I check this every week: <a href="https://www.zdnet.com/blog/security/" rel="nofollow">https://www.zdnet.com/blog/security/</a> Don't be put off that it's ZDNet, they monitor the infosec landscape really well.<p>The only <i>personal</i> blog that covers infosec, similar to Krebs is Graham Cluley, but it's usually watered down language explained in simple terms: <a href="https://grahamcluley.com/" rel="nofollow">https://grahamcluley.com/</a>
So not quite like Krebs, but a security aggregator that has been around for a very long time is Packetstorm. [1] Some corporate firewalls have a category to block Packetstorm due to their storage of PoC exploit code. They usually have terse articles, PoC source code, advisories, links to security related stories. Another aggregator closer to ZDNet style would be ThreatPost [2]<p>Beyond those sites, there are sometimes articles posted by Tavis Ormandy from Google on interesting 0-day exploits but they are not all on one website AFAIK.<p>[1] - <a href="https://packetstormsecurity.com/" rel="nofollow">https://packetstormsecurity.com/</a><p>[2] - <a href="https://threatpost.com/" rel="nofollow">https://threatpost.com/</a>