Mags, Blogs, Communities

Disclaimer: Links are provided on these pages purely for informational purposes and should not be construed as endorsement or claim of partnership or affiliation with any of the companies, websites, people or products. All names, logos and trademarks belong to their respective owners.


CVE Details

This web site is an effort by Serkan Özkan, who has been working as a security consultant and spent too many hours trying to find an easy to use list of security vulnerabilities. is another project by Serkan Özkan. provides a unique web interface for Open Vulnerability and Assessment Language (OVAL) definitions.


This site collects OVAL(Open Vulnerability and Assessment Language) definitions from several sources like Mitre, Red Hat, Suse, NVD, Apache etc and provides a unified, easy to use web interface to all IT security related items including patches, vulnerabilities and compliance checklists.
This web site is an effort by Serkan Özkan, who has been working as a security consultant and spent too many hours trying to find an easy to use list of security vulnerabilities. is another project by Serkan Özkan. provides a unique web interface for Open Vulnerability and Assessment Language (OVAL) definitions.

Exploit DB

The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by Offensive Security.


The Cybersecurity and Infrastructure Security Agency (CISA) provides extensive cybersecurity and infrastructure security knowledge and practices to its stakeholders, shares that knowledge to enable better risk management, and puts it into practice to protect the Nation’s essential resources.

NIST Vulnerability DB

Search results will only be returned for data that is populated by NIST or from source of Acceptance Level "Provider".


VulDB stands for Vulnerability Database. VulDB curates and documents security vulnerabilities that are published in electronic products. VDB is one of the most important sources for people responsible for handling vulnerabilities, vulnerability management, exploit analysis, threat intelligence, and incident response handling.

Rapid7 VE Database

A curated repository of vetted computer software exploits and exploitable vulnerabilities.
Technical details for over 140,000 vulnerabilities and 3,000 exploits are available for security professionals and researchers to review. These vulnerabilities are utilized by our vulnerability management tool InsightVM. The exploits are all included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.

Packet Storm

Packet Storm provides around-the-clock information and tools in order to help mitigate both personal data and fiscal loss on a global scale. As new information surfaces, Packet Storm releases everything immediately through it's RSS feeds, Twitter, and Facebook.

Dark Reading

Dark encompasses 13 communities, each of which drills deeper into the enterprise security challenge: Analytics, Attacks & Breaches, Application Security, Careers and People, Cloud Security, Endpoint, IoT, Mobile, Operations, Perimeter, Risk, Threat Intelligence, and Vulnerabilities and Threats.

Threat Post

Threatpost is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.

Infosec Industry

InfoSec Industry is your one stop for access to the latest breaking news and resources on the topic of information security.

InfoSecurity Magazine

Infosecurity Magazine provides knowledge and insight into the information security industry. Infosecurity Magazine also provides free educational content featuring: an established webinar channel, whitepaper syndication programs & industry leading virtual conferences.

Data Breach Today

Covering topics in risk management, compliance, fraud, and information security.

Slashdot Security

Slashdot needs no introduction.

Information Security News (SANS)

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.

Naked Security (Sophos)

Naked Security is Sophos’s award-winning threat news room, giving you news, opinion, advice and research on computer security issues and the latest internet threats.


Business, Culture, Gear, Ideas, Science, Security

CSO Online

From IDG. News, Reviews, Events, Newsletters, Video, Resource Library

C|Net Security

Reviews, News, Video, How-to

SC Magazine

News, Reviews, Events, Resource Library Sec-Ops Centre

ZDNet Security

Featured Video, Articles, Reviews,


Magazine, Featured Articles, Events, Masterclass

The Register

Independent news and views for the tech community.

Krebs on Security

From the About page: "Brian Krebs worked as a reporter for The Washington Post from 1995 to 2009, authoring more than 1,300 blog posts for the Security Fix blog, as well as hundreds of stories for and The Washington Post newspaper, including eight front-page stories in the dead-tree edition and a Post Magazine cover piece on botnet operators. In 2014, he was profiled in The New York Times, Business Week, NPR’s Terry Gross, and by"


Cyber Security Insights - Blog on CyberSecurity

Schneier on Security

From the About page: "Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of over one dozen books--including his latest, Click Here to Kill Everybody--as well as hundreds of articles, essays, and academic papers."

Daniel Miessler

From the About page: "My name is Daniel Miessler, and I’m a cybersecurity professional and writer living in San Francisco, California. My primary purpose in life is that of learning, creating, and sharing, and I’ve been doing that here since 1999. You can find my tutorials and projects above, and be sure to check out the podcast and newsletter as well…"

Graham Cluley

From the About page: "I’ve been working in the computer security industry since the early 1990s, when I worked as a programmer, writing the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Subsequently I was employed in senior roles by Sophos (where I founded the Naked Security blog) and McAfee. In 2011, I was honoured to be inducted into the Infosecurity Europe Hall of Fame."

IT Security Guru

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories! Rather than you having to trawl through all the newsfeeds to find out what’s cooking, you can quickly get everything you need from this site!

Security Weekly Blog

Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005.

State of Security Blog (Tripwire)

The State of Security is an award-winning blog featuring the latest news, trends and insights on current information security issues, including risk, compliance, incident detection and vulnerability research.

Troy Hunt

From the About Page: "I'm Troy Hunt, an Australian Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security. I don't work for Microsoft, but they're kind enough to recognise my community contributions by way of their award programs which I've been a part of since 2011. You'll regularly find me in the press talking about security and even testifying before US Congress on the impact of data breaches."

