Lights out
Downtime, ransom demands, safety risk wherever firmware and OT are in play, and reputational damage that outlasts the outage. These are the known-exploited flaws that let an attacker halt your operations or hold them for ransom — the deepest, smallest, most consequential tail.
Headline story
— the highest-newsworthiness path reaching this outcomeMore records reaching lights out
— ranked by newsworthiness, click through to the full recordRecords where 5 ∈ _narr_stages(r), ordered by _heat(r); the lead is shown above. Counts recomputed deterministically per build.
What this outcome targets
— records reaching lights out, by attack surfaceFrom build_insights().outcome_surface — the surface×outcome heat-grid, sliced to outcome 5 (reach-to-5). Counts recomputed deterministically per build; basis labeled per the corpus, never per edge.
Who drives this outcome
— named, advisory-backed actors reaching lights outCISA, FBI, and MS-ISAC jointly attribute active exploitation of Citrix Bleed to LockBit 3.0 affiliates, who use the stolen sessions to land, escalate, and deploy ransomware — naming it in a dedicated #StopRansomware advisory.4
Reaches this outcome on 1 record
tier == "confirmed" (advisory-backed) actors appear above; reported/inferred links never headline an outcome.When this outcome got exploited
— KEV additions per year that reach lights outViolet = records added to CISA KEV that year reaching outcome 5; red overlay = the share that carried on to data-at-risk or lights-out. From build_insights().outcome_timeline, sliced to this outcome.