12 essential ethical hacking newsletters to read

Let’s face it: there’s a load of interesting things to read every day, but not all of it is relevant to what you care about right now.?

To help you find the signal in the noise, I’ve curated the top 12 ethical hacking newsletters to fuel your personal and career growth.?

Dig into what makes them special and the top 3 resources we cherry-picked from each.

1. Executive Offense

With 18+ years of experience in hacking and security, Jason Haddix is a renowned author, keynote speaker, and founder of Executive Offense, an ethical hacking newsletter exploring the intersection of offensive security and strategy.?

You’ll get insights weekly newsletter straight to your inbox, packed with valuable content that you won't find anywhere else.

3 reasons to subscribe to Executive Offense

• Topics span thought-provoking articles, informative case studies, AI security, pentesting tools, plugins, etc.?
• Free resources and security awareness training courses to explore (e.g. TryHackme, OffSec, HackTheBox)
• Jason’s opinions on security resources, tools, social engineering tips, mixed with hacker-inspired insights and CISO-level wisdom.

3 things to read from Executive Offense

• Red Canary’s 2024 Threat detection report, which provides a comprehensive view of the threat landscape, including their top 10 threats, open-source tools, adversary techniques, and more insights.?
• This thorough thread on secure coding, which explains how to mitigate known vulnerabilities with 12+ free resources for devs and offsec professionals.?
• ?The Hacking Google video series is a must-watch for those looking to learn from one of the best hacking teams in the world.?

2. Fulldisclosure

The Fulldisclosure mailing list launched in July 2002, but co-founders John Cartwright and Len Rose decided to sunset this project in March 2014.?

However, Gordon (Fyodor) Lyon gave this project a new life and continues to manage the list with the help of a team of active volunteers.

Gordon is the well respected creator of Nmap.org, Npcap.com, and Insecure.org and an active contributor to the open-source community. He also wrote the Nmap Networking Scanning book, the official guide to the popular Nmap scanner.?

This ethical hacking newsletter is a public, vendor-neutral forum for in-depth discussions about vulnerabilities, exploitation techniques, or security tools, which you can get once a month in your inbox.

3 reasons to subscribe to Fulldisclosure

• The right place for security researchers to disclose and discuss newly found vulnerabilities?
• An active security community that supports researchers’ rights to publicly announce the security flaws they uncover
• A great way to discover the latest zero-day vulnerabilities explained, white papers, new security tools, detailed security research, and more.?

3 things to read from Fulldisclosure

• A local privilege escalation vulnerability discovered in Intel PowerGadget products: how it works, steps to reproduce, and recommendations for mitigation.?
• Details about multiple stored cross-site scripting vulnerabilities in Statamic CMS: overview, proof of concept, vulnerable versions, remediation steps.?
• Analysis of a memory corruption found in the glibc’s qsort () function: vulnerability details, experiments, root cause, etc.?

3. Vulnerable U

Launched in March 2023, this ethical hacking newsletter has quickly grown into a reputable source of industry insights, security tips, and cybersecurity tools counting 12.000+ subscribers.?

The author, Matt Johansen, has over 20 years of experience in cybersecurity and his primary mission is to help secure the internet.?

3 reasons to subscribe to Vulnerable U

• Expert guidance and trusted insights and advice from Matt’s extensive experience in cybersecurity
• Educational resources to help you grow (free ebooks, security talks, podcasts, book or article recommendations)
• The latest infosec news briefly explained so you can get a glimpse of the current state of the industry.??

3 things to read from Vulnerable U

• Matt’s presentation at the NetNoiseCon conference about stress, mindfulness, and health challenges in cybersecurity.?
• The 2024 AI & Business report shows how CEOs and business leaders use (or do not use) AI tools.?
• Matt’s opinion on how embracing your major problems can be a viable strategy for personal growth (this one packs a lot of hands-on tips).

4. SANS @RISK?

You’re likely familiar with the SANS Institute, the world’s largest cybersecurity research and training organization for infosec practitioners and security teams.?

But maybe you’re not as well acquainted with their SANS @RISK newsletter, an excellent way to stay informed about new, creative attack vectors, vulnerabilities with active exploits, or how recent attacks work. You’ll get all of these (and more) once a week in your inbox.?

3 reasons to subscribe to SANS @RISK

• Fresh data about tool updates, security tools, OS patches, and related tips??
• In-depth analysis of new attack vectors, exploits, backdoors, or malware activity
• The most recent vulnerabilities from NIST NVD, Microsoft, ISC Diaries, or CISA.

