Threat Observation & Research
Threat Observation & Research
The challenge: Vulnerability scores tell you theoretical risk — they don't tell you whether someone is actively scanning for or exploiting a weakness right now. Traditional feeds miss the real-time signals that separate a scored vulnerability from an active threat.
What you get: Live exploitation signals from honeypots, global scanning infrastructure, and threat research communities — the difference between a score and a signal.
| Source | Description | |
|---|---|---|
 | Shadowserver | Shadowserver Foundation. Global honeypot network and internet scanning data. Real-time sightings of exploitation attempts and vulnerable hosts. |
 | Shodan Sightings | Shodan internet-wide scanning data. Vulnerability sightings from exposed services and banners across the public internet. |
 | GreyNoise | GreyNoise internet background noise analysis. Distinguishes targeted exploitation from mass scanning to reduce false positives. |
 | Bluesky Mentions | Vulnerability mentions on the Bluesky social network. Early-warning signal from security researcher discussions and disclosure threads. |
 | Fediverse Mentions | Vulnerability discussions across Mastodon and the broader Fediverse. Community-driven intelligence from the decentralised security research community. |
 | X.com Mentions | Vulnerability mentions on X (formerly Twitter). Security researcher discussions, vendor disclosures, and exploit announcements. |
 | NCSC-NL Nieuwsberichten | Nationaal Cyber Security Centrum (Netherlands) news bulletins. Dutch-language cyber threat situational awareness reports. |
 | References Enrichment | Automated reference URL crawling and classification. Enriches vulnerability records with categorised links to advisories, patches, and PoC code. |
 | Cyber Threat Alliance | Cyber Threat Alliance shared intelligence. Membership-based threat intelligence sharing between industry participants. |
See the Licensing Appendix for redistribution terms applicable to each source.