Threat graph
Start from an entity and see only what connects to it — nothing else is drawn. Pick a starting point (search, or an entity below); the graph renders its direct neighbourhood, and grows only where you take it: double-click any node to pull in that node's connections (or widen the reach to 2 hops / the full connected graph). Solid edges are curated relationships — typed, source-stated connections ("attributed to", "uses", "exploits", …), each citing the entry that establishes it. Dashed edges are derived — entities referenced by the same focused operational entry, or an entity and a CVE carried by the same entry (weekly summaries, outlooks and report roundups never create derived edges). Click a node for its detail panel; shift-click a second node to trace the shortest path between them.
398 entities · 61 CVEs · 210 techniques · 75 curated relations · 123 derived edges · edge model: docs/pipeline.md § Relationships
Nothing is drawn until you pick a starting point — search above, or pick one of the most-connected entities below. The view then shows everything connected to it.
Start from a well-connected entity
Opens the graph seeded on that entity — its direct neighbourhood first; grow it node by node from there.
- ShinyHunters
- Akira
- TeamPCP
- Qilin
- Mini Shai-Hulud
- Secret Blizzard
- Nightmare Eclipse
- Nightmare Eclipse Windows zero-day series
- Scattered Spider
- Fox Tempest
- INC Ransom
- Sparx Enterprise Architect five-CVE chain
- The Gentlemen
- DragonForce
- Gamaredon
- Joomla extension file-upload RCE wave
- Microsoft DCU Fox Tempest disruption
- MuddyWater
- Poland energy-sector destructive attack (29 December 2025)
- RoguePlanet