A curated list of mailing lists, newsletters, daily briefs, and weekly reports that provide high-quality threat intelligence. Ideal for CTI analysts, SOC teams, DFIR practitioners, and security researchers who want consistent, structured updates on global threats.
- Threat Intel Newsletters
- Industry Vendor Reports
- Open-Source Intel Digests
- Government & CERT Bulletins
- Vulnerability & Advisory Feeds
- Contributing
High-signal mailing lists focused on threat activity, IOCs, infrastructure trends, and actor reporting.
https://www.team-cymru.com/dnb
Global threat activity digest with trends, botnet analysis, infrastructure changes, and high-value intelligence from Team Cymru's research team.
https://www.recordedfuture.com/cyber-daily
Daily summary of vulnerabilities, threat actor activity, and key cyber events.
https://unit42.paloaltonetworks.com
Campaign reporting, malware analysis, and APT tracking.
https://otx.alienvault.com
Community-driven threat indicators and trending threat summaries.
https://isc.sans.edu
Daily write-ups on malware, exploits, and internet-wide anomalies.
https://blog.google/threat-analysis-group
Research on nation-state campaigns and exploitation trends.
https://talosintelligence.com
Threat roundups, malware deep dives, and security advisories.
Usually weekly or monthly, focused on actor tracking, malware families, and infrastructure trends.
https://www.crowdstrike.com/blog/category/threat-intel
Actor profiles, campaign breakdowns, and malware reporting.
https://www.mandiant.com/resources
APT reporting, IR case insights, exploitation trends.
https://www.proofpoint.com/us/blog/threat-insight
Email-based threat landscape and actor tracking.
https://www.sentinelone.com/labs
Technical analysis, malware reverse engineering, and exploit research.
https://research.checkpoint.com
Threat actor activity and technical reporting.
https://securelist.com
Long-form malware research and campaign analysis.
Community-led, free resources summarizing broad cyber activity.
https://thedfirreport.com
Real-world intrusions analyzed from initial access to impact.
https://risky.biz
Weekly security news and threat summaries.
https://www.bleepingcomputer.com
Timely reporting on ransomware and vulnerabilities.
https://thehackernews.com
Industry news with a focus on exploitation and active threats.
https://www.thecyberwire.com
Concise daily cyber news and threat insights.
Public advisories and alerts with high-value operational intelligence.
https://www.cisa.gov/news-events/cybersecurity-advisories
Timely vulnerability and threat actor reporting.
https://www.cisa.gov/uscert/ncas
Technical alerts and mitigation guidance.
https://www.ncsc.gov.uk
Threat landscape updates, advisories, and mitigation guidance.
https://www.enisa.europa.eu
EU-focused threat data and annual intelligence.
https://cert.europa.eu
Threat intelligence and vulnerability summaries relevant to EU institutions.
https://www.cyber.gov.au
Advisories for government and enterprise defenders.
Vuln-focused mailing lists and security advisories relevant for threat intelligence.
https://seclists.org/fulldisclosure
Public disclosure of new vulnerabilities.
https://seclists.org/bugtraq
Still useful for legacy reference.
https://www.kb.cert.org/vuls
Vulnerability notes and coordination summaries.
https://www.exploit-db.com
Daily exploit and PoC updates.
Have a mailing list, briefing, or threat intel newsletter to add?
Pull requests and contributions are welcome.