Free · No spam · Built by operators, for operators

CVE Alerts that don't waste your time

I monitor NVD, CISA KEV, vendor advisories, and active-exploitation feeds every hour. When something hits production stacks I care about (NGINX, cPanel, WordPress, PHP, MySQL, Redis, Docker, Kubernetes), I cut a short alert with the patch link, a self-check command, and a "should you panic" rating. Pick Telegram for live or email for a weekly digest.

⚡ Live

Telegram channel

Real-time alerts the moment I push them. You get the patch link, severity, and self-check before most security newsletters even drafted theirs. Best for hosting providers, agencies, and SRE teams running production.

  • Hourly NVD + CISA KEV scan
  • Filtered to stacks that matter (no router firmware noise)
  • One message per CVE. No daily summaries. No fluff.
  • Free. No ads.
Join Telegram channel →

Channel handle: @ping7cve. Don't have Telegram? Get it here (free, 2 minutes).

📧 Weekly

Email digest

One email per week. Every critical CVE I pushed to Telegram that week, plus a short "what to do this week" note. Good if you'd rather batch-process security news than get pinged hourly.

  • One email per week. Friday mornings, UTC.
  • Skipped during quiet weeks. No filler.
  • Plain text + links. No tracking pixels.
  • Unsubscribe link in every email.

Privacy: your email is stored at Buttondown and nowhere else. Not shared, not sold.

Sample alert

Here's what an actual recent alert looked like in the Telegram channel:

Ping7 CVE Alert 2026-05-13 · 14:21 UTC

🔴 CRITICAL · CVE-2026-42945 · NGINX Rift

Heap buffer overflow in ngx_http_rewrite_module. Pre-auth RCE via crafted HTTP request when ASLR is off. In the codebase since 2008. Affects NGINX 0.6.27 to 1.30.0 and NGINX Plus R32 to R36.

CVSS: 9.2 (CRITICAL)

Patch: NGINX 1.30.1 / 1.31.0 / R32 P6 / R36 P4. Restart required.

Public PoC: yes. github.com/DepthFirstDisclosures/Nginx-Rift

Self-check: 10-min guide on Ping7

Should you panic? If you're on a vulnerable version AND your config has rewrite + unnamed captures + a ? in replacement, yes. Otherwise patch within the week.

How I pick what to alert on

Most security newsletters dump everything. That's noise. Here's the filter I apply before anything makes it into the channel:

1. CVSS ≥ 7.0

If the score is below 7, it's a maintenance item, not an alert.

2. Affects production stacks

NGINX, Apache, cPanel, WordPress, PHP, MySQL/MariaDB, Redis, Docker, Kubernetes, OpenSSH, Postfix, Exim. Skip router firmware, niche industrial gear, and vendor-internal tooling.

3. Patch or workaround exists

If there's no fix and no public exploit, alerting just causes anxiety. I wait until at least one of those two things is true.

4. CISA KEV gets priority

Anything on the CISA Known Exploited Vulnerabilities catalog jumps the queue and gets a red flag, even at lower CVSS.

5. Public PoC bumps urgency

The moment a working exploit hits GitHub, the window between "advisory" and "wild exploitation" usually collapses to days.

6. Two independent sources

Before I push, I cross-check the CVE against at least one other source (Patchstack, WPScan, F5, vendor blog). Reduces the false-alarm rate.

FAQ

How many alerts per week, on average?

Usually 2-4. Some weeks 0 (quiet), occasional weeks 8-10 (cluster disclosures). Telegram gets each one live. Email batches them on Friday.

Why is the channel free?

The alerts are a top-of-funnel for paid services. If you find them useful and one day need someone to actually patch or recover for you, you'll have already seen what we know.

Do you cover every CVE on NVD?

No. NVD publishes hundreds per week. Most don't matter to the average operator. I filter aggressively. If you want the firehose, NVD itself has an RSS feed.

What if I run a niche stack you don't cover?

Reply to any alert email or message the Telegram channel admin. If you tell me what you run, I'll keep an eye on it. The current coverage list grew exactly this way.

Can I unsubscribe from email?

Yes. Every email has an unsubscribe link. Telegram you just leave the channel.

Do you sell or share my email?

No. The list lives in Buttondown. No shared lists, no integrations, no resale.

Can I get a private feed for my company?

Yes. We offer a paid private alert feed tuned to your exact stack (e.g. only CVEs that affect your specific WordPress plugin set or NGINX modules). $19-79/month. See services.

Why trust this feed?

I track CVEs because I work cases. Ping7's services are recovery, hardening, and incident response for hosting providers and small operators. The same intel that powers the alerts also powers the work. If we miss something or alert on the wrong thing, you'll know within hours because clients are calling.

Recent coverage track record (since April 2026):

  • CVE-2026-8719 (AI Engine WordPress plugin, Subscriber-to-Admin) - covered same day as Wordfence disclosure with a 5-minute self-check guide and the hidden-admin database query.
  • CVE-2026-42945 (NGINX Rift, 18-year-old RCE) - alerted within 2 hours of public disclosure with a free detection script the same day.
  • CVE-2026-41940 (cPanel pre-auth RCE) - alerted within 4 hours of F5 disclosure, before 90% of mainstream security blogs.
  • CVE-2026-1492 (WordPress auth bypass) - covered with full hidden-admin detection query, something most other write-ups missed entirely.