The Last Watchdog

"Pulitzer-winning journalist Byron V. Acohido is the founder and executive editor of The Last Watchdog on Privacy & Security. Acohido is a respected cybersecurity influencer, and LW is widely considered to be one of the top cybersecurity websites."

ZDNet Zero Day

Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.

SANS blog

See what topics are top of mind for the SANS community on their blog.

Google blog

The latest news and insights from Google on security and safety on the Internet


The Computer Security Resource Center (CSRC) facilitates broad sharing of information security tools and practices, provides a resource for information security standards and guidelines, and identifies key security web resources to support users in industry, government, and academia. CSRC is the primary gateway for gaining access to NIST computer security publications, standards, and guidelines plus other useful security-related information.


(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security.


As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance


SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – the Internet Storm Center.


The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.


The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.


The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.


FIRST is the Forum of Incident Response and Security Teams. The idea of FIRST goes back until 1989, only one year after the CERT(r) Coordination Center was created after the infamous Internet worm. Back then incidents already were impacting not only one closed user group or organization, but any number of networks interconnected by the Internet.<br /> Since 1990, when FIRST was founded, its members have resolved an almost continuous stream of security-related attacks and incidents including handling thousands of security vulnerabilities affecting nearly all of the millions of computer systems and networks throughout the world connected by the ever growing Internet.


The Center for Internet Security (CIS) is a 501(c)(3) organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. Utilizing its strong industry and government partnerships, CIS combats evolving cybersecurity challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls. To learn more follow CIS on Twitter at @CISecurity.


Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit organisation with a Membership comprising many of the world’s leading organisations featured on the Fortune 500 and Forbes 2000 lists. ISF is dedicated to investigating, clarifying and resolving key issues in information security and risk management, by developing best practice methodologies, processes and solutions that meet the business needs of Members.


The International Society of Automation ( is a nonprofit professional association that sets the standard for those who apply engineering and technology to improve the management, safety, and cybersecurity of modern automation and control systems used across industry and critical infrastructure. Founded in 1945, ISA develops widely used global standards; certifies industry professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its 40,000 members and 400,000 customers around the world. Click here for more on the ISA62443 standard.

NCSA (Stay Safe Online)

The National Cyber Security Alliance (NCSA), a 501c(3) non-profit founded in 2001, is a public private partnership, working with the Department of Homeland Security (DHS), private sector sponsors (founding sponsors included Symantec, Cisco Systems, Microsoft, SAIC, EMC, McAfee), and nonprofit collaborators to promote cyber security awareness for home users, small and medium size businesses, and primary and secondary education. The NCSA’s mission is to empower and support digital citizens to use the Internet securely and safely, protecting themselves and the cyber infrastructure.


The Information Security Research Association (commonly known as ISRA) is a registered non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities. Officially registered in the year 2010, the Information Security Research Association has established itself as the leading security research organization in the Industry.</p> <p>ISRA is active in spreading information security awareness and its members have conducted and delivered a large number of information security awareness seminars and campaigns across various geographical locations. As part of this initiative, ISRA observes the first Thursday of every august as the Information Security day. Information Security Research is another domain that is actively supported by ISRA. Students chapter of ISRA are operating at various colleges with this objective.


The Federal Information Systems Security Educators’ Association (FISSEA), founded in 1987, is an organization run by and for information systems security professionals to assist federal agencies in meeting their information systems security awareness, training, education, and certification responsibilities. FISSEA conducts an annual fee-based conference and free workshops during the year. Please join the “FISSEA Community of Interest” on GovLoop, to pose questions and receive feedback from colleagues.


A new Information Security & Governance forum in the Middle-East. Participate and share your knowledge.


Discuss security topics: Ask questions, debate hot topics, get breaking news |[]| Connect with Peers: Find tools, resources, and experts |[]| Build your Brand: Share knowledge, promote your skills, advance your career

Wilders Security Forum

Security Products, Privacy, Malware, Software.

ISACA Engage

Connect and collaborate with like-minded professional on topics of mutual interest and share your real-world experiences.

Tech Republic Forums

"Our friendly community of IT experts are full of knowledge for any of your Security questions, from setting up and troubleshooting firewalls, to encryption methods and other security exploits. Seek advice, share your knowledge, brainstorm and shoot the breeze."

Hacker Combat

"HackerCombat LLC is a news site, which acts as a source of information for IT security professionals across the world. We have lived it for more than 1 year since 2017, sharing IT expert guidance and insight, in-depth analysis, and news. We also educate people with product reviews in various content forms."

CSIAC Forums

The Cyber Security and Information Systems Information Analysis Center (CSIAC) is a Department of Defense (DoD) Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC). The CSIAC is a consolidation of three predecessor IACs: the Data and Analysis Center for Software (DACS), the Information Assurance Technology IAC (IATAC) and the Modeling & Simulation IAC (MSIAC), with the addition of the Knowledge Management and Information Sharing technical area.

Reddit Security

A community for technical news and discussion of information security and closely related topics.

Anti Online Forums

An Site. 95K Members. Security News, Newbie Security Questions, Antivirus, Firewall, Spyware, Microsoft, *NIX, Network Security Etc.

Malware Tips

"Our community has more than 50.000 registered members, and we'd love to have you as a member. Join us and take part in our discussions among people of all different backgrounds about security and technology."

This is a good link.