Who we are.
0dayNews is an independent newsroom covering vulnerabilities, exploits, and the breach news that follows from them. We launched in 2026 to fill a specific gap: fast, sourced, jargon-aware reporting on CVEs and active exploitation, written for security practitioners and the technically curious — without the costume-first, credibility-second tone that plagues a lot of infosec media.
Mission and coverage priorities
Vulnerability disclosure moves fast, and the gap between "a CVE exists" and "people are already exploiting it" can be hours, not days. Vendor advisories are accurate but slow and scattered across dozens of separate portals. Security Twitter is fast but noisy. We sit in the gap: fast, sourced, skeptical, and focused only on what's verifiable and what it means for defenders.
Our coverage priorities, in order:
- CISA KEV catalog additions — every new entry in the Known Exploited Vulnerabilities catalog, tracked within 24 hours of publication.
- Actively exploited zero-days — vulnerabilities exploited in the wild before a patch exists, regardless of KEV status.
- High-impact CVEs — critical and high-severity flaws in widely deployed enterprise software, edge devices, and infrastructure.
- Breach news — confirmed incidents tied to specific vulnerabilities, with sourcing back to the affected organization or a named outlet.
- Patch Tuesday and vendor advisory roundups — what shipped, what's critical, what to prioritize.
Masthead
Editor and publisher: Jesse Tamburino. All editorial decisions, sourcing standards, and corrections are the responsibility of the editor.
Routine coverage appears under the byline "0day News Desk." This reflects how the newsroom actually operates today — a small, centrally edited operation, not a roster of individual reporters.
How the newsroom works
0dayNews is a small newsroom under direct editorial review. Our editorial process uses a range of research tools — including AI-powered software — to scan public advisories (CISA, NVD, vendor security bulletins), extract key technical details, and draft initial copy. Every published article is reviewed and fact-checked by the editor before it appears on the site, and every factual claim must trace to a primary source the reader can verify — a CISA KEV entry, an NVD record, or the affected vendor's own advisory.
We disclose our tools because our readers deserve transparency. Software assists research and drafting; it is not a replacement for sourcing, judgment, or accountability. If a published article ever contains a factual error, that is the editor's responsibility.
How we report on vulnerabilities
- Source-first. Every claim links to a primary source — CISA, NVD, the affected vendor's advisory, or named security researchers/firms who disclosed the issue.
- No working exploit code, ever. We describe vulnerabilities, their mechanism at a conceptual level, and their real-world impact. We do not publish proof-of-concept exploit code, weaponized payloads, or step-by-step attack instructions. Our job is to inform defenders and the public, not to arm attackers.
- Responsible disclosure norms. When covering a vulnerability that is not yet publicly disclosed or patched, we hold publication until the vendor has had a reasonable opportunity to respond, consistent with industry-standard coordinated disclosure timelines. See our disclosure page for the full policy.
- Corrected, not silenced. When we get something wrong — a CVSS score, a patch date, a vendor name — we say so at the top of the article, dated and signed. See our corrections log.
How we're funded
0dayNews is independently owned. At launch, our only revenue source is:
- Display advertising served via Google AdSense and similar networks. Ads are programmatic; we do not approve individual creatives. We run no affiliate program.
No editorial decision has ever been or will ever be influenced by any commercial relationship. We do not run gambling, crypto-token-promotion, or partisan-political advertising. We do not accept payment for coverage, ever.
Ownership and corporate structure
0dayNews is owned and operated by Jesse Tamburino as a sole proprietor under United States jurisdiction. We have no parent company, no investors, no political donors, and no government funding of any kind.
Contact
General inquiries and news tips: contact@0daynews.com. Responsible-disclosure coordination and takedown requests: takedown@0daynews.com. Full contact options on the contact page. We do not sell user data, period.