Reading:
Top 10 Twitter Accounts to Follow for Threat Intelligence

Top 10 Twitter Accounts to Follow for Threat Intelligence

May 18, 2022

Threat intelligence feeds on such a broad spectrum that sometimes you’d be surprised to hear where you can get relevant information. Often, it can be nearly impossible to keep track of everything because of the “instant sharing” logic of social media channels.

We recently published an article that exemplifies how effectively Telegram channels can be used to obtain cyber threat intelligence. These channels were sources that needed verification because they were directly linked to threat actors. In this article, we will share with you Twitter accounts where you can follow news and analysis filtered by expert opinion.

Let’s dive into these great accounts you can use for threat intelligence. Make sure to follow them all!

Threat actors frequently exploit social media’s popularity for cybercrime, scams, or phishing. SOCRadar’s RiskPrime can help you detect and respond to these threats in real-time, providing you with complete visibility over social media risks.

The Best Twitter Accounts for Threat Intelligence

1. Catalin Cimpanu @campuscodi

Cimpanu's Twitter account is an excellent resource for threat intelligence.
Cimpanu’s Twitter account is an excellent resource for threat intelligence.

Catalin Cimpanu has previously worked as a reporter for reputable cybersecurity websites such as The Record, Bleeping Computer, and ZDNet. He currently creates newsletters and podcasts and writes articles for risky.biz.

Cimpanu has made a name for himself in the industry with its news about current vulnerabilities and cyber attacks. You can access satisfying analyses of the latest cyber incidents by following him.

2. Kevin Beaumont @GossiTheDog

It's impossible not to check Kevin's Twitter account for a recent cyber incident.
It’s impossible not to check Kevin’s Twitter account for a recent cyber incident.

Those who follow our daily vulnerability and cyber incident news see the name Kevin Beaumont. Just looking at Beaumont’s career, who has been devoted to cybersecurity for over 20 years, makes it clear why you should follow him.

He started his career as an analyst in the UK, continued as an information security architect, and after specializing in vulnerabilities, he became SOC manager. You should definitely follow DoublePulsar, which he writes regularly, and his Twitter account.

3. SANS Internet Storm Center @sans_isc

Internet Storm Center's account has information on every type of cyber event.
Internet Storm Center’s account has information on every type of cyber event.

SANS (SysAdmin, Audit, Network, and Security) Institute is a US-based company that has been operating for more than 20 years. The institute, which also provides certificates in information security and cyber security training, shares up-to-date data on the latest cyber security events on the isc.sans.edu website.

The Internet Storm Center Diary is an essential resource for threat intelligence professionals to follow. Its Twitter account is here.

4. BleepingComputer @BleepinComputer

BleepingComputer always gives you the latest news.
BleepingComputer always gives you the latest news.

We are not sure if it is necessary to describe BleepingComputer. It is one of the most preferred websites by anyone specializing in information technology and security and who wants to specialize. BleepingComputer, which has been publishing the latest news, analysis, and research since 2004, is not limited to these. It invites amateur users to “do it yourself” by providing free educational content and downloadable documents.

You can keep up to date with all of these and more by following them on Twitter.

5. The DFIR Report @TheDFIRReport

The DFIR Report also offers some services. Check out its website.
The DFIR Report also offers some services. Check out its website.

DFIR is short for Digital Forensics and Incident Response. In other words, it is a field that focuses on the identification, investigation, and remediation of cyber attacks in cybersecurity. The DFIR Report also provides attack IoCs, attack feeds, and threat intelligence for security researchers and organizations.

Add these guys to your list for ransomware, Cobal Strike, APT groups, etc.

6. Will @BushidoToken

We may not know much about BushidoToken, but if you examine its Twitter account, you will see that it knows a lot about threat intelligence.
We may not know much about BushidoToken, but if you examine its Twitter account, you will see that it knows a lot about threat intelligence.

Will is known for his reviews and news, which he shares on Curated Intelligence, NCPTF, and his blog bushidotoken.net. Not much to say; just follow and see.

7. Florian Roth @cyb3rops

Roth's experience-based analysis and insights will come in handy.
Roth’s experience-based analysis and insights will come in handy.

Florian Roth, the creator of YARA and the IoC scanner THOR APT Scanner, has been in the information security industry since 2003. He is currently the CTO at Nextron Systems. He has also been involved in known open source GitHub projects like LOKI and yarGen.

Let’s get you here to follow his Twitter account with around 115K followers and benefit from his experience.

8. US-CERT @USCERT_gov

If official sources are what you're looking for, follow US-CERT's Twitter account.
If official sources are what you’re looking for, follow US-CERT’s Twitter account.

US-CERT stands for United States Computer Emergency Readiness Team and is a part of the Cybersecurity and Infrastructure Security Agency (CISA). The US-CERT is in charge of analyzing and mitigating cyber threats and vulnerabilities as well as disseminating cyber threat advising details and organizing incident response operations.

We strongly recommend that you follow to get regular feeds from reliable official sources such as NIST, FBI, and Homeland Security.

9. Gitworm @Gi7w0rm

Gitworm curates cyber news from the most reliable sources and analyzes events.
Gitworm curates cyber news from the most reliable sources and analyzes events.

Although Gitworm describes itself as malware and reverse engineering enthusiast, it frequently posts about data leaks, ransomware, vulnerabilities, and dark web events. It compiles information from Telegram channels, different research blogs, and cybersecurity researchers about threat actors and cyber incidents in an understandable way.

10. vx-underground @vxunderground

vx-underground is the most extensive library of cyber threats on the web.
vx-underground is the most extensive library of cyber threats on the web.

As of 2021, vx-underground removed the threat intelligence section from its website and stopped making such posts on its Twitter account. But it still has close contact with the field regarding claims to be the most extensive online library that shares the source codes of malware and ransomware used by threat actors, or IoCs of cyber events.

BONUS: Daily Dark Web @DailyDarkWeb

The Daily Dark Web Twitter account has managed to reach a remarkable number of followers in a short time with its up-to-date posts.
The Daily Dark Web Twitter account has managed to reach a remarkable number of followers in a short time with its up-to-date posts.

The Daily Dark Web‘s radar catches all sorts of pervasive threat intelligence lurking, such as data leaks, security breaches, ransomware attacks, and malware.

From the names of the latest cyberattack victims to data for sale on dark web forums, from job postings of threat actors to weekly newsletters, you’ll find everything you’re looking for on this Twitter account.

Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Get free access.