Editorial Standards

ProbablyPwned is committed to accurate, timely, and responsible cybersecurity journalism. This page outlines how our newsroom operates, how we use AI tools with human review, how we verify information, and how we handle corrections.

Our Newsroom

ProbablyPwned is organized into topic desks rather than individual bylines. Each article is attributed to the desk responsible for that beat:

• Threat Intel Desk — nation-state actors, APT campaigns, and geopolitical cyber operations.
• Vulnerability Desk — CVE disclosures, zero-days, and vendor patches.
• Malware Desk — ransomware, infostealers, and malware-as-a-service.
• Data Breach Desk — corporate breaches, extortion, and the underground data economy.
• Editorial Team — explainers, guides, tool reviews, and cross-desk review.

We attribute coverage to desks, not invented personas. What matters is the accuracy of our reporting, the quality of our primary sources, and our track record.

How We Produce Coverage

The volume of daily security disclosures is enormous. We use AI tools to help monitor advisories, breach notifications, and vendor research and to draft initial coverage. Every article is reviewed by human editors before publication — source verification, technical accuracy, framing, and final judgment are human. We publish this disclosure because transparency about our process is part of earning your trust.

Source Verification

We apply different verification standards based on source type:

Editorial Process

Every article goes through these steps before publication:

1. Research and verification — Primary sources are identified, claims are cross-referenced, and technical details are verified.
2. Drafting — Initial drafts are produced with AI assistance, then edited by a human for accuracy, attribution, and tone, avoiding speculation unless explicitly labeled as analysis.
3. Technical review — For complex vulnerabilities or malware analysis, a second contributor reviews technical accuracy.
4. Publication — Articles include publication timestamps and are updated as stories develop.

Corrections Policy

We correct errors promptly and transparently:

• Minor corrections (typos, formatting) are fixed without notation.
• Factual corrections are noted at the end of articles with the correction date and description of what changed.
• Significant errors affecting the article's conclusions trigger a prominent correction notice at the top of the article.
• Retractions are issued if an article's core claims cannot be substantiated. Retracted articles remain accessible with a notice explaining why.

To report an error, email Loading....

Conflict of Interest

We disclose potential conflicts that could affect our coverage:

• We do not accept payment from vendors for coverage. Product mentions are editorial decisions, not sponsored content.
• Some resource pages include affiliate links (clearly marked). Affiliate relationships do not influence news coverage or editorial recommendations.
• Contributors who have professional relationships with companies mentioned in articles recuse themselves from that coverage.

Responsible Disclosure

We support responsible vulnerability disclosure:

• We do not publish technical details that would enable exploitation before patches are available.
• We respect vendor disclosure timelines and coordinate when we learn of vulnerabilities before public disclosure.
• We differentiate between proof-of-concept availability and active exploitation in our severity assessments.

Contact