Free Cyber Threat Feeds

Chad Warner
2 min readOct 10, 2023


Cyber threat feeds (or threat data feeds) are regularly-updated sources of data about cyber threats, such as malicious IP addresses, malicious domain names, malicious email addresses, malware hashes, malware file names, and other indicators of compromise (IoCs).

Threat data feeds can use various formats, including STIX, CSV, JSON, and text. These feeds can be ingested by a threat intelligence platform (TIP), SOAR, SIEM, or firewall to automatically update their threat databases. Steps vary by system, so you’ll need to see the documentation for your system.

Threat data feeds are often called threat intelligence feeds, but data isn’t the same as intelligence. Intelligence requires that data be analyzed and given proper context, so that it’s relevant to the organization consuming it.

Free general threat feeds can be useful, but you’ll benefit more from feeds that are customized to your organization, or by having CTI analysts work with the free threat feeds (curating, adding context, etc.).

Photo by Ben Wicks on Unsplash

Sources of Free Cyber Threat Data Feeds

Here are several sources of free threat data feeds. These are lists of threat feeds, not individual threat feeds (that would make this post much longer and more difficult to keep updated). Please let me know if you know of others!

For the last one, find instances of the word feed on the page, and note that not all are free.

Additional Resources



Chad Warner

Web Strategist at OptimWise. Cybersecurity & privacy enthusiast. Bookworm. Fan of Tolkien & LEGO.