A curated directory of the journalists, researchers, educators, podcasters, and YouTubers doing the most important work in cybercrime, hacking, and digital security. Whether you are looking to stay ahead of emerging threats, understand the tactics of criminal networks, or simply follow the best investigative reporting in the field, this is your starting point.
Every creator listed here has been selected for the depth, accuracy, and consistency of their coverage. From long-form investigative journalism to weekly podcast deep-dives and hands-on technical research, these are the voices that shape how the world understands cybersecurity today.
@bbcworld
BBC documentary series and podcast uncovering North Korea's state-sponsored cybercrime operations and billion-dollar heists. Their landmark episode "The $81 Million Bank Job" revealed how the Lazarus Group exploited SWIFT banking infrastructure to drain Bangladesh Bank in one of the largest cyber heists ever recorded.
@briankrebs
Investigative journalist covering cybercrime, data breaches, and the security industry. Former Washington Post reporter and author of "Spam Nation," the definitive account of Russian spam kingpins. His exposé on the Medibank and Change Healthcare breaches stands among the most-read security investigations of the decade.
@bellingcat
Investigative journalism collective specializing in open-source intelligence (OSINT) to investigate war crimes, disinformation, and cybercrime. Their investigation into the Salisbury poisoning suspects — identifying GRU officers using only public records and flight data — redefined what citizen investigators can accomplish without classified access.
@Behind_The_Surface
In-depth cybercrime analysis by Travis Simcox covering cybercriminal networks, dark web ecosystems, fraud operations, and threat actor profiling with a focus on actionable intelligence and investigative storytelling. His multi-part series mapping the infrastructure of a major carding operation from forum post to cashout is one of the most thorough public analyses of cybercriminal supply chains available.
@DarknetDiaries
True crime podcast covering hacks, breaches, APTs, cybercrime, and internet espionage hosted by Jack Rhysider. Episode 112, "Dirty Coms," exposing the Com cybercriminal network that targeted teenagers and executives alike, is one of the most-shared episodes in the show's history and sparked mainstream press coverage of the phenomenon.
@Mandiant
Leading cybersecurity firm publishing groundbreaking threat intelligence reports on APTs, nation-state actors, and cybercriminal groups. Their 2013 APT1 report, which publicly attributed a major Chinese cyber-espionage unit to the People's Liberation Army, was the first time a private firm named a nation-state actor with detailed technical evidence and changed the industry forever.
@troyhunt
Creator of Have I Been Pwned, Microsoft Regional Director, and one of the world's most recognized data breach experts. HIBP has indexed over 14 billion compromised accounts and is now used by governments, browsers, and security teams worldwide to alert users when their credentials appear in breach data.
@mikko
Chief Research Officer at WithSecure and world-renowned cybersecurity expert covering malware, cybercrime, and surveillance. His 2014 TED Talk "Fighting Viruses, Defending the Net" has been viewed over two million times and remains one of the clearest public explanations of how nation-state malware campaigns operate.
@kevinmitnick
Legendary former hacker turned security consultant and author. Co-founder of Mitnick Security. His book "The Art of Deception" remains the definitive text on social engineering attacks, and his memoir "Ghost in the Wires" is widely considered the most compelling first-person account of life as a wanted computer criminal ever written. (1963–2023)
@IntelTechniques
OSINT and privacy training by Michael Bazzell, former FBI consultant teaching open-source intelligence investigation methods. His book "Open Source Intelligence Techniques," now in its tenth edition, is used by federal investigators, journalists, and private intelligence practitioners as the go-to manual for legally sourced digital investigations.
@KimZetter
Award-winning journalist and author covering nation-state hacking, critical infrastructure, and cybersecurity policy. Her book "Countdown to Zero Day," the definitive account of the Stuxnet worm that destroyed Iranian nuclear centrifuges, is considered essential reading for anyone trying to understand how cyberweapons are designed, deployed, and contained.
grahamcluley
Award-winning cybersecurity blogger and podcaster, former Sophos researcher who writes about cybercrime, malware, and security news with wit and clarity. His long-running "Smashing Security" podcast co-hosted with Carole Theriault, and his individual blog dissecting phishing campaigns and scam operations, have made him one of the most widely read independent security voices in the UK.
intel471
Threat intelligence firm publishing in-depth research on cybercriminal marketplaces, ransomware-as-a-service operations, and underground economy trends. Their report exposing the full operational structure of the Conti ransomware group — published after the Conti leaks — provided the most granular public picture of how a professional ransomware enterprise organizes itself, paying staff, assigning targets, and managing negotiations.
