About ThreatFilter

What it is

ThreatFilter aggregates public cyber threat intelligence — vulnerability advisories, exploitation reports, and security news — from 25+ authoritative sources, updated hourly. Pick the vendors in your stack and the regions you care about; the feed filters to just what's relevant.

How it works

A scheduled ingest worker fetches each source's RSS / JSON feed every hour, dedupes against prior items, and classifies the affected vendors, severity, exploitation status, and target regions. The filter UI is a thin client over a small public API. No login is required to read or filter.

Data sources

Public, authoritative feeds only — CISA KEV, NVD, vendor PSIRTs (Palo Alto, Fortinet, Cisco, Juniper, Microsoft, VMware, and more), regional CERTs (CISA, ENISA, NCSC, JPCERT, TWCERT, CCCS, ACSC, KrCERT, CERT.br, CERT-In), and leading independent threat-intel publications. The full list and live fetch status is on the sources page.

Daily digest

Opt-in via the digest page. Once you confirm by email, you get one short email per day at 07:00 UTC summarising the high-severity items for your saved vendor + region filter. If nothing relevant happened, no email is sent. One-click unsubscribe in every message.

Filters & shareable links

Filter state is captured in the URL (?v=&sev=&ex=&geo=&q=) so any filtered view can be bookmarked or shared. The same state is mirrored to localStorage so a return visit restores your last filter automatically.

Privacy

No tracking pixels, no analytics, no third-party scripts. Email addresses entered for the digest are used solely to send the digest, are never shared, and are removed on unsubscribe.

Operated by

ThreatFilter LLC.