The answer to this is sort of complicated and overblown... Complicated in the sense that usually, there are about a dozen reliable sites with hundreds butchering what the dozens are saying. Make sense?
There are sites like Malwarebytes (http://forums.malwarebytes.org/index.php?showforum=30
) which try very hard but you have to understand the mechanisms of this for a moment:
1) It is mainly malware - however, most malware deployment exploit SOMETHING to get on the machine and continue on
2) The sampling is low in comparison to the actual amount of malware/exploits running around
Now... Sites like Arbor Networks, Shadowserver, groups like MAAWG and a few others have a lot more visibility via way of trending traffic. For example, if all of the sudden there is a spike in traffic to say port 888 right, there is no indicator of any new application using that port, this would be an indicator that something is obviously going on. Many groups have honeypots that will take that data, configure their honeypots to "conform" to become attackable, study what occurred and there you now have it... An instant write up of an "exploit in the wild."
Sometimes people just stumble upon them as well. Rewind to six years ago... I was cleaning up two seriously infected laptops and swore up and down they were each infecting each other via IRFTP. I posted it to a list, spoke with people offlist and dealt with it. (http://osdir.com/ml/security.vulnerabil ... 00002.html
) Long ago were the days when disclosure meant appreciation from vendors to a degree. Nowadays, its turning more and more into "exploits in the wild" because researchers are fed up with companies taking forever and a day to post fixes, conclusion, less reporting, more serious "exploits in the wild."
Want to catch them on your own, set up some honeypots and make them believable. I suggest if you do, search for terms like "Fred Cohen" +deception +honeypot, etc., to find seriously detailed writeups on how to create effective honeypots. I guarantee you that the amount of "exploits in the wild" you can ever dream about will launched against your honeypot. The problem is... Now what? So you have this rogue software that exploited your machine, you need to understand what it does and why, for that, you could check out and tinker with Lenny Zeltser's REMnux or Zerowine. As for specific sites, I tend to follow the noise via the groups I'm on (Shadowserver, NANOG, UNISOG, MAAWG, etc) coupled with network analysis. SANS storm center is somewhat useful as well.