Free threat intelligence feeds worth subscribing to
Compiled a list of free threat intelligence feeds and sources:
IP/Domain Reputation
- AbuseIPDB — Community-reported malicious IPs
- URLhaus (abuse.ch) — Malware URLs
- PhishTank — Community-verified phishing URLs
- AlienVault OTX — Open threat exchange
Vulnerability Intel
- CISA KEV (Known Exploited Vulnerabilities) — The "must patch" list
- NVD — National Vulnerability Database
- VulnCheck — Exploit intelligence
Malware/IOC
- MalwareBazaar — Malware sample sharing
- Feodo Tracker — Botnet C2 tracking
- ThreatFox — IOC sharing platform
RSS/Newsletters
- SANS ISC — Daily security diary
- The Hacker News — Breaking security news
- Krebs on Security — Investigative journalism
- TLDR Sec — Weekly security newsletter
All free. No excuses for not having threat intel.
CISA KEV is the single most actionable feed. If a CVE is on the KEV list, it means it's actively being exploited in the wild. We prioritize KEV entries above CVSS scores in our patching.
Add GreyNoise — they show what's being mass-scanned on the internet. Helps distinguish "this IP probed us" vs "this IP probes everyone." Free community tier is solid.
For MSPs: AlertMonitor's SOC-powered intelligence basically aggregates and contextualizes these feeds for you. The daily brief saves me from checking 10 different sources every morning.
Verified Access Required
To maintain the integrity of our intelligence feeds, only verified partners and security professionals can post replies.
Request Access