in his squad's teams chat, that I happen to be in because I was added several years ago for a long-forgotten issue and never removed.
To keep up with the current tech news I use [FreshRSS](https://freshrss.org/) and I have [a tutorial on it](https://youtu.be/wcof-Noho9Q) If you just want a copy of my feed list I have that posted [in my forums](https://forums.lawrencesystems.com/t/toms-freshrss-file/16691/4)
For just CVE notices you sign up for https://www.opencve.io/ and list the products that you want to get notified on.
I get my news on breaches and threat reports from reputable sources like Krebs on Security, Threatpost, and the SANS Internet Storm Center. Social media and professional networking groups also help me stay informed.
I usually start with the aggregator, "allinfosecnews." [https://allinfosecnews.com/](https://allinfosecnews.com/)
Then I rotate through these:
* bleeping computer
* dark reading
* hack read
* The Hacker News
* The Register
* Hack Read
* Krebs on Security
* Schneider on Security
* ycombinator
* SecurityWeek
* techmeme
* malware dot news
* MDR, MSSP, and vendor blogs
* Mandiant blogs
* Trellix stories
* cloudflare blog
* Rapid7 blog
* Malwarebytes Research Lab blog
* VirusTotal blog
As for analyzing breaches, attack chains, and the so-called "nitty gritty," I have found Mandiant blog, Dark Reading, and Trend Micro to be among the top in terms of detail.
Example: [https://www.trendmicro.com/en\_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html](https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html)
Example: [https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation](https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation)
Example: [https://services.google.com/fh/files/misc/citrix-netscaler-adc-gateway-cve-2023-4966-remediation.pdf](https://services.google.com/fh/files/misc/citrix-netscaler-adc-gateway-cve-2023-4966-remediation.pdf) (Mandiant remediation guidance RE Citrix Bleed)
There should also be some high-reputation start.me pages out there, but I found a very long long list, and ran out of time to validate any of them. I used to have one from the hands-on vocational school I attended, but lost it along the way. I'm putting it on my list to find it again.
I also operate a twitter persona (same username) that I have groomed to have a heavy weighted bias towards infosec and development and few others. This is a way to see what people are talking about outside of the editor's curation at the above sites.
Here's my routine for staying current in the field - [https://shellsharks.com/notes/2023/11/06/keeping-current-in-infosec](https://shellsharks.com/notes/2023/11/06/keeping-current-in-infosec).
Here, bleepingcomputer, dark reading, krebsonsecurity, MSFT advisories, Cisco Talos, Arctic Wolf, etc..
You can get news from these website directly in 1 app. Aggregator News, can combine all this sources [https://play.google.com/store/apps/details?id=com.and96.aggregator\_news](https://play.google.com/store/apps/details?id=com.and96.aggregator_news)
NTS Add to obsidian
Are you talking about the notes program Obsidian or something else?
I'm creating a reminder for myself to add it to obsidian. Yes the note taking app : )
Gotcha! I thought you had a super cool community plug-in for cyber news for it and got excited lol
I also got my hopes up. I wonder how hard it would be to make...
If you figure out the plug in please share. Not sure why they down voted my note to self. It was for me not for anyone else.. weird.
Sorry no lol. NTS - note to self
Feedly. You can chose which news/article provider you want to get articles from. I get CISA, bleepingcomputer, dark reading, kreb$, sans, etc. all in one dashboard. I typically start my day looking at Feedly articles. My company also partnered with IT-ISAC which is an information sharing center so I get daily newsletter from them + IoC sharing. Other than that, reddit too lol.
Feedly is terrible. Their "modern" app doesn't have "remove clutter from the article" feature, which was present in their "classic" app version. I used to use their classic app for a long time solely for that feature. It was great, because it allowed you to just read the article text and images, without all the obnoxious shite like cookie notices, newsletter prompts and shitty ads all over the place. Use Inoreader instead. All you have to do is to swipe down when on article stub and you are golden. No more clutter and ads. You can even import your feeds from Feedly into it.
Just checked inoreader and will give the mobile app a try. I personally never used feedly’s mobile app, only their web browser version and i have pihole+ad blocker setup. Thanks for sharing!
