Editorial Standards

ProbablyPwned is committed to accurate, timely, and responsible cybersecurity journalism. This page outlines how we operate, verify information, handle corrections, and why our contributors write under pseudonyms.

About Our Contributors

Our reporting team consists of working cybersecurity professionals—analysts, researchers, and incident responders who contribute to ProbablyPwned alongside their primary roles in the industry. They write under pseudonyms for legitimate operational security reasons:

• Threat actor retaliation. Covering ransomware gangs, nation-state APTs, and cybercriminal operations can make journalists targets. Researchers who publicly attribute attacks have faced doxing, harassment, and direct threats from the groups they cover.
• Source protection. Our contributors maintain relationships with sources inside security vendors, government agencies, and affected organizations. Anonymity helps protect these channels and the people who trust us with sensitive information.
• Employment considerations. Many contributors work at companies with policies restricting public commentary on security matters. Pseudonyms allow them to share expertise without jeopardizing their primary employment.
• Legal exposure. Reporting on active intrusions, leaked data, and threat actor infrastructure can create legal complications. Separation between professional identity and journalism provides a layer of protection.

This approach is common in cybersecurity journalism and research. What matters is the accuracy of our reporting, the quality of our sources, and our track record—not the real names behind the bylines.

Source Verification

We apply different verification standards based on source type:

Editorial Process

Every article goes through these steps before publication:

1. Research and verification — Primary sources are identified, claims are cross-referenced, and technical details are verified.
2. Writing — Articles are drafted with clear attribution, avoiding speculation unless explicitly labeled as analysis.
3. Technical review — For complex vulnerabilities or malware analysis, a second contributor reviews technical accuracy.
4. Publication — Articles include publication timestamps and are updated as stories develop.

Corrections Policy

We correct errors promptly and transparently:

• Minor corrections (typos, formatting) are fixed without notation.
• Factual corrections are noted at the end of articles with the correction date and description of what changed.
• Significant errors affecting the article's conclusions trigger a prominent correction notice at the top of the article.
• Retractions are issued if an article's core claims cannot be substantiated. Retracted articles remain accessible with a notice explaining why.

To report an error, email Loading....

Conflict of Interest

We disclose potential conflicts that could affect our coverage:

• We do not accept payment from vendors for coverage. Product mentions are editorial decisions, not sponsored content.
• Some resource pages include affiliate links (clearly marked). Affiliate relationships do not influence news coverage or editorial recommendations.
• Contributors who have professional relationships with companies mentioned in articles recuse themselves from that coverage.

Responsible Disclosure

We support responsible vulnerability disclosure:

• We do not publish technical details that would enable exploitation before patches are available.
• We respect vendor disclosure timelines and coordinate when we learn of vulnerabilities before public disclosure.
• We differentiate between proof-of-concept availability and active exploitation in our severity assessments.

Contact