Not sure if I'm the only one but I've always thought looking up CVEs felt archaic and outdated. I'm also a visual learner so I always wished there was some kind of visual graph that explains the E2E attack chain for me.

So rather than complaining, I built VulnPath as a fun side project. It's a CVE visualization tool where it will not only give you the full CVE data, but also a node graph visualizing the attack chain. I also added a "Simple" toggle for situations where you may need to explain the vulnerability to a less technical audience.

I honestly just want to know if this is something other people would find useful, or if I'm solving a problem that only bothers me. Please feel free to check it out; any feedback/suggestions are welcome (including if you think this is a terrible idea lol).

Note: the webapp isn't really mobile friendly (for now), so apologies in advance!

As usual, in-depth sample analysis on linked files

Find PoCs related to CVEs.

At the same time, CVEs are analyzed using AI, and additional context is provided—such as whether they are pre-auth and which versions are affected.

I analyzed 80 cybersecurity incident disclosures from SEC filings (primarily 8-K) and tagged them using a structured taxonomy of threat types (ransomware, data theft, insider, supply chain, etc.).

The goal was to see whether consistent patterns emerge from public incident reporting.

Key observations:

• ~72% of companies report significant operational disruption or incomplete recovery
• 50% of incidents involve data theft or data exposure
• Financial services is the most represented sector in disclosed incidents
• Only ~18% explicitly mention cyber insurance

Full dataset and breakdown:
[https://www.dukesecurity.ai/incidents]()

Feel free to browse and explore additional incidents in the dataset.

A phishing technique to obtain NetNTLM hash from archive extraction in windows.

Seems like Microsoft patched it rather poorly, so it might be still viable.

Was presented at BsidesLjubljana March 2026.

See linked files on same repo for further details