KEVIntel

About KEVIntel

Security practitioners building exploitation-led vulnerability intelligence — from honeypot telemetry and attestation to automation-ready delivery.

Our Mission

KEVIntel helps security teams prioritize the vulnerabilities attackers are actually exploiting. We go beyond the official CISA KEV catalog with additional exploited-CVE coverage, evidence-backed enrichment, and automation-ready delivery through the UI, RSS, and Pro API.

Our work is grounded in proprietary honeypot and sensor telemetry, combined with public-source monitoring and rigorous attestation — so teams can move from vulnerability noise to exploitation signal.

Collect

CISA KEV, advisories, public reporting, RSS feeds, honeypots, and sensors.

Attest

Validate exploitation evidence and source credibility before a CVE is treated as a KEV.

Enrich

Add PoCs, scanner context, EPSS, CVSS, CWE, timelines, and sensor telemetry.

Deliver

UI, RSS, JSON, and Pro API for operational security workflows.

View KEV Feed Contact Us

Founder

Ryan Dewhurst

Ryan Dewhurst

Founder

Cybersecurity professional with experience across offensive security, threat intelligence, vulnerability research, and deception operations.

His work focuses on how attackers operate in the real world — tracking exploitation activity and vulnerability trends, and building and operating honeypots that capture attacker behavior, tooling, and tradecraft.

He is especially interested in the intersection of AI, vulnerability intelligence, exposure management, and real-world exploitation: identifying which vulnerabilities are genuinely likely to be exploited, prioritizing response, and using attacker telemetry to improve detection and mitigation.

Over the years he has worked across offensive security research, open source security projects, vulnerability intelligence, and technical leadership roles.

He is also known as the creator of Damn Vulnerable Web Application (DVWA) and WPScan (acquired in 2021).

Notable Projects