For most security professionals, subscribing to security alerts is a must. These are often subscription services or bulletins that are posted by the makers of commercial security software.

A second way to ensure that you are completely up to date with the latest vulnerabilities and exploits is to monitor the web sites of what I will call ‘black market’ organizations who post these vulnerabilities. (and often times the corresponding exploit[s]) Sometimes the mission of these web sites is a little unclear; are they trying to help or trying to hurt…

Here is a list of web sites that may prove beneficial to you in learning about the latest on goings of the cyber-criminal collective mind:

http://milw0rm.com

Run by a group of “hacktivists” best down for penetrating the computers of the Bhabha Atomic Research Center in Mumbai (the primary nuclear research facility of India).

This site is an excellent source for the latest vulnerabilities, complete with corresponding exploits from their 0day exploit database, videos, papers and even shellcode.

Note: the site does have a bit of a habit of disappearing and reappearing.

http://threatpost.com/en_us/category/topics/vulnerabilities

Threatpost (Kaspersky) has a great running list of vulnerabilities

http://www.securityfocus.com/vulnerabilities

A great list of current vulnerabilities, sponsored by SecurityFocus. The details page for each vulnerability provides excellent info including which versions of what software are vulnerable and CVE tags.

http://web.nvd.nist.gov/view/vuln/search

The National Vulnerability Database, sponsored by the DHS National Cyber Security Division. Another great source of vulnerabilities in database/search form.