@bbcworld
BBC documentary series and podcast uncovering North Korea's state-sponsored cybercrime operations and billion-dollar heists. Their landmark episode "The $81 Million Bank Job" revealed how the Lazarus Group exploited SWIFT banking infrastructure to drain Bangladesh Bank in one of the largest cyber heists ever recorded.
@briankrebs
Investigative journalist covering cybercrime, data breaches, and the security industry. Former Washington Post reporter and author of "Spam Nation," the definitive account of Russian spam kingpins. His exposé on the Medibank and Change Healthcare breaches stands among the most-read security investigations of the decade.
@bellingcat
Investigative journalism collective specializing in open-source intelligence (OSINT) to investigate war crimes, disinformation, and cybercrime. Their investigation into the Salisbury poisoning suspects — identifying GRU officers using only public records and flight data — redefined what citizen investigators can accomplish without classified access.
johnhammond
Cybersecurity researcher and content creator producing CTF walkthroughs, malware analysis, and cybercrime investigation tutorials on YouTube. His deep-dive series on dissecting real ransomware samples, including LockBit and BlackCat, has become required viewing for aspiring malware analysts.
@Behind_The_Surface
In-depth cybercrime analysis by Travis Simcox covering cybercriminal networks, dark web ecosystems, fraud operations, and threat actor profiling with a focus on actionable intelligence and investigative storytelling. His multi-part series mapping the infrastructure of a major carding operation from forum post to cashout is one of the most thorough public analyses of cybercriminal supply chains available.
@DarknetDiaries
True crime podcast covering hacks, breaches, APTs, cybercrime, and internet espionage hosted by Jack Rhysider. Episode 112, "Dirty Coms," exposing the Com cybercriminal network that targeted teenagers and executives alike, is one of the most-shared episodes in the show's history and sparked mainstream press coverage of the phenomenon.
@Mandiant
Leading cybersecurity firm publishing groundbreaking threat intelligence reports on APTs, nation-state actors, and cybercriminal groups. Their 2013 APT1 report, which publicly attributed a major Chinese cyber-espionage unit to the People's Liberation Army, was the first time a private firm named a nation-state actor with detailed technical evidence and changed the industry forever.
@troyhunt
Creator of Have I Been Pwned, Microsoft Regional Director, and one of the world's most recognized data breach experts. HIBP has indexed over 14 billion compromised accounts and is now used by governments, browsers, and security teams worldwide to alert users when their credentials appear in breach data.
@mikko
Chief Research Officer at WithSecure and world-renowned cybersecurity expert covering malware, cybercrime, and surveillance. His 2014 TED Talk "Fighting Viruses, Defending the Net" has been viewed over two million times and remains one of the clearest public explanations of how nation-state malware campaigns operate.
@RecordedFuture
Threat intelligence firm publishing research on nation-state actors, ransomware groups, and cybercriminal ecosystems. Their annual Cyber Threat Analysis reports on Russian intelligence-sponsored groups — particularly Sandworm and APT29 — are cited by government agencies, journalists, and security teams as primary reference material.
@kevinmitnick
Legendary former hacker turned security consultant and author. Co-founder of Mitnick Security. His book "The Art of Deception" remains the definitive text on social engineering attacks, and his memoir "Ghost in the Wires" is widely considered the most compelling first-person account of life as a wanted computer criminal ever written. (1963–2023)
thecyberwire
Daily cybersecurity news briefing and analysis covering threat intelligence, data breaches, policy, and cybercrime incidents from around the globe. Their flagship daily podcast has run continuously for over a decade and their coverage of the SolarWinds supply-chain attack in 2020 provided some of the fastest, most accurate public analysis available during the crisis.
@IntelTechniques
OSINT and privacy training by Michael Bazzell, former FBI consultant teaching open-source intelligence investigation methods. His book "Open Source Intelligence Techniques," now in its tenth edition, is used by federal investigators, journalists, and private intelligence practitioners as the go-to manual for legally sourced digital investigations.
@josephfcox
Senior reporter at 404 Media breaking stories on stalkerware, dark web marketplaces, telecom hacks, and law enforcement operations. His investigation into the secret government phone tracking program built on commercial data brokers — published while at Motherboard — prompted congressional hearings and is cited as one of the most consequential privacy scoops of the 2020s.
gemini-sec
YouTube channel exploring real-world cybercrime investigations, OSINT techniques, and threat actor profiling for both newcomers and seasoned practitioners. Their walkthrough reconstructing the identity of a ransomware operator using only blockchain traces and leaked forum data demonstrated publicly how investigators link pseudonymous criminals to real-world identities.
