Sources
24Curated external destinationsThreat Intel Feed
Curated intelligence sources in one clean board
This threat intel feed is a static cyber threat intelligence directory for security teams, researchers, buyers, and analysts who want a clean starting point for trusted advisories, vulnerability intelligence, malware analysis, cloud security research, and incident reporting. Each wider card includes a thumbnail, category, source description, link back to the original site, and a manually highlighted recent article from that source.
Threat ResearchVulnerability IntelligenceMalware AnalysisCloud SecurityGovernment Advisories
Latest Links
24Highlighted recent article referencesFormat
HTMLStatic, fast, crawlable contentNext Step
RSSCan be upgraded to live ingestionThreat intelligence categories
What this cyber threat intelligence board covers
Government advisories
Official cyber security advisories, exploited vulnerability warnings, defensive guidance, and national-level incident reporting.
Threat research
Vendor and research team reporting on campaigns, adversary behaviour, intrusion patterns, ransomware, loaders, and attacker tradecraft.
Vulnerability intelligence
Information about exploited CVEs, product vulnerabilities, exploitability context, detection opportunities, and remediation urgency.
Malware analysis
Technical write-ups on malware families, loaders, backdoors, stealers, botnets, ransomware, delivery chains, and reverse engineering.
Security news
Broader cyber security news covering active incidents, breaches, campaigns, product issues, ecosystem risks, and emerging trends.
Cloud security
Cloud, SaaS, identity, Kubernetes, edge, API, misconfiguration, and internet-scale infrastructure security research.
Sources
External threat research, advisories, and security reporting
The highlighted article links below are static references and should be treated as manually reviewed examples rather than live-updating feed entries.
CISA Cybersecurity Advisories
US government advisories covering exploited vulnerabilities, malware campaigns, critical infrastructure threats, and defensive guidance.
Highlighted recent article
Defending Against China-Nexus Covert Networks of Compromised Devices23 Apr 2026 · Manually reviewed
NCSC UK Guidance and Advisories
UK cyber security guidance, threat updates, advisories, and practical defensive material from the National Cyber Security Centre.
Highlighted recent article
Defending against China-nexus covert networks of compromised devices23 Apr 2026 · Manually reviewed
Microsoft Threat Intelligence Blog
Cloud, identity, endpoint, nation-state, ransomware, and enterprise threat research from Microsoft security teams.
Highlighted recent article
Dissecting Sapphire Sleet's macOS intrusion from lure to compromise16 Apr 2026 · Manually reviewed
Google Cloud Threat Intelligence
Threat research and incident-led analysis from Google Cloud, including Mandiant reporting, malware, APT, and campaign analysis.
Highlighted recent article
How UNC6692 Employed Social Engineering to Deploy a Custom Backdoor23 Apr 2026 · Manually reviewed
Cisco Talos Intelligence Blog
Technical research from Cisco Talos covering malware, vulnerability discovery, campaigns, network telemetry, and detection context.
Highlighted recent article
AI-powered honeypots: Turning the tables on malicious AI agents29 Apr 2026 · Manually reviewed
Palo Alto Networks Unit 42
Threat intelligence, incident response insights, attacker tradecraft, cloud threats, ransomware, and campaign reporting.
Highlighted recent article
The npm Threat Landscape: Attack Surface and Mitigations24 Apr 2026 · Manually reviewed
CrowdStrike Counter Adversary Operations
Adversary tracking, intrusion analysis, malware activity, eCrime, and nation-state focused intelligence reporting.
SentinelOne Labs
Endpoint-focused threat research covering malware families, adversary campaigns, ransomware, loaders, and detection engineering context.
Highlighted recent article
fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet24 Apr 2026 · Manually reviewed
Sophos X-Ops
Threat research, malware analysis, ransomware reporting, defensive notes, and security operations insight from Sophos X-Ops.
Rapid7 Blog
Vulnerability research, exploitation trends, Metasploit context, incident analysis, and practical security operations guidance.
Highlighted recent article
CVE-2026-41940: cPanel & WHM Authentication Bypass29 Apr 2026 · Manually reviewed
SANS Internet Storm Center
Daily handler diaries, exploitation observations, defensive notes, vulnerability tracking, and network security analysis.
The Hacker News
High-volume cyber security news covering vulnerabilities, cyber attacks, threat intelligence, breaches, and expert commentary.
Highlighted recent article
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaw30 Apr 2026 · Manually reviewed
BleepingComputer Security News
Security news with frequent coverage of ransomware, vulnerabilities, breaches, malware, extortion groups, and live incidents.
Highlighted recent article
GitHub fixes RCE flaw that gave access to millions of private repos30 Apr 2026 · Manually reviewed
Dark Reading
Enterprise security news, attacker trends, vulnerability coverage, security strategy, application security, and operations reporting.
The Record by Recorded Future News
Cybercrime, government, nation-state activity, ransomware, cyber policy, and incident reporting from Recorded Future News.
Malwarebytes Labs
Malware, scams, privacy, consumer and business security research, with accessible explanations of active threats.
Highlighted recent article
Scam-checking just got a lot easier: Malwarebytes is now in Claude29 Apr 2026 · Manually reviewed
ESET WeLiveSecurity
Malware research, APT tracking, vulnerability analysis, and long-form security research from ESET researchers.
Highlighted recent article
The calm before the ransom: What you see is not all there is24 Apr 2026 · Manually reviewed
Kaspersky Securelist
Long-running malware, APT, vulnerability, and threat landscape research from Kaspersky researchers.
Highlighted recent article
Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India30 Apr 2026 · Manually reviewed
Trend Micro Research
Threat research covering malware, cloud threats, cybercrime, vulnerabilities, ransomware, and attacker infrastructure.
Check Point Research
Threat intelligence, malware analysis, vulnerabilities, reverse engineering, campaign tracking, and cybercrime reporting.
Highlighted recent article
VECT: Ransomware by design, Wiper by accident28 Apr 2026 · Manually reviewed
Wiz Blog
Cloud security research, vulnerabilities, misconfiguration trends, Kubernetes, identity, and exposure management analysis.
Highlighted recent article
Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server28 Apr 2026 · Manually reviewed
Zscaler ThreatLabz
Cloud-delivered threat research covering phishing, malware, ransomware, SaaS, web threats, and campaign infrastructure.
Highlighted recent article
Payouts King Takes Aim at the Ransomware Throne16 Apr 2026 · Manually reviewed
Akamai Security Intelligence
Internet-scale security research covering DDoS, bot activity, web attacks, API exposure, edge threats, and infrastructure abuse.
Fortinet FortiGuard Labs
Threat research, malware analysis, vulnerability notes, botnet tracking, attacker campaigns, and defensive intelligence.
Highlighted recent article
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign17 Apr 2026 · Manually reviewed
Operationalise the feed
Turn curated sources into monitored intelligence.
This page is a clean public directory. The next evolution is to connect it to VulpineMind: ingest RSS feeds, normalise articles into JSON, enrich with keywords and entities, rank relevance, and surface alerts when client domains, executives, brands, or technologies appear.
FAQ
Threat intel feed questions
What is a threat intel feed?
A threat intel feed is a collection of security information sources used to track vulnerabilities, malware campaigns, attacker activity, official advisories, exposed infrastructure, and incident reporting.
Does this page update automatically?
No. This is a static curated page. The highlighted articles are manually reviewed references. For live updates, this page should be connected to a backend RSS/API collector.
Why use a curated source board?
A curated board gives analysts and buyers a clear view of trusted cyber threat intelligence sources without requiring a heavy application, login, or dashboard for basic discovery.