Data at risk
This is breach notification, regulatory exposure, and the loss of customer data or intellectual property. These are the known-exploited flaws that let an attacker read, copy, or exfiltrate the data that defines your liability — the deep tail that turns “patch this” into “fund this.”
Headline story
— the highest-newsworthiness path reaching this outcomeMore records reaching data at risk
— ranked by newsworthiness, click through to the full recordRecords where 4 ∈ _narr_stages(r), ordered by _heat(r); the lead is shown above. Counts recomputed deterministically per build.
What this outcome targets
— records reaching data at risk, by attack surfaceFrom build_insights().outcome_surface — the surface×outcome heat-grid, sliced to outcome 4 (reach-to-4). Counts recomputed deterministically per build; basis labeled per the corpus, never per edge.
Who drives this outcome
— named, advisory-backed actors reaching data at riskThe CISA-led joint advisory AA24-190A names APT40 (tracked in ATT&CK as Leviathan) as a PRC Ministry of State Security group that rapidly weaponizes newly public vulnerabilities, naming the ProxyShell Exchange chain, Log4Shell, and Atlassian Confluence CVEs alongside the group.
Reaches this outcome on 1 record · full dossier →
CISA, FBI, and MS-ISAC jointly attribute active exploitation of Citrix Bleed to LockBit 3.0 affiliates, who use the stolen sessions to land, escalate, and deploy ransomware — naming it in a dedicated #StopRansomware advisory.4
Reaches this outcome on 1 record
tier == "confirmed" (advisory-backed) actors appear above; reported/inferred links never headline an outcome.When this outcome got exploited
— KEV additions per year that reach data at riskViolet = records added to CISA KEV that year reaching outcome 4; red overlay = the share that carried on to data-at-risk or lights-out. From build_insights().outcome_timeline, sliced to this outcome.