Recommended security blogs in the field of anti-virus, anti-malware, reverse-engineering and vulnerability research. I highly recommend subscribing by RSS to these security feeds.
Hands down the best security blog out there. Xylitol is always kicking some serious malware ass. He has embedded himself in all the major underground forums, regularly breaks into malware C&C panels, reverses a lot of cool malware, and kicks some ass.
Krebs on Security
The best investigative security researcher.
AlienVault Labs
Great vulnerability and investigative work. They are always on the ball when reporting on all the latest 0days in the wild.
Posts really good collections of higher profile malware attacks, as well as analysis to go with it. Look here for samples to download from the latest 0day attacks, flamer, apt0, etc.
Didier Stevens
Posts a lot of useful reverse-engineering tools.
Malware don't need Coffee
By being embedded in a lot of the underground forums, the author posts about new versions of exploit kits, zeus, and ransomware. He censors his images on his blog too much though.
Kernel Mode Forums
Great community of anti-malware enthusists. There are threads set up for tracking each of the major sample groups, as well as categories like point of sale scrapers, ransomware, and more. They usually post links to Virus Total for the samples, and sometimes directly attach samples to the threads. There are a lot of cool anti-malware development projects in the tools/software section as well.
Citizen Lab
Great university lab group focused on computer security and human rights. They get a lot of good scoops on attacks against human rights activists, dissidents, and reporters around the world. In doing so they cover a lot a malware usage by governments.
Lots of fun stuff from Symantec. Too bad they don't typically provide checksums of the described samples for research.
SecureList, Kaspersky Blog
Always good stuff from the kaspersky lab guys.
Woodmann RCE Forums
A very talented community of reverse-engineers/anti-malware researchers. They also have the biggest collection of reverse-engineering tools on the web.
Eric Romang Blog
A good read when he occasionally investigates a zero-day attack in the wild.