RSS & Atom Feeds

The top 50 trending threat clusters from the last 7 days. Same content as the home page. Each item links to a cluster page with summary, timeline, source articles, and related entities.

Latest CVEs from the last 7 days, enriched with severity, CISA KEV status, and public PoC availability. Each item links to the full CVE page with article mentions and timeline. Ideal for tracking what's hitting the news cycle this week, not the firehose of all NVD entries.

CVEs with publicly available proof-of-concept exploit code, from the last 30 days. Sorted by exploit availability then CVSS. Same content as /exploits. Useful for prioritising patch cycles by weaponisation, not just severity.

Newly observed victims on ransomware leak sites, from the last 14 days. Item title is “Victim — claimed by [Group]” with description fields for country, sector, and the group's public post text. Aggregated from /dark-web.

High-confidence malicious domains and IP addresses, last 30 days. Ready to paste into pfSense, Pi-hole, or your firewall's blocklist. Available in plain text, JSON (with sources), or CSV. See the IOC landing page for integration examples.

MISP-compatible feed for direct ingestion into your MISP instance. Manifest at /misp/manifest.json, per-event JSON at /misp/{uuid}.json, optional hashes index at /misp/hashes.csv. Add as a remote feed in your MISP UI under Sync Actions → List Feeds.

Personalised feeds filtered by the entities and keywords you track. Set up in Settings → Interests, or create a saved Custom Feed from a filter combination. Authenticated via session cookie (no API token needed for the signed-in browser session).