Show HN: ThreatCluster – Automatically cluster cybersecurity news
threatcluster.ioI built ThreatCluster after getting frustrated with how scattered cybersecurity intelligence is. When a major breach or vulnerability hits, you end up reading the same story across 10+ different security blogs, each with slightly different details, but no way to see the complete timeline or understand the full scope.
ThreatCluster automatically groups related cybersecurity articles using semantic clustering, so instead of reading fragments, you get one comprehensive view of each threat. It tracks everything from APT campaigns to vulnerability disclosures to ransomware attacks.
You can try it without signing up – just visit https://threatcluster.io/trending to see current clustered threats. The free tier lets you browse all clusters, see threat scores (based on recency, source credibility, and severity), and follow the timeline of how stories develop.
Key features you can test:
- Browse automatically clustered threat intelligence - See threat scores and similarity percentages - Follow story timelines as new articles get added - Filter by entity types (APT groups, companies, malware families) - Follow entities and add them to custom feeds - AI-generated summaries of threats - CVEs, IPs, Domain, and File Hash intelligence
The technical challenge was building clustering that works in real-time as articles come in, ensuring related articles are correctly clustered, while handling the noise and duplicate content that’s common in cybersecurity news.
Currently processing 400+ articles daily from security vendors, researchers, and news sources. Would love feedback from anyone in cyber security or just curious about how threat intelligence works.
Thanks!