Security Researchers Worth Following

April 10, 2026

Here's an underrated trick for getting better at security: read what the good researchers read, in roughly the order they read it.

The blogs below are the ones other reputable people cite when they need to make a point, the ones whose findings get rewritten by mainstream press a week later. They're technical, they age well, and they're all still being updated, which matters more than you'd think.

This is a deliberately short list. People aren't on it for being popular, they're on it because their work has aged well and you can subscribe to it via RSS.

The list

• Bruce Schneier Schneier on Security Cryptographer, author, and one of the longest-running voices in security policy and applied cryptography
• Brian Krebs Krebs on Security Investigative cybercrime journalist, consistently first to break major breach and threat actor stories
• Troy Hunt troyhunt.com Founder of Have I Been Pwned, writes prolifically on web security, breach disclosure, and password hygiene
• Matthew Green A Few Thoughts on Cryptographic Engineering Cryptography professor at Johns Hopkins, known for accessible deep dives on real-world crypto failures
• Filippo Valsorda filippo.io Cryptographer and former Go security lead, writes about applied cryptography and protocol design
• Daniel Miessler danielmiessler.com Long-running security blog and Unsupervised Learning newsletter covering offensive security and AI security
• Marcus Hutchins MalwareTech Reverse engineer best known for stopping WannaCry, writes detailed malware analysis and exploitation posts
• Tavis Ormandy lock.cmpxchg8b.com Google Project Zero researcher with a track record of finding critical bugs in widely deployed software
• Orange Tsai blog.orange.tw Offensive researcher behind ProxyLogon, ProxyShell, and a string of other landmark Microsoft Exchange findings
• Mathy Vanhoef mathyvanhoef.com Academic security researcher who discovered KRACK, FragAttacks, and other foundational Wi-Fi vulnerabilities
• Mikko Hyppönen mikko.hypponen.com Long-time malware researcher and Chief Research Officer at WithSecure, writes on threat landscape trends
• Google Project Zero Project Zero Blog Google's elite vulnerability research team, publishing technical writeups of zero-day discoveries
• PortSwigger Research portswigger.net/research James Kettle and the PortSwigger team, regularly introducing entire new bug classes for the web
• Patrick Wardle Objective-See macOS security researcher and creator of the Objective-See suite of free defensive tools for Mac users
• Halvar Flake ADD / XOR / ROL Thomas Dullien, longtime reverse engineering and program analysis researcher behind BinDiff and zynamics
• Bunnie Huang bunnie:studios Hardware hacker behind Chumby, Novena, and Precursor, writing on supply chain security and physical reverse engineering
• Mateusz Jurczyk j00ru//vx tech blog Google Project Zero researcher specializing in Windows kernel internals, font parsers, and large-scale fuzzing
• Gynvael Coldwind gynvael.coldwind.pl Google security engineer and CTF veteran, posting on low-level reversing, exploitation, and security education
• Kelly Shortridge kellyshortridge.com Resilience engineering and security decision making, author of Security Chaos Engineering
• Joshua Stein jcs.org OpenBSD developer writing detailed deep dives on embedded hardware, low-level systems, and reverse engineering

YouTubers

Some of the best security explainers and bug bounty walkthroughs live on YouTube. The channels below are the ones that consistently show up when working hunters get asked "who do you actually watch".

