Recommended security blogs in the field of anti-virus, anti-malware, reverse-engineering and vulnerability research. I highly recommend subscribing by RSS to these security feeds.
XyliBox
http://www.xylibox.com/
Hands down the best security blog out there. Xylitol is always kicking some serious malware ass. He has embedded himself in all the major underground forums, regularly breaks into malware C&C panels, reverses a lot of cool malware, and kicks some ass.
XyliBox
http://www.xylibox.com/
His blog is so good that I'm listing him twice.
Krebs on Security
http://krebsonsecurity.com/
The best investigative security researcher.
AlienVault Labs
http://labs.alienvault.com/labs/
Great vulnerability and investigative work. They are always on the ball when reporting on all the latest 0days in the wild.
Contagio
http://contagiodump.blogspot.ca/
Posts really good collections of higher profile malware attacks, as well as analysis to go with it. Look here for samples to download from the latest 0day attacks, flamer, apt0, etc.
Didier Stevens
http://blog.didierstevens.com/
Posts a lot of useful reverse-engineering tools.
Malware don't need Coffee
http://malware.dontneedcoffee.com/
By being embedded in a lot of the underground forums, the author posts about new versions of exploit kits, zeus, and ransomware. He censors his images on his blog too much though.
Kernel Mode Forums
http://www.kernelmode.info/forum/
Great community of anti-malware enthusists. There are threads set up for tracking each of the major sample groups, as well as categories like point of sale scrapers, ransomware, and more. They usually post links to Virus Total for the samples, and sometimes directly attach samples to the threads. There are a lot of cool anti-malware development projects in the tools/software section as well.
Citizen Lab
https://citizenlab.org/
Great university lab group focused on computer security and human rights. They get a lot of good scoops on attacks against human rights activists, dissidents, and reporters around the world. In doing so they cover a lot a malware usage by governments.
Symantec
http://www.symantec.com/connect/symantec-blogs/sr
Lots of fun stuff from Symantec. Too bad they don't typically provide checksums of the described samples for research.
SecureList, Kaspersky Blog
http://www.securelist.com/en/blog
Always good stuff from the kaspersky lab guys.
Woodmann RCE Forums
http://www.woodmann.com/forum/forum.php
A very talented community of reverse-engineers/anti-malware researchers. They also have the biggest collection of reverse-engineering tools on the web.
Eric Romang Blog
http://eromang.zataz.com/
A good read when he occasionally investigates a zero-day attack in the wild.