Authoritative evidence
CISA KEV confirms observed exploitation. NVD and GitHub advisories identify and describe vulnerabilities. Vendor advisories and original research provide primary evidence.
Null Lattice is a discovery and situational-awareness system. It does not treat every public statement as fact—or popularity as importance.
CISA KEV confirms observed exploitation. NVD and GitHub advisories identify and describe vulnerabilities. Vendor advisories and original research provide primary evidence.
Security publications and community discovery channels add context and early signals. Details may evolve and should be checked against the linked report.
Leak-site and ransomware entries are allegations. Inclusion does not confirm compromise, attribution, or data theft.
Government advisories, vulnerability databases, original research, vendor labs, independent reporting, public disclosures, exploit indexes, community discovery, primary software releases, and adversary-claim aggregators are polled on scheduled intervals, normalized, deduplicated, and retained as an observation archive. “First seen” means first observed by Null Lattice—not necessarily when an incident occurred.
The public feed is balanced across publishers before display. A fast or high-volume source cannot consume the whole page: the newest item from each active publisher is selected before a second item is taken from any publisher. This is presentation balancing, not evidence corroboration.
CVSS describes technical severity. EPSS estimates the probability of exploitation activity in the next 30 days. CISA KEV confirms evidence of exploitation in the wild. Public exploit or proof-of-concept status comes from linked advisory evidence and is labeled separately from confirmed exploitation.
Null Lattice reserves “zero-day reported” for a source explicitly reporting exploitation before or without an available fix. It is an attributed report—not automatic confirmation. “Disclosure watch,” “public exploit,” and “known exploited” remain separate states so uncertainty is not flattened into one dramatic label.
Known exploitation receives greater weight than public exploit evidence, high EPSS probability, technical severity, reporting, and adversary claims. Claim cards open an internal dossier first; an originating public aggregator is retained only as explicitly labeled evidence. Null Lattice does not direct visitors to criminal leak infrastructure.
Scores summarize volume and recency of claims and reporting. They are comparative indicators, not forecasts, breach confirmations, or assessments of national capability.
Public cyber reporting changes quickly. Direct source links remain attached so readers can inspect context. Production deployment should include a published corrections and takedown process.