3 things to read from SANS @RISK

• Johannes B. Ulrich explains why your perimeter firewall is a main target for malicious actors and how it “will kill you”.??
• A technical explanation of the sophisticated XZ Utils backdoor, a toolset found in modern Linux distributions.
• An example of a credential stuffing attack where an organization didn’t have strong passwords, with VPN the entry point, or MFA implemented and lessons learned.?

5. Risky Business News

Written by Catalin Cimpanu, one of the most prolific cybersecurity journalists in the industry, this newsletter includes information about data breaches, threat actors, security incidents, privacy, and more. It is carefully curated to keep you informed about the latest trends in the industry three times a week.?

3 reasons to subscribe to Risky Business News

• Fresh vulnerabilities, PoCs, write-ups, guides from top-notch security research, and bug bounty updates
• The latest data breaches, cyberattacks, and other security incidents that impact organizations and institutions worldwide
• Malware technical reports, threat intelligence, cybercrime stats, APTs, cyber espionage, or information operations.?

3 things to read from Risky Business News

• CISA’s “Vulnrichment” project assesses new and recent CVEs and adds key SSVC (Stakeholder-Specific Vulnerability Categorization) decision points. Some higher-risk vulnerabilities will also get “enrichment data” points (CWE, CVSS, CPE scores).
• KPMG surveyed 200 C-suite cyber leaders and 80% of them think their SOC's readiness will prevent future cyberattacks.?
• DNSBomb explained: A new method of launching large-scale DDoS exploiting DNS queries and responses.

6. tl;dr sec?

Created by Clint Gibler, a computer security expert, this ethical hackingnewsletter does a great job at delivering the best security tools, research, or talks to your inbox every Thursday. With 50,000+ subscribers, it’s one of the most popular sources of news for security professionals.?

3 reasons to subscribe to tl;dr sec

• Weekly updates about the most important security news, open-source tools, conference talks, and interviews with infosec experts
• Some of the most helpful AI security, container security, cloud security applications, or scripts to improve your workflow??
• The most recommended ethical hacking tools and offensive security resources you can use (and learn from) in your engagements.

3 things to read from tl;dr sec

• On the power of collaboration: Why security is a team sport and when (and how) to tap your network for expertise
• Go and check out the NSA’s 12-page white paper on how to deploy AI systems securely and protect deployment networks from online threats
• Elizabeth de Moll’s inspiring story, Engineering Manager at Okta, and practical ways to empower women in tech roles.?

7. Unsupervised Learning

Daniel Miessler, the founder of this newsletter, has 25 years of extensive experience in information security, building products, mentoring people, and contributing to the AI and security field.?

Unsupervised Learning explores topics like AI, security challenges, or practical ways to find meaning in an AI-centric world. It delivers a weekly dose of curated content in a concise format with relevant information from a wide array of sources.

It has reached a community of 92,000+ subscribers from ethical hackers, leaders to business owners, or curious minds interested in expanding their infosec knowledge and staying informed.?

3 reasons to subscribe to Unsupervised Learning?

• Daniel’s mental models on navigating the era of AI and finding purpose and clarity
• Actionable tips on how to build your infosec career and stay relevant in the field
• In-depth analysis about AI tools, security frameworks, or book recommendations.

3 things to read from Unsupervised Learning?

• How to build a cybersecurity career, a comprehensive guide that answers key questions about education, certifications, personal projects, and other helpful recommendations.
• ?Framing is everything, a valuable resource on the power of framing in both personal and professional contexts that can challenge our realities.?
• To survive AI, we must become creators, another insightful article on how AI will impact human jobs and how you can use it to create something meaningful.?

8. The Hacker News?

As the name suggests, The Hacker News is one of the most popular resources in the industry. Founded in 2010 and followed by more than 120,000 people, it consistently delivers on its promise.?

3 reasons to subscribe to The Hacker News?

• Your daily dose of cybersecurity news, recent vulnerabilities, expert insights, or practical tips
• Access to a rich library of free resources (security reports, white papers, case studies, e-books, and more)
• A list of cybersecurity webinars held by infosec pros and covering a range of topics (cloud security, network security, incident response, compliance, etc.).

