About Security News
Automated cybersecurity news aggregation for IT professionals
What is this?
Security News is an automated cybersecurity news aggregator that collects articles from 128 trusted sources every 30 minutes, classifies them with AI, and presents them sorted by severity. The goal is simple: one place to monitor threats, vulnerabilities, patches, and security news — without having to check dozens of sites.
How it works
- RSS feeds and web scrapers from 128 sources are fetched every 30 minutes
- AI classifies each article by category, severity, and assigns 3-5 tags — filtering out non-news in the same step
- MITRE ATT&CK enrichment — vulnerability and attack articles are mapped to tactics and techniques
- Critical and high severity articles get deep AI analysis with NVD data (CVSS scores, affected versions)
- Related articles are linked using shared tags and semantic similarity (embeddings)
- A bilingual digest (EN/IS) is generated every morning at 08:00 and evening at 17:00
- An AI-generated two-host podcast is created from each digest
Who is it for?
This site is designed for:
- System administrators and IT professionals
- Security analysts and SOC teams
- IT managers who need a quick overview
- Anyone interested in cybersecurity — no expertise required
Categories
Articles are classified into four main categories:
- Vulnerabilities — CVEs, security flaws, vendor advisories, zero-days
- Attacks — Ransomware, malware, phishing, data breaches, APT activity
- Updates — Patch Tuesday, security updates, firmware patches
- News — General security news, research, industry news
Severity Levels
Each article is assigned a severity level:
CRITICAL
HIGH
MEDIUM
LOW
INFO
- Critical — Active exploitation, 0-day, unauthenticated RCE
- High — Privilege escalation, authentication bypass
- Medium — DoS, information disclosure, XSS
- Low — Minor vulnerabilities with limited impact
- Info — General news, no direct threat
Sources
We aggregate from 128 active sources plus 7 podcast shows:
CERT/Gov
CISA, NIST NVD, NCSC UK, CERT/CC, JPCERT, ENISA, BSI Germany, HKCERT, CERT-EU, NCSC Netherlands, CERT-FR (ANSSI), ACSC Australia, CERT-IS, CERT-NZ
Vendors
Microsoft, Cisco, Fortinet, Citrix, Ivanti, SonicWall, Zyxel, SAP, VMware, Palo Alto, Adobe, F5, Juniper, Oracle
Linux/Unix
Red Hat, Ubuntu, Debian, Arch, Fedora, AlmaLinux, Rocky Linux, Gentoo, SUSE, FreeBSD, OSnews, DistroWatch
Cloud
AWS, Google Cloud, MSRC, Cloudflare, HashiCorp, Kubernetes, Docker, Snyk
Threat Intel
Talos, CrowdStrike, Unit 42, SentinelLabs, ESET, Trend Micro, Mandiant, Volexity, Proofpoint, FortiGuard, Securelist, Check Point, DFIR Report, Malpedia, Dragos, Zimperium, Recorded Future, AlienVault OTX
News
Krebs, BleepingComputer, SecurityWeek, Dark Reading, Ars Technica, Wired, CSO, The Hacker News, CyberScoop, SC Media, Infosecurity, Graham Cluley, Troy Hunt, Daniel Miessler, Schneier, 404 Media, Sophos News, Malwarebytes Labs
Research
Project Zero, SANS ISC, Rapid7, Qualys, Tenable, NCC Group, Trail of Bits, Huntress, Elastic Security, WatchTowr, Eclypsium, Wordfence, Aqua Security, OWASP, Exploit-DB, GitHub Advisories
YouTube
John Hammond, LiveOverflow, David Bombal, NetworkChuck, SANS Institute, PCSC, Hak5, Black Hills InfoSec
Podcasts
Darknet Diaries, Risky Business, Security Now, Smashing Security, CyberWire Daily, SANS StormCast, Hacking Humans
Icelandic
CERT-IS, Mbl Innlent, RÚV, Lappari, Viðskiptablaðið
Community
Reddit r/netsec, Help Net Security
Features
- AI classification — each article gets a category, severity level, and 3-5 tags automatically with content filtering in a single step
- MITRE ATT&CK mapping — vulnerability and attack articles are enriched with tactics, techniques, and vendor/product identification
- Deep analysis — critical and high severity articles get structured AI summaries enriched with NVD data (CVSS, affected versions)
- CVE cross-references — articles sharing CVE IDs are linked together with article count badges
- KEV severity boost — articles about CISA Known Exploited Vulnerabilities are automatically escalated to critical
- Threat intelligence tools — CVE lookup, threat feeds from 9 sources including AlienVault OTX (IP/domain/URL/hash blocklists), and exploit cross-references
- Daily digest — bilingual morning and evening summaries of the day's security news
- AI podcast — automated two-host podcast generated from each digest using Kokoro TTS
- Pulse — live clustering of related articles into stories with AI-generated summaries and timelines
- Curated podcasts — episodes from 7 top security shows (Darknet Diaries, Risky Business, and more)
- YouTube integration — summaries from 8 security channels using transcript analysis
- Related articles — linked by shared tags and semantic similarity (vector embeddings)
- Alerts — real-time notifications for critical and high severity vulnerabilities
- Hybrid search — keyword and AI semantic search across all articles
- Bilingual — full English/Icelandic interface with one-click toggle
- Shareable pages — every article, podcast, and digest has its own page with Open Graph meta tags
- No ads, no paywall, no tracking — just security news
Custom View URL
You can bookmark or share a customized view by adding parameters to the URL. Your settings are also saved automatically between visits.
- lang — Language:
enoris - theme — Theme:
lightordark - category —
all,vulnerabilities,attacks,updates,news,digest,podcasts,tools,tags - severity — Comma-separated:
critical,high,medium,low,info - days — Time period:
1,3, or7 - view — Layout:
listorcard
Example — Icelandic, dark mode, critical + high severity, last 24 hours:
https://news.1881.is/?lang=is&theme=dark&severity=critical,high&days=1
Under the hood
- Backend: Python + FastAPI
- Frontend: Vanilla HTML/CSS/JavaScript — no frameworks
- AI: Multiple models via OpenRouter (classification, digests, embeddings)
- TTS: Kokoro for AI podcast generation
- Search: Hybrid keyword + AI semantic search with vector embeddings
- Database: SQLite
- Hosting: Containerized on a VPS in Iceland, hosted by 1984 Hosting
Contact
Questions, feedback, or suggestions?
