5 Infosec Newsletters You'll Actually Read

You might have an overwhelming inbox already, but weekly or monthly newsletters can be a great way to stay on top of infosec news, find new resources, and build a bit of continued learning into your (very) busy week.

This post is a round-up of the five infosec newsletters that I’ve subscribed to and recommend to others, because I actually read them all the way through (I can’t say the same for most of my email lists, unfortunately).

Without further ado:

This newsletter is at the top of this blog post because it’s the first time I remember looking forward to reading a tech newsletter. A lot of times, newsletters can be dry, or have too much fluff.

Not so with Daniel Miessler’s newsletter, which covers security news, latest vulnerabilities, technology news, “human news” (political and cultural/social trends), and other ideas and interesting links in the remaining sections. One of the things I find most useful about this newsletter is the commentary and context that Daniel provides in his summaries.

If you subscribe to this newsletter, you’ll receive it once every two weeks. There’s also a subscription option where you can receive it weekly.

Here’s an example:

Sign up for Unsupervised Learning here.

Bruce Schneier already has established himself as an expert in the cybersecurity community, but continues to share his expertise in the form of his monthly newsletter, Crypto-Gram.

Since he’s a cryptography expert, you can expect a lot of news stories with a cryptography undercurrent to them. But he also covers geopolitical news, privacy news, and a number of other trneds in the industry.

Here’s an example of what you might find in a given issue of Crypto-Gram:

Sign up for Crypto-gram here.

SANS @Risk is a weekly summary put together by some top names in the infosec field. It covers “newly discovered attack vectors, vulnerabilities with active new exploits, insightful explanations of how recent attacks worked, and other valuable data.”

SANS has other newsletters as well, but I find the daily ones to be a bit more than I can keep up with.

Here’s an example of @RISK:

You can sign up for @RISK’s newsletter here (scroll to the bottom of the page).

CISA is a US federal agency in charge of cybersecurity and communications infrastructure. They put out alerts for high-visibility cybersecurity issues, typical ransomware-related.

These alerts include a summary, technical details (for example, tactics used by a given type of ransomware), detection signatures, and mitigation strategies. These are often very technically detailed and have a wealth of forensics information that blue teamers can use. If you work in digital forensics or blue team, this email newsletter is a must, but people across all parts of the infosec field can find use in it.

Here’s an example alert, and a list of of the alerts sent out so far in 2021:

To sign up for US-CERT, click here (signup is in the website’s footer).

TL;DR sec delivers on its implicit promise: a ton of security news in a very condensed format. It even begins with a summary at the top that lets you skim for anything that sounds interesting to you. Then, in each section, there’s a brief paragraph or photo explanation with a link to the article or tool.

This is a great newsletter for people who work as analysts or pen testers in the industry, or who are trying to get into the industry. I find new tools and resources in this newsletter every week, and highly recommend it.

Here’s an example for you to check out:

You can sign up for TL;DR Sec’s newsletter here.

Honorable mention: SecLists

The reason I didn’t put seclists’ newsletters in their own section is because several of them (including Bugtraq 😢) have not been updated in a while and/or are discontinued. Still, there’s a ton of older posts that can be used for reference:

Add your own in the comments

Did I miss any? We all get plenty of email, including from email lists, but which do you regularly read? Let us know in the comments!