@MalwareJake
Cybersecurity practitioner, former NSA hacker, and founder of Rendition Infosec specializing in incident response and digital forensics. His public technical analysis of the 2020 SolarWinds Orion compromise — posted within days of disclosure — helped hundreds of security teams understand the attack chain before official guidance was available.
threatwire
Short-form weekly video show from Hak5 summarizing the top cybersecurity and cybercrime news stories for practitioners and enthusiasts. Their episode covering the Uber breach social engineering attack, in which a teenage hacker simply texted an employee and asked for credentials, is a go-to resource for security awareness training teams.
@riskybusiness
Long-running cybersecurity news podcast hosted by Patrick Gray covering threat intelligence, vulnerabilities, and the cybersecurity industry landscape. The Risky Business interview series — where Gray presses vendors and researchers on claims rather than accepting marketing speak — has earned a loyal following among CISOs and practitioners who value skeptical, technically literate analysis.
@zackwhittaker
Security editor at TechCrunch covering data breaches, hacking, and security research. His breaking report on the T-Mobile data breach affecting 37 million customers, and his subsequent follow-up revealing the company had been breached multiple times inside two years, put sustained public pressure on telecoms to improve security practices.
@KimZetter
Award-winning journalist and author covering nation-state hacking, critical infrastructure, and cybersecurity policy. Her book "Countdown to Zero Day," the definitive account of the Stuxnet worm that destroyed Iranian nuclear centrifuges, is considered essential reading for anyone trying to understand how cyberweapons are designed, deployed, and contained.
@maddiestone
Security researcher at Google Project Zero specializing in 0-day exploit analysis and vulnerability research and frequent conference speaker. Her annual Year-in-Review reports on in-the-wild zero-day exploitation are the most comprehensive public accounting of how governments and criminal groups weaponize unpatched vulnerabilities, and are cited by vendors, regulators, and researchers worldwide.
grahamcluley
Award-winning cybersecurity blogger and podcaster, former Sophos researcher who writes about cybercrime, malware, and security news with wit and clarity. His long-running "Smashing Security" podcast co-hosted with Carole Theriault, and his individual blog dissecting phishing campaigns and scam operations, have made him one of the most widely read independent security voices in the UK.
@sans_isc
Daily 5-minute cybersecurity podcast by SANS Institute covering the latest vulnerabilities, exploits, and security incidents. Running continuously since 2005, the Stormcast is one of the longest-running security podcasts in existence and its handler diary entries have documented thousands of real attacks as they unfolded, making it an invaluable historical record of the threat landscape.
@gcluley
Lighthearted cybersecurity news podcast hosted by Graham Cluley and Carole Theriault covering cybercrime stories with wit and analysis. Their episode on the "pig butchering" romance scam epidemic, which traced the operations to forced-labor compounds in Southeast Asia, introduced the phenomenon to a mainstream audience months before most major newspapers picked up the story.
@hackerfactor
Digital forensics researcher and expert in image analysis, metadata forensics, and online anonymity. His Hacker Factor blog post demonstrating how embedded JPEG metadata can identify the exact camera, editing software, and in some cases the GPS location of an image's origin has been used in real criminal investigations and is regularly cited in digital forensics coursework.
intel471
Threat intelligence firm publishing in-depth research on cybercriminal marketplaces, ransomware-as-a-service operations, and underground economy trends. Their report exposing the full operational structure of the Conti ransomware group — published after the Conti leaks — provided the most granular public picture of how a professional ransomware enterprise organizes itself, paying staff, assigning targets, and managing negotiations.
@humanhacker
Podcast dedicated to the human side of cybersecurity covering social engineering, phishing, pretexting, and psychological manipulation tactics. Their framework for "human hacking" — developed across hundreds of episodes and formalized in Christopher Hadnagy's book of the same name — is used by penetration testers and corporate security trainers to build defenses against manipulation-based attacks.
pompompurin
In-depth investigative blog series and analysis pieces on cybercriminal forum ecosystems, data broker markets, and the economics of stolen data. Their analysis of the BreachForums marketplace — detailing how stolen credentials are priced, bundled, and resold across multiple criminal storefronts — remains one of the most cited public breakdowns of how the stolen data economy actually functions.