Monday, 6 July 2026
Baz

Baz Security News

Cyber intelligence, edited.

Resource Library

The full stack of cyber intelligence.

Every source Baz relies on — official advisories, CVE catalogues, primary research, frameworks, hardened tooling and open IOC feeds. Curated and kept current.

133 entries · 11 categories

Threat Intel

15

CISA Known Exploited Vulnerabilities

Authoritative catalog of CVEs known to be exploited in the wild. Mandatory patching baseline for US federal agencies.

officialCVEUS★ Featured

CISA Cybersecurity Advisories

Advisories, alerts, and ICS security notices from CISA.

officialAdvisoriesUSLive feed★ Featured

NVD — National Vulnerability Database

US government CVE repository with CVSS scoring and CPE mapping.

officialCVEUS★ Featured

MITRE ATT&CK

Globally-accessible knowledge base of adversary tactics and techniques.

officialTTPs★ Featured

MITRE CWE

Community-developed list of software and hardware weakness types.

officialWeakness

MITRE CAPEC

Common Attack Pattern Enumeration and Classification.

officialTTPs

MS-ISAC

Multi-State ISAC advisories for US SLTT governments.

officialAdvisoriesUS

ENISA

EU Agency for Cybersecurity — threat landscape reports and guidance.

officialAdvisoriesEU★ Featured

CERT-EU

Computer Emergency Response Team for the EU institutions.

officialAdvisoriesEU

NCSC UK

UK National Cyber Security Centre — advisories and guidance.

officialAdvisoriesUKLive feed★ Featured

ACSC (Cyber.gov.au)

Australian Cyber Security Centre advisories and alerts.

officialAdvisoriesAU

Canadian Centre for Cyber Security

Canada's national cybersecurity authority.

officialAdvisoriesCA

JPCERT/CC

Japan Computer Emergency Response Team Coordination Center.

officialAdvisoriesJP

CERT.br

Brazilian national CERT.

officialAdvisoriesBR

SANS Internet Storm Center

Daily diaries from a global network of incident handlers.

officialAnalysisLive feed

Vendor Advisories

18

News

15

Research

19

Mandiant Blog

Threat research and incident response insights from Mandiant.

researchAPT★ Featured

Palo Alto Unit 42

Threat research from Palo Alto Networks.

researchMalwareLive feed★ Featured

Cisco Talos Intelligence

Threat research and detection content from Cisco Talos.

researchMalwareLive feed★ Featured

Google Threat Analysis Group (TAG)

APT and nation-state threat research from Google.

researchAPT★ Featured

Microsoft Threat Intelligence

Threat intelligence from Microsoft security teams.

researchAPTLive feed

CrowdStrike Blog

Threat research and eCrime reporting from CrowdStrike.

researcheCrime

Sophos X-Ops

Sophos threat research and IR write-ups.

researchIR

ESET WeLiveSecurity

ESET malware and threat research.

researchMalware

Kaspersky Securelist

Kaspersky APT and malware research.

researchAPT

Trend Micro Research

Threat research from Trend Micro.

researchMalware

Check Point Research

CPR threat research and CVE analysis.

researchVulnerability

SentinelOne Labs

SentinelLabs threat research.

researchAPT

Rapid7 Blog

Vulnerability disclosures and detection engineering from Rapid7.

researchVulnerability

Huntress Blog

MDR threat research from Huntress.

researchMDR

Volexity Blog

APT research and memory forensics from Volexity.

researchAPT

Google Project Zero

Zero-day vulnerability research from Google.

researchZero-dayLive feed★ Featured

Citizen Lab

Research on digital rights, spyware, and targeted threats.

researchSpywareCA

Amnesty Security Lab

Investigations into commercial spyware and targeted attacks.

researchSpyware

Trail of Bits Blog

Applied security research and audits.

researchAppSec

Frameworks

8

Standards

12

Regulatory

7

Tools

22

Atomic Red Team

Small, portable tests mapped to MITRE ATT&CK.

communityAdversary Emulation★ Featured

MITRE CALDERA

Automated adversary emulation platform.

officialAdversary Emulation

Velociraptor

Endpoint monitoring, digital forensics and cyber response.

communityDFIR★ Featured

KAPE

Kroll Artifact Parser and Extractor for forensics triage.

vendorDFIR

Autopsy

Open-source digital forensics platform.

communityDFIR

TheHive

Scalable open-source security incident response platform.

communitySOAR

MISP

Open source threat intelligence sharing platform.

communityTIP★ Featured

OpenCTI

Open cyber threat intelligence platform.

communityTIP

Wazuh

Open source SIEM/XDR platform.

communitySIEM

Suricata / ET Open

Open source IDS/IPS with Emerging Threats rules.

communityNIDS

Zeek

Powerful network analysis framework.

communityNIDS

Nuclei Templates

Fast community-powered vulnerability scanner.

communityScanning

Trivy

Comprehensive vulnerability scanner for containers, IaC and code.

communityScanning

Grype

Vulnerability scanner for container images and filesystems.

communityScanning

Semgrep Rules

Static analysis rule set from Semgrep community.

communitySAST

Kubescape

Kubernetes posture management.

communityKubernetes

Falco

Cloud-native runtime security.

communityRuntime

Prowler

Cloud security assessment tool (AWS/Azure/GCP/K8s).

communityCloud

ScoutSuite

Multi-cloud security auditing tool.

communityCloud

kube-bench

CIS Kubernetes Benchmark checker.

communityKubernetes

Gitleaks

Detect secrets in git repos.

communitySecrets

TruffleHog

Find and verify leaked credentials.

communitySecrets

Rule Repos

4

Playbooks

3

IOC Feeds

10

Missing a source you rely on? Set up an alerting rule and we'll factor it in.