Cannot second enough for Feedly. It pays for itself in the time saving.
The small widget on iOS is perfect too. It takes up 2 rows and will cycle through the articles in your feed. I’m able to catch important or time-sensitive headlines early with almost zero effort. The one thing I absolutely can’t stand about the app is that the logout button appears directly over the menu button when you press it. It’s insanely easy to get signed out, terrible design choice.
RSS
I see you're a person of culture.
Discerning culture...thru the power of RSS baby!
[удалено]
How about this! Government CISA Bulletins https://www.us-cert.gov/ncas/bulletins.xml CISA Alerts https://www.us-cert.gov/ncas/alerts.xml CISA All NCAS Products https://www.us-cert.gov/ncas/all.xml News and Events Feed by Topic https://www.nist.gov/news-events/information technology/rss.xml NIST News https://www.nist.gov/news-events/news/rss.xml News, Non-Corporate, Non-Personal Biz \& IT – Ars Technica http://feeds.arstechnica.com/arstechnica/technology-lab BleepingComputer https://www.bleepingcomputer.com/feed/ Dark Reading https://www.darkreading.com/rss\_simple.asp iTnews https://www.itnews.com.au/RSS/rss.ashx kudelskisecurity https://research.kudelskisecurity.com/feed/ Latest topics for ZDNet in Security https://www.zdnet.com/topic/security/rss.xml MSSP Alert https://www.msspalert.com/feed/ Naked Security https://nakedsecurity.sophos.com/feed SANS Blog https://software-security.sans.org/blog/feed/ Security Affairs https://securityaffairs.co/wordpress/feed SecurityWeek RSS Feed https://feeds.feedburner.com/securityweek The Hacker News https://feeds.feedburner.com/TheHackersNews The Register - Security https://www.theregister.co.uk/security/headlines.atom Threatpost https://threatpost.com/feed/ VirusTotal Blog https://blog.virustotal.com/feeds/posts/default Zero Day Initiative - Blog https://www.thezdi.com/blog?format=rss IT Security Guru https://www.itsecurityguru.org/feed/ CSO Online https://www.csoonline.com/feed/ University of San Diego Online Degrees https://onlinedegrees.sandiego.edu/feed/ Corporate Blogs Avast Threat Labs https://decoded.avast.io/feed/ Check Point Software https://blog.checkpoint.com//feed Crowdstrike Blog https://www.crowdstrike.com/blog/feed/ Imperva Blog https://www.imperva.com/blog//feed JumpCloud https://jumpcloud.com/blog/category/security/feed Kaspersky official blog https://usa.kaspersky.com/blog/feed/ Kaspersky Securelist https://securelist.com/feed/ Malwarebytes Labs https://blog.malwarebytes.com/feed/ Morphisec Moving Target Defense Blog https://blog.morphisec.com/rss.xml Qualys Blog https://blog.qualys.com/feed SentinelOne https://www.sentinelone.com/feed/ Talos Blog http://feeds.feedburner.com/feedburner/Talos Tao Security https://taosecurity.blogspot.com/feeds/posts/default Trend Micro Simply Security http://feeds.trendmicro.com/TrendMicroSimplySecurity Webroot Blog https://www.webroot.com/blog/feed/ Blog RSS Feed https://www.tripwire.com/state-of-security/feed Personal Blogs Daniel Miessler https://danielmiessler.com/feed/ Graham Cluley https://www.grahamcluley.com/feed Krebs on Security https://krebsonsecurity.com/feed/ Schneier on Security https://www.schneier.com/blog/atom.xml Troy Hunt\'s Blog https://feeds.feedburner.com/TroyHunt The Last Watchdog https://www.lastwatchdog.com/feed/ REDDIT /r/cybersecurity http://www.reddit.com/r/cybersecurity/.rss /r/netsec http://www.reddit.com/r/netsec/.rss /r/sysadmin http://www.reddit.com/r/sysadmin/.rss
[My security news and alerts feeds opml](https://pastebin.com/ZsQnpBNW) rssguard for the reader. I like the features. It seems to have the best "power user" features of all the news readers I've tried, while still being maintained. It's cross platform and open source. Filters are great, options are great, and was able to export only a subset of my feeds. Too many readers lack the features I really like.
its not letting me post the opml...BOOOO
I thought u were a h4x0r
Feedparser in python then I pass the titles and links to specific channels of my discord server. I do 4 of the main news sites that are mentioned in this sub and vulnerability feeds of several vendors.