3 things to read from The Hacker News

• President and SecureSMX Architect Ralph Moore’s nuanced perspective on what it takes to isolate vulnerabilities using partitioning and its main advantages.
• An essential SaaS security checklist designed to help organizations choose an SSPM (SaaS Security Posture Management), prevention capabilities, and how to secure the entire SaaS stack.
• Europol’s Operation Endgame, which shut down the infrastructure of 100+ servers responsible for malware loader operations such as IceID, SystemBC, PikaBot, SmokeLoader, or TrickBot.?

9. CyberWeekly?

CyberWeekly is a weekly digest offering valuable content for cybersecurity specialists. It features long-form articles and security bugs delivered to your inbox.? Over 1,000 subscribers read this ethical hacking newsletter.?

Michael Brunton-Spall, Deputy Director of Cyberpolicy and Solutions, makes sure every new edition of this newsletter gets in your inbox every week on Sunday.?

3 reasons to subscribe to CyberWeekly?

• Your weekly dose of cyber security news, technology insights, threats’ impact, encryption, and more.?
• Recommendations of infosec books, YouTube videos, long-form blog articles, or security tools.???
• Personal opinions on trending security topics like frameworks, Zero Trust security, effective communication, etc.?

3 things to read from CyberWeekly

• Péter Szász’s engineering perspective (with practical tips) on finding your focus for meaningful work amid multitasking and distractions, while having clear goals.
• A deep dive into passkeys from a security standpoint with implementation aspects, including threat models.?
• How Canva approaches vendor security: what process suits best to protect customers’ data and build a secure ecosystem.

10. This week in security by Zack Whittaker

Through his weekly newsletter, Zack Whittaker, Security editor at TechCrunch for over 5 years, does a great job at filtering the most relevant infosec news of the week to deliver to your inbox every Sunday.??

Source

3 reasons to subscribe to This week in security

• A summary of the most relevant security news, including zero-day vulnerabilities, data breaches, and more nuggets of wisdom?
• The happy corner with good news from the infosec world (e.g. AI-generated voices in robocalls considered illegal by FCC, pro tip on using security.tx files, and more)
• The featured pictures of cyber cats (or friends’ felines) shared by his community of readers

3 things to read from This week in security

• CVENotifier - A project that helps you stay ahead of CVEs and vulnerability details by parsing RSS feeds for specific keywords (you choose) and sending notifications via Slack when new vulnerabilities emerge.?
• A comprehensive guide on how to delete all the data Google collects about us.
• How multiple organizations teamed up to support journalists who’ve been forced to pull their stories about Appin, an Indian startup accused of hacking for hire.??

11. Zero Day by Kim Zetter

?Kim Zetter is an award-winning investigative journalist who has been covering cybersecurity and national security topics for over 15 years. She’s also the author of the “Countdown to Zero” book and the founder of the Zero Day newsletter.

Through this ethical hacking newsletter, the main goal is to translate complex issues into simple, accessible concepts, and share inspiring hacking stories.?

3 reasons to subscribe to Zero Day

• Fascinating stories about hackers, spies, cybercrime, and the intersection between cybersecurity and national security??
• Well-documented and informative articles from a journalist's perspective focused on dispelling myths and showing an objective side of reality
• Captivating interviews with security experts and organizations on various topics (encryption, cyber offensive operations, and more).

3 things to read from Zero Day

• A simplified explanation of a critical security vulnerability in Apple’s M series chips, which covers details on how it works, the attack vector, mitigation steps, and more.?
• An interesting interview with the ETSI Standards Organization that created the TETRA "backdoor."
• Another captivating story about a mysterious threat group engaged in long-term espionage and discovered by the SentinelLabs researcher.?

Bonus: our own research and hacking guides

If you’re curious to cultivate your hacker mindset and learn more about penetration testing, our blog is the perfect addition to your cybersecurity stack.?

We recently published 2 comprehensive benchmarks for our Website Scanner and Network Scanner compared with the top web app and network vulnerability scanners. Go and check the findings to see how these scanners perform, full details about targets, scan settings, methodology, and more insights.?

You’ll also find in-depth security guides on our blog, newly discovered CVEs, hacking tutorials, or valuable insights and wisdom from infosec experts on various topics (pentest reports, AI, CVEs, etc.).

If you prefer video content, tune in for some of the most thought-provoking conversations of our We think we know podcast.

Do you have more ethical hacking newsletters to suggest for this list? Don’t worry!?

We’ll update it with more options so you can level up your ethical hacking knowledge.

Stay curious!