I'm talking about NTBugtraq and SecurityFocus' BugTraq mailing list. The former is obviously centered on Windows bugs (including security), the latter is for all operating systems and applications - so there might be too much "chatter" for the average Windows administrator / programmer on that one. However, being on those lists can come in handy when nasty security bugs or even zero day exploits are announced.