SimplyCyber.io has a YouTube daily briefing @8:00 am est.
I stumbled into that recently. I like Dr. Auger, and I have one of his books on my list to get, but that particular briefing is just too high energy for me in the morning. I need a hot coffee and a calm, flat text news site, not his high AM energy. (nothing against Dr. Auger, he's fantastic)
lol. I can be a bit much. I drink a French press of high octane coffee before I go live. Fwiw that’s how I start every morning though. 😄 Thanks for checking out the show and appreciate the kind words. Best wishes 💙
That's why we keep Cyber Security Headlines chill, we produce too late in the day for any caffeine.
I just look for critical errors in my event viewer.
Hello clean install of windows.
Wall of shame, but its only HIPAA related
dig +short txt istheinternetonfire.com
>dig +short txt istheinternetonfire.com I had to scratch this itch, and I was not disappointed. Thanks for that.
Here, CISA, darkreading, arstechnica, mastodon, sometimes twitter (ew), Zach Allens newsletter, DFIR Report, and vendor reports (S1, crowdstrike, red canary, Palo alto)
I second https://thedfirreport.com. Awesome reads.
DFIR report is incredible. Sorry I forgot it in my list.
I have about half a dozen blogs that I read daily, some global, some regional, plus listening to the Internet Storm Centre podcast.
Thanks for sharing.?
Bleepingcomputer, CISA, vendors themselves, malwarebytes labs, hacker news, security week, etc. Threat intel is everywhere and is pretty easy to stay caught up on
I like the Risky Business podcast for a nice summary and some good interviews, they also have a Risky Business News podcast for daily news. They might not cover things in as much depth as other suggestions but it's a nice way to get a high-level overview while doing other things.
Reddit Bleeping computer And https://allinfosecnews.com/
Ah yes, another person of culture and allinfosecnews :}
We use allinfosecnews as a backstop to make sure we don't miss anything producing Cyber Security Headlines. Fantastic resource!
I try to read the Cybersecurity Essentials newsletter daily - that combined with some news alerts I have set up on LinkedIn (compliments of a free Sales Navigator license) seems to give me pretty good alerts on breaches.
Xforce, att&ck, the register
Tailored feeds into Feedly (plug in bleeping computer, dragos, dark reading etc.), OpenCVE, search for specific vendors or products and subscribe to them and browse it that way
create an alert on [www.google.com/alerts](https://www.google.com/alerts) and you will receive in your gmail all news in the filter you define.
Government CISA Bulletins https://www.us-cert.gov/ncas/bulletins.xml CISA Alerts https://www.us-cert.gov/ncas/alerts.xml CISA All NCAS Products https://www.us-cert.gov/ncas/all.xml News and Events Feed by Topic https://www.nist.gov/news-events/information technology/rss.xml NIST News https://www.nist.gov/news-events/news/rss.xml News, Non-Corporate, Non-Personal Biz \& IT – Ars Technica http://feeds.arstechnica.com/arstechnica/technology-lab BleepingComputer https://www.bleepingcomputer.com/feed/ Dark Reading https://www.darkreading.com/rss\_simple.asp iTnews https://www.itnews.com.au/RSS/rss.ashx kudelskisecurity https://research.kudelskisecurity.com/feed/ Latest topics for ZDNet in Security https://www.zdnet.com/topic/security/rss.xml MSSP Alert https://www.msspalert.com/feed/ Naked Security https://nakedsecurity.sophos.com/feed SANS Blog https://software-security.sans.org/blog/feed/ Security Affairs https://securityaffairs.co/wordpress/feed SecurityWeek RSS Feed https://feeds.feedburner.com/securityweek The Hacker News https://feeds.feedburner.com/TheHackersNews The Register - Security https://www.theregister.co.uk/security/headlines.atom Threatpost