This dashboard aggregates real-time threat intelligence from three authoritative public sources: CISA's Known Exploited Vulnerabilities catalog, NIST's National Vulnerability Database, and URLhaus's malware URL feed. Security teams use threat intelligence feeds to prioritize patching, detect active threats, and block malicious infrastructure.

CISA Known Exploited Vulnerabilities (KEV)

The CISA KEV catalog contains vulnerabilities that have been confirmed as actively exploited in the wild. Unlike the broader CVE database, KEV entries represent confirmed exploitation — not just theoretical risks. CISA requires federal agencies to patch KEV vulnerabilities within strict timelines (typically 2 weeks for critical, 6 months for other severities). Organizations should treat KEV entries as highest-priority remediation targets, as exploitation is already occurring across the threat landscape.

NVD CVE Feed

The National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data. Each CVE (Common Vulnerabilities and Exposures) entry includes CVSS scores, affected products, and remediation guidance. CVSS v3.1 scores range from 0.0 to 10.0, with Critical ≥ 9.0, High 7.0–8.9, Medium 4.0–6.9, and Low 0.1–3.9. The NVD processes CVEs published by MITRE and enriches them with scoring, enumeration, and fix data.

URLhaus Malware Feed

URLhaus, operated by abuse.ch, tracks URLs that are actively distributing malware. Security teams use URLhaus data to block malicious domains at the firewall/proxy level, enrich SIEM alerts, and identify compromised hosting infrastructure. The feed includes the malware family, URL status (online/offline), and reporter tags. URLs marked "online" represent active threats requiring immediate blocking. URLhaus data is widely integrated into threat intelligence platforms including MISP and OpenCTI.

Live Attack Map

The cyber attack visualization simulates the global threat landscape using representative data patterns based on known attack traffic distributions. Major attack sources include CN, RU, US, BR, and KR. Common targets are enterprise networks, financial institutions, and government infrastructure worldwide. Real-time attack maps from providers like Kaspersky, Akamai, and Norse use actual sensor data from their networks — this visualization uses representative simulation for educational purposes.

How to Use This Data

For operational security: cross-reference CVE IDs with your asset inventory to identify exposure. Prioritize CISA KEV entries above all other vulnerabilities. Add URLhaus domains to your DNS/web proxy blocklist. For the CVSS score, focus on Critical and High severity with network-accessible attack vectors — these represent the highest risk to internet-facing infrastructure.