You must log in or # to comment.
Fediverse and RSS mostly.
I didn’t really consider that there are feeds for such things, especially for my distro(s). Embarrassing, but it means you helped making me safer!
I’m now subscribed to the Debian security list, seeing as all my servers run Debian. I just had unattended upgrades with Mail logs before.
You can watch rss feeds to follow all CVEs like Microsoft’s https://api.msrc.microsoft.com/update-guide/rss
NIST used to have an rss feed for CVEs but deprecated it recently. They still have other ways you can follow it though https://nvd.nist.gov/vuln/data-feeds
Or if you just want to follow CVEs for certain applications you can host/subscribe to something like https://www.opencve.io/welcome which allows you to filter CVEs from NIST’s National Vulnerability Database (NVD)
I tend to find out about vulnerabilities before it hits the news outlets from the rss feed at https://seclists.org/oss-sec/
Other than that, I’ve got a bunch of other security feeds I follow and also have automated updates with just about everything.
i subscribed for fedora mailist a few days ago and their talk awas helpful for me to notice that i was one of the affected, just subscribe to your distro blog/mail/etc
Your distro should havê a security mailing list you van subscribe to
Found out about the xz one on Lemmy. Years ago I was briefly subscribed to Bugtraq but that was too much. Now I’m subscribed to a few OS specific security announcement mailing lists.
For Ubuntu, I use https://ubuntu.com/security/oval
Lucky I only have to worry about ones from Cisco or FortiNet and both have RSS feeds that I have linked into Slack at work to tell us when a new patch is out or a new psirt is released.
