NEW: Group Profiler — instant APT intel lookup. Try it →
checking…

About ThreatFilter

What it is

ThreatFilter aggregates public cyber threat intelligence — vulnerability advisories, exploitation reports, and security news — from 50+ authoritative sources, updated hourly. Pick the vendors in your stack and the regions you care about; the feed filters to just what's relevant.

How it works

A scheduled ingest worker fetches each source's RSS / JSON feed every hour and dedupes against prior items, so the feed itself is fresh and complete. The filter UI is a thin client over a small public API. No login is required to read or filter.

Classification is currently heuristic. The dedicated ML classifier (vendor / severity / exploitation / region tagging) is not yet running, so those tags are derived in your browser by matching each item's title and summary against a 349-vendor alias catalog with conservative, word-boundary keyword rules. It is deliberately strict to avoid false matches, but it is a strong hint rather than ground truth — always open the linked source to confirm. Vendor tile counts reflect the most recent window of items rather than all-time history.

Data sources

Public, authoritative feeds only — CISA KEV, NVD, vendor PSIRTs (Palo Alto, Fortinet, Cisco, Juniper, Microsoft, VMware, and more), regional CERTs (CISA, ENISA, NCSC, JPCERT, TWCERT, CCCS, ACSC, KrCERT, CERT.br, CERT-In), and leading independent threat-intel publications. The full list and live fetch status is on the sources page.

Daily digest

Opt-in via the digest page. You confirm your address, and once email delivery is live you'll get one short message per day at 07:00 UTC summarising the high-severity items for your saved vendor + region filter — nothing on quiet days, one-click unsubscribe in every message. Email sending is being finalised, so subscriptions are saved but delivery hasn't started yet; the RSS feed (which accepts a ?v= stack filter) needs no signup in the meantime.

Filters, shareable links & RSS

Filter state is captured in the URL (?v=&sev=&ex=&geo=&q=) so any filtered view can be bookmarked or shared. The same state is mirrored to localStorage so a return visit restores your last filter automatically. Any vendor selection also produces a matching RSS feed at /feed.xml?v=… (alias /rss.xml) — a personalized, no-signup feed you can drop into any reader.

Privacy

No tracking pixels, no analytics, no third-party scripts. Email addresses entered for the digest are used solely to send the digest, are never shared, and are removed on unsubscribe.

Operated by

ThreatFilter LLC.