Watch lots of defcon & blackhat talks. Read papers. Watch the CVE feeds MITRE puts out.

Some of it also depends on the level you're interested in. EG I follow the International Association for Cryptologic Research (iacr.org) for information about cryptographic exploits & developments, but that's generally several steps away from practical use.