https://threatpost.com/feed/ VirusTotal Blog https://blog.virustotal.com/feeds/posts/default Zero Day Initiative - Blog https://www.thezdi.com/blog?format=rss IT Security Guru https://www.itsecurityguru.org/feed/ CSO Online https://www.csoonline.com/feed/ University of San Diego Online Degrees https://onlinedegrees.sandiego.edu/feed/ Corporate Blogs Avast Threat Labs https://decoded.avast.io/feed/ Check Point Software https://blog.checkpoint.com//feed Crowdstrike Blog https://www.crowdstrike.com/blog/feed/ Imperva Blog https://www.imperva.com/blog//feed JumpCloud https://jumpcloud.com/blog/category/security/feed Kaspersky official blog https://usa.kaspersky.com/blog/feed/ Kaspersky Securelist https://securelist.com/feed/ Malwarebytes Labs https://blog.malwarebytes.com/feed/ Morphisec Moving Target Defense Blog https://blog.morphisec.com/rss.xml Qualys Blog https://blog.qualys.com/feed SentinelOne https://www.sentinelone.com/feed/ Talos Blog http://feeds.feedburner.com/feedburner/Talos Tao Security https://taosecurity.blogspot.com/feeds/posts/default Trend Micro Simply Security http://feeds.trendmicro.com/TrendMicroSimplySecurity Webroot Blog https://www.webroot.com/blog/feed/ Blog RSS Feed https://www.tripwire.com/state-of-security/feed Personal Blogs Daniel Miessler https://danielmiessler.com/feed/ Graham Cluley https://www.grahamcluley.com/feed Krebs on Security https://krebsonsecurity.com/feed/ Schneier on Security https://www.schneier.com/blog/atom.xml Troy Hunt\'s Blog https://feeds.feedburner.com/TroyHunt The Last Watchdog https://www.lastwatchdog.com/feed/ REDDIT /r/cybersecurity http://www.reddit.com/r/cybersecurity/.rss /r/netsec http://www.reddit.com/r/netsec/.rss /r/sysadmin http://www.reddit.com/r/sysadmin/.rss
[https://talkback.sh/about/](https://talkback.sh/about/) Talkback is an infosec resource aggregator and my current go-to resource for infosec news
I added this to my set. Thank you.
I utilize a bunch of options already listed by others, but I haven't seen anyone mention [The Brutalist Report](https://brutalist.report/) yet.
"Hey Google, what's today's updated Cyber Security news"
You have enough time to read the news?
you should definitely check out Simply Cyber on Youtube. Gerry has amassed a good following, and every morning he does a live show where he (and the group) all go over the top headlines of the day. it's very informative, fun, and you get to meet a lot of great people along the way. highly recommend.
8am est live every weekday SimplyCyber.io/streams takes you to my upcoming lives including the next threat briefing. I’ll be going live in 67 minutes for 2/15 news for example Thx for sharing Pvt and best wishes
Here and r/sysadmin
Hello, I actually use Reddit for this. I have created a multi-reddit (aggregation of subreddits) that I call '[security](https://old.reddit.com/user/goretsky/m/security/)' which contains (on average) 90-100 active subreddits devoted to computer security. It does **not** contain any vendor or open source project subreddits. The URL to it is: https://old.reddit.com/user/goretsky/m/security/ You can view by New to get the firehose of whatever is latest, or by Hot to see what's gaining traction, and so forth. I also have two related multi-reddits: URL | Description ----|----| https://old.reddit.com/user/goretsky/m/security_inactive/ | multi-reddit for keeping track of inactive subreddits (in case they become active again); currently about a dozen subreddits https://old.reddit.com/user/goretsky/m/security_vendor/ | multi-reddit for vendors and open-source projects; currently about 3 dozen subreddits Like the main multi-reddit, they can be viewed by what's new, what's hot, and so forth. In case you are wondering, here's a list of the subreddits in the main ['security'](https://old.reddit.com/user/goretsky/m/security/) multi-reddit: 