About

About ThreatPodium

ThreatPodium is an automated threat intelligence platform that publishes exploit alerts and daily reports for cybersecurity practitioners, security teams, and anyone who needs to stay informed about what is actively being targeted in the real world.

What we publish

CVE Exploit Alerts — one post per newly exploited vulnerability, published automatically whenever it appears in the CISA Known Exploited Vulnerabilities (KEV) catalog. Every alert includes:

  • CVSS base score and severity classification
  • EPSS exploitation probability score (how likely it is to be exploited within 30 days)
  • MITRE ATT&CK technique mapping
  • CWE-specific detection guidance with named log sources and Event IDs
  • Proactive hunting leads with Sysmon events and auditd references
  • Three-tier recommended action checklist: Immediate (0–24h), Remediation, Detection Coverage

Daily Threat Intelligence Reports — one aggregated report per day, published at 21:00 UTC. Each report covers:

  • Top exploited KEVs ranked by urgency, with EPSS scores and ransomware flags
  • Critical CVEs not yet confirmed exploited (CVSS ≥ 9.0, from the last 7 days)
  • Security news and advisories from 12 curated sources across three tiers
  • Threat actor attribution — 45+ known APT groups, ransomware operators, and cybercrime groups
  • Ransomware activity tracking with victim counts, group breakdowns, and sector analysis
  • Vendor risk concentration analysis based on KEV-confirmed vendors
  • Week-over-week deltas for key metrics

Who it is for

Enterprise threat intelligence platforms can cost tens of thousands of dollars a year. Small security teams, nonprofits, local government agencies, managed service providers, and individual practitioners face the same threats as large enterprises — and deserve the same quality of information.

ThreatPodium exists to close that gap. Everything published here is openly accessible — no account, no paywall, no gatekeeping.

Data sources

  • CISA KEV Catalog — authoritative list of vulnerabilities actively exploited in the wild
  • NVD (National Vulnerability Database) — CVSS scores, vector strings, CWE classifications
  • EPSS (first.org) — daily exploitation probability scores
  • Ransomware.live — ransomware victim tracking
  • 12 curated security news and advisory feeds including CISA Advisories, CISA ICS, Cisco Talos, Palo Alto Unit 42, Sophos X-Ops, The Record, Security Affairs, Bleeping Computer, The Hacker News, Krebs on Security, and The Register

Subscribe via RSS

No account or email address required. Follow in Feedly, Inoreader, or any RSS reader.