I'm looking for current resources to stay informed about zero-day vulnerabilities. In the past, there were great free or low-cost options, but after the changes to Twitter's API and a rise in subscription costs for some services, I'm curious about where people are turning to now for relevant updates and discussions.
5 Answers
If you're looking for the latest threats, maybe look into Arctic Wolf or similar firms. They offer monitoring services and often alert clients about new vulnerabilities before they hit the news.
For quick alerts, the Hacker News has a newsletter that goes out daily with recent exploits. And if you’re into podcasts, the SANS daily podcast is a solid source too!
Another resource is Vulmon; it aggregates vulnerability data and can be a handy tool for tracking zero-days as they pop up. Just remember that discovering zero-days is tricky since they're often not disclosed.
There are quite a few sites worth checking! For blogs, consider Bleeping Computer, Krebs on Security, Dark Reading, and The Hacker News. They regularly update on the latest vulnerabilities. Also, CISA has advisories that can help, especially when something is actively being exploited.
You might want to check out a few specific forums, like sysadmin and netsec. They often have real-time discussions on vulnerabilities you wouldn't find elsewhere. Some people also point to sites like Wiz.io for a more organized view.
CISA used to be a go-to, but some say their reliability is slipping lately due to funding issues.