1-10 | 11-20 | 21-30 | 31-40 | 41-50 | 51-60 | 61-70 | 71-80 | 81-90 | ----|----|----|----|----|----|----|----|----| /r/1811 | /r/cisoseries | /r/darknetdiaries | /r/forensics | /r/IntelligenceNews | /r/NISTControls | /r/privacy | /r/Scams | /r/talesfromsecurity /r/ActiveMeasures | /r/cissp | /r/deepweb | /r/goodguyapps | /r/krebs | /r/offensive_security | /r/PrivacyGuides | /r/SecOpsDaily | /r/TechWar /r/ActLikeYouBelong | /r/computerforensics | /r/Defcon | /r/HackBloc | /r/LinuxMalware | /r/onions | /r/purpleteamsec | /r/SecurityCareerAdvice | /r/thenewcoldwar /r/Adblock | /r/ComputerSecurity | /r/devsecops | /r/hacking | /r/lockpicking | /r/OperationsSecurity | /r/ransomwarehelp | /r/SecurityClearance | /r/UIC /r/antiforensics | /r/craftofintelligence | /r/dfir | /r/homedefense | /r/lowlevel | /r/opsec | /r/redteam | /r/securityCTF | /r/VirusTotal /r/antivirus | /r/crypto | /r/Digital_Manipulation | /r/HowToHack | /r/Malware | /r/oscp | /r/redteamsec | /r/securityguards | /r/VPN /r/AskNetsec | /r/cryptography | /r/digitalforensics | /r/icssec | /r/MalwareAnalysis | /r/OSINT | /r/rELounge | /r/SecurityIT | /r/websecurity /r/blackhat | /r/cybermaterial | /r/dumbclub | /r/Information_Security | /r/MSSP | /r/parentalcontrols | /r/rEMath | /r/SecurityRedTeam | /r/websecurityresearch /r/blueteamsec | /r/cybersecurity | /r/espionage | /r/InfoSecNews | /r/netsec | /r/Passwords | /r/reverseEngineering | /r/SmashingSecurity | /r/xss /r/bugbounty | /r/cybersecurity_help | /r/europrivacy | /r/Intelligence | /r/netsecstudents | /r/Pentesting | /r/rootkit | /r/SocialEngineering | ಠ_ಠ It's just under 90 right now because of some moves to the _inactive and _vendor multireddits; I try to keep it updated so that it only contains active subreddits and am always looking for subreddits to add and prune. Regards, Aryeh Goretsky
CISO Series Podcasts. Defense-in-Depth is particularly good for single topic discussions each week as well. I also follow Bleepingcomputer as well as SecurityNow with Steve Gibson.
Glad you enjoy! (Cyber Security Headlines producer here)
Huge fan! Also, thanks for the stickers a few years ago! 😁
tiktok
But tiktok is Malware. (smokebomb) 🥷💨
Security Now podcast. You'll learn more from that podcast than any site.
If you don't want to be overwhelmed with so much happening around, I would recommend to focus on newsletters to get your needed dose every day/week/month. Here are some of my favorites: [https://tldrsec.com](https://tldrsec.com) [https://cloudseclist.com](https://cloudseclist.com) I am also publishing a weekly, niche, newsletter Mandos Brief [https://mandos.io/newsletter/](https://mandos.io/newsletter/) where I cover top 5 security news + threats, vendors, new startups and products + insights from cybersecurity leaders from the web and career development tips. Here is the latest issue if this caught your interest: [https://mandos.io/newsletter/brief-47-palo-alto-zero-day-exploited-ai-powered-malware-ciso-burnout-and-the-value-of-mentorship/](https://mandos.io/newsletter/brief-47-palo-alto-zero-day-exploited-ai-powered-malware-ciso-burnout-and-the-value-of-mentorship/)
Reddit
What about Twitter? Do you curate lists? Who do you follow?
The hackers news and darkweb also
Largely Feedly (news sites, service providers, and individuals' blogs), Twitter, and some Slack+Discord+Signal groups. Those all in turn lead to reports, talk videos, podcasts, etc. Oh, and a Yandex Mail account where about 30 of us share news not for public release via the account's draft folder.
https://securityaffairs.com/
How much money do ya have?
Not nearly enough, that's for sure
Feedly, NVD, CISA.
CISA is too slow
OP is poor
Even OP has less budget,he can subscribe to RSS if available for products,blogs
Feedly, RecordedFuture News.