• IppSec HackTheBox walkthroughs
  Weekly, methodical walkthroughs of retired HackTheBox machines, focused on real methodology rather than just the solution
• LiveOverflow Fabian Faessler
  Long-form, research-driven deep dives into exploitation techniques and vulnerability classes for people who want to understand why things work
• NahamSec Ben Sadeghipour
  Live bug bounty hunting sessions, recon tips, and interviews with top hackers from the founder of NahamCon
• John Hammond Huntress security researcher
  Near-daily CTF walkthroughs, live malware analysis, and breakdowns of real incidents from a Huntress threat researcher
• The Cyber Mentor Heath Adams (TCM Security)
  Practical pentesting tutorials, Active Directory attacks, and career advice from one of the most trusted voices in entry-level offensive security
• InsiderPhD Dr. Katie Paxton-Fear
  Beginner-friendly bug bounty tutorials and API hacking research from an academic and active HackerOne hunter
• Farah Hawa AppSec engineer and bug bounty hunter
  Clear, concept-first explanations of web vulnerability classes, OAuth/JWT flaws, and bug bounty workflows
• Low Level Formerly LowLevelLearning
  Short, focused explainers on memory corruption, CPU internals, and low-level security bugs
• LaurieWired Reverse engineering and malware
  Reverse engineering, malware internals, and low-level systems explainers from one of the fastest-growing security channels
• 13Cubed Richard Davis (DFIR)
  Best-in-class digital forensics and incident response education, with a strong focus on Windows artifacts
• SimplyCyber Gerald Auger
  Daily cybersecurity news, defender-focused content, and career guidance from a working CISO
• DEF CON Conference Official channel
  The official archive of DEF CON talks, where much of the most influential offensive research of the year gets published for free
• Black Hat Official briefings
  Full-length briefings from Black Hat USA, Europe, and Asia covering cutting-edge vulnerability research and defensive engineering

Podcasts

Podcasts are how a lot of people in security keep up with the field without having to read every newsletter. The shows below are the ones with both staying power and substance, no churn-and-burn AI-generated feeds.

• Darknet Diaries Jack Rhysider Long-form, narrative storytelling about hackers, breaches, and the hidden side of the internet, the gold standard for security true-crime
• Risky Business Patrick Gray Weekly infosec news and interviews with serious practitioners, widely regarded as the industry's news podcast of record
• CyberWire Daily N2K CyberWire A concise, well-produced daily briefing on the most important cybersecurity news, policy moves, and threat intel
• SANS Internet Stormcast Dr. Johannes Ullrich A daily five-minute briefing from the SANS Internet Storm Center on emerging threats, CVEs, and attack trends spotted in honeypots
• Critical Thinking Justin Gardner and Joseph Thacker Technical, tactical weekly conversations on bug bounty methodology and novel web vulnerabilities, hosted by two full-time hunters
• Smashing Security Graham Cluley and Carole Theriault A weekly, irreverent roundtable on breaches, scams, and privacy stories that still manages to be genuinely informative
• Click Here Dina Temple-Raston, Recorded Future Award-winning investigative journalism on ransomware crews, state-sponsored hackers, and the people trying to stop them
• Malicious Life Ran Levi (Cybereason) Narrative cybersecurity history that unpacks the people, hacks, and campaigns that shaped the industry
• Hacking Humans Dave Bittner and Joe Carrigan A weekly look at social engineering, phishing lures, and scams, practical listening for anyone running an awareness program
• 7 Minute Security Brian Johnson Short, hands-on field notes from a working pentester, heavy on Active Directory abuse and blue-team gotchas
• Defensive Security Podcast Jerry Bell and Andrew Kalat A weekly blue-team focused rundown of breaches and defensive lessons learned from two veteran security leaders
• Security Now Steve Gibson and Leo Laporte Running since 2005 and still weekly, one of the longest-lived deep-dive security podcasts on the internet

How to actually follow them

Use a real RSS reader

Feedly, NetNewsWire, Miniflux, anything that gives you a chronological list of unread posts and stays out of your way. There is no algorithm deciding what you see, no "did this post age into a thread", just the last twenty things this person wrote. This is the entire reason RSS still exists.

Click the outbound links

Good researchers cite their sources, and chasing those citations is how you find the next layer of researchers worth reading. Most of my own subscriptions came from following footnotes off other people's posts.

Don't try to read everything

I have done this. It does not work. Twelve prolific blogs add up to hundreds of unread items in a week, and at some point you just stop opening the reader. Pick three or four whose writing you actually look forward to. Mark the rest as read whenever they pile up. Rotate every few months.

Who's missing

A lot of the best bug bounty hunters do their writing in HackerOne reports or short threads, never a blog. NahamSec, IppSec, and STÖK live on YouTube. Plenty of brilliant researchers only ever surface at conferences. None of those people are on this list, but several show up on the learning tools page.

If you think someone obviously belongs here, the repository is open and PRs are welcome.