Your data
Threat landscape
Exercises are sharpest when the attacker is real too. The Threat landscape page shows what's actively targeting organizations right now — distilled weekly from public advisories, every claim cited — and turns any current threat into your next exercise in one click.
Where the landscape comes from
Every week, simler reads public threat sources and distills them into threat cards:
- CISA and NCSC-NL advisories — the campaign narratives: who the actor is, whom they target, and how they operate.
- Ransomware leak-site activity— which groups are claiming victims right now; you'll see it as a "victims claimed" signal on the card.
- MITRE ATT&CK — every attack chain is verified against the official technique taxonomy, from initial access to impact.
Every claim cited
Ranked for your organization
Cards that meaningfully match your organization carry a "For you" line explaining exactly why: your sector is targeted, a system from your profile is named in the campaign, the actor is active in your region. The explanation is composed only from factors that actually matched — the platform never invents relevance. The more complete your organization profile, the sharper the match.
Click any card's attack chain to open the full MITRE ATT&CK breakdown: each technique, in order, with what the actor does at that step.
From threat to exercise
Exercise this— on a threat card or on your dashboard — starts a new simulation with that threat as the adversary model: the scenario follows the actor's real attack chain and tempo, and injects carry their documented traits. One boundary is absolute: the threat is real; the incident is fiction. Your organization plays the fictional victim, and no real victim, ransom amount, or incident date from the advisory ever appears in your exercise.
The scenario overview records which advisory grounded the exercise, and the debrief states which threat and techniques your team was tested against — so your exercise history shows you train on current threats, not templates.