We don't rewrite press releases. Every advisory we publish has a traceable origin — an NVD record, a KEV entry, a vendor bulletin, a CERT note, or a researcher's write-up. If a source disappears, the link breaks honestly instead of silently decaying into hearsay.
The list below is the current registry of what feeds this desk. It updates automatically when we add or retire a source, so what you see here is what we're actually reading today — not a marketing checklist.
Canonical CVE data — NVD and equivalent national registries.
| Name | Type | Region | Description |
|---|---|---|---|
| NVD — Recent CVEs ↗ | CVE feed | us | NIST National Vulnerability Database recent CVEs |
Exploitation signal — CISA KEV and other actively-exploited-vulnerability catalogs.
| Name | Type | Region | Description |
|---|---|---|---|
| CISA — Known Exploited Vulnerabilities ↗ | KEV | us | CISA Known Exploited Vulnerabilities catalog (JSON) |
Government response teams publishing coordinated advisories.
| Name | Type | Region | Description |
|---|---|---|---|
| BSI — CERT-Bund WID ↗ | CERT | de | BSI CERT-Bund Warn- und Informationsdienst |
| CISA — Cybersecurity Advisories ↗ | CERT | us | CISA cybersecurity advisories (broader than KEV) |
| JPCERT/CC Alert ↗ | CERT | jp | Japan CERT — broad APAC visibility |
First-party security bulletins from software and hardware vendors.
| Name | Type | Region | Description |
|---|---|---|---|
| Google Project Zero ↗ | Vendor advisory | global | Google Project Zero original 0-day research drops |
| MSRC — Security Update Guide ↗ | Vendor advisory | global | Microsoft Security Response Center advisory feed |