Skip to content
The Nexus
For threat-intel & security teams

Ransomware postings, exploited CVEs, and breach reporting — tracked from the primary sources, daily.

Threat-intel analysts and security leaders need the leak-site postings, the actively-exploited vulnerabilities, and the advisories before they surface on a tech blog — synthesized, timestamped, and cited back to the source.

1,647actively-exploited vulnerabilities (CISA KEV)
2,712ransomware victim postings tracked
23,217live malware IOCs (abuse.ch ThreatFox)
114,684CVEs indexed
Live counts from the Nexus corpus. Updated continuously.
Every claim is cited

Each line links to the primary source. Read the original yourself.

No verdicts

We never label a claim true or false. We show what the sources reported.

Corrections surfaced, not buried

When an outlet corrects its own story, we catch it — and show you, without spin.

The corpus

The primary sources you already check — in one place

Recent ransomware activity
Recently exploited vulnerabilities
Recent malware IOCs (via abuse.ch ThreatFox)
Recent CISA advisories
CISA Advisory WatchSynthesis by The Nexus

What CISA is warning about

The current threat landscape reflects persistent, multi-front pressure on critical infrastructure and enterprise networks from state-sponsored and state-affiliated actors. China-nexus actors are leveraging covert networks of compromised devices for global espionage [AA26-113A, AA25-239A], while Iranian-affiliated actors are actively exploiting programmable logic controllers across U.S. critical infrastructure [AA26-097A] and Russian GRU is targeting Western logistics entities and technology companies [AA25-141A]. Ransomware operations remain a sustained disruptive threat, with Interlock actors and campaigns exploiting unpatched SimpleHelp RMM tooling to compromise downstream providers [AA25-203A, AA25-163A], and LummaC2 infostealer deployments are enabling broad data exfiltration across sectors [AA25-141A]. Pro-Russia hacktivists continue opportunistic attacks against U.S. and global critical infrastructure [AA25-343A], underscoring that both sophisticated nation-state intrusions and lower-sophistication hacktivist activity are simultaneously targeting the same high-value environments.

Each advisory links to the CISA original. The agency’s own findings, distilled. No verdicts.

In practice

How a workflow runs

01

Track an actor or campaign

Watchlist a ransomware group, threat actor, CVE, or your own vendors. Get alerted when a new leak-site posting, advisory, or piece of reporting lands — without refreshing five dashboards.

02

Prioritize what's real

See which vulnerabilities are confirmed exploited (CISA KEV) alongside the reporting, so you can separate the genuinely urgent from the noise.

03

Synthesize the picture

Pull a cited briefing across leak sites, advisories, enforcement, and news for an actor or sector — every claim links to where it came from.

Cross-source, timestamped, and cited — The Nexus shows you what the sources reported and links you straight to them. No hype, no verdicts: you assess the threat.