- A collection of public threat intel reports [0]. Lots of reading though. I did some Splunking on it last year and at least 50% uses phishing for initial access. You could call that a structural vulnerability.
- Exploiting vulnerable public facing stuff is another initial access technique. Here someone collected all the CVEs used by ransomware crews [1].
- VERIS community database [2]. Collection of 8894 security incidents. If you look in the JSON there are some fields describing the vector and the actor.