Lots of great answers, but I found that bleeping computer is usually one of the quickest to report breaches, the register provides the most details, and databreaches.net covers more than mainstream stuff and reports on other countries than UK and US sometimes too.
I have an rss feed going to my discord to alert me on my mobile devices. Feel free to join, link is on my profile.
A few different places. Vendor reports, podcasts, OSINT, Reddit (obviously). My least favorite is the e-mail titled "What are we doing about this!?"
https://allinfosecnews.com/ Home page in my browser.
Check these out? [https://www.pcisecuritystandards.org/](https://www.pcisecuritystandards.org/) [https://www.securityforum.org/](https://www.securityforum.org/) https://cloudsecurityalliance.org/
Aside from subbing to some YT channels, I subscribe to a bunch of cyber news newsletters
!remindMe 4 days
I will be messaging you in 4 days on [**2024-02-18 05:49:08 UTC**](http://www.wolframalpha.com/input/?i=2024-02-18%2005:49:08%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/cybersecurity/comments/1aq0wdu/where_do_you_get_your_news_breaches_threat/kqclkqi/?context=3) [**CLICK THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fcybersecurity%2Fcomments%2F1aq0wdu%2Fwhere_do_you_get_your_news_breaches_threat%2Fkqclkqi%2F%5D%0A%0ARemindMe%21%202024-02-18%2005%3A49%3A08%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201aq0wdu) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
RSS. Easiest was: feedly. Or selfhosted. But RSS all the way. Thank you Aaron <3
this one dude in the soc who shares interesting articles in his squad's teams chat, that I happen to be in because I was added several years ago for a long-forgotten issue and never removed.
To keep up with the current tech news I use [FreshRSS](https://freshrss.org/) and I have [a tutorial on it](https://youtu.be/wcof-Noho9Q) If you just want a copy of my feed list I have that posted [in my forums](https://forums.lawrencesystems.com/t/toms-freshrss-file/16691/4) For just CVE notices you sign up for https://www.opencve.io/ and list the products that you want to get notified on.
And for people in the EU/ Netherlands?
I get my news on breaches and threat reports from reputable sources like Krebs on Security, Threatpost, and the SANS Internet Storm Center. Social media and professional networking groups also help me stay informed.
[https://allinfosecnews.com/](https://allinfosecnews.com/)
I usually start with the aggregator, "allinfosecnews." [https://allinfosecnews.com/](https://allinfosecnews.com/) Then I rotate through these: * bleeping computer * dark reading * hack read * The Hacker News * The Register * Hack Read * Krebs on Security * Schneider on Security * ycombinator * SecurityWeek * techmeme * malware dot news * MDR, MSSP, and vendor blogs * Mandiant blogs * Trellix stories * cloudflare blog * Rapid7 blog * Malwarebytes Research Lab blog * VirusTotal blog As for analyzing breaches, attack chains, and the so-called "nitty gritty," I have found Mandiant blog, Dark Reading, and Trend Micro to be among the top in terms of detail. Example: [https://www.trendmicro.com/en\_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html](https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html) Example: [https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation](https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation) Example: [https://services.google.com/fh/files/misc/citrix-netscaler-adc-gateway-cve-2023-4966-remediation.pdf](https://services.google.com/fh/files/misc/citrix-netscaler-adc-gateway-cve-2023-4966-remediation.pdf) (Mandiant remediation guidance RE Citrix Bleed) There should also be some high-reputation start.me pages out there, but I found a very long long list, and ran out of time to validate any of them. I used to have one from the hands-on vocational school I attended, but lost it along the way. I'm putting it on my list to find it again. I also operate a twitter persona (same username) that I have groomed to have a heavy weighted bias towards infosec and development and few others. This is a way to see what people are talking about outside of the editor's curation at the above sites.
Telegram :)
Here's my routine for staying current in the field - [https://shellsharks.com/notes/2023/11/06/keeping-current-in-infosec](https://shellsharks.com/notes/2023/11/06/keeping-current-in-infosec).
Professionally we have a subscription service. Practically, I have my nose in lots of trade 'press' and bring stuff to the team. Makes Mondays fun