Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
Anthropic's Claude Mythos AI Discovers Thousands of Zero-Days Across Every Major OS β Project Glasswing Offers Private Access
Anthropic's specialised vulnerability-hunting AI, Claude Mythos, has systematically discovered thousands of zero-day vulnerabilities across Windows, macOS, Linux, and major browsers β including a 17-year-old NFS RCE in FreeBSD and a 27-year-old OpenBSD denial-of-service. Project Glasswing provides private early access to Microsoft, Google, Apple, and select others. The implications for enterprise risk governance are immediate.
Microsoft Issues Emergency Patch for ASP.NET Core DataProtection Key Exposure β CVE-2026-40372
A critical security regression in Microsoft.AspNetCore.DataProtection (CVSS 9.1) introduced in .NET 10.0.0 causes encryption keys to leak on Linux deployments. Applications using cookie authentication, anti-forgery tokens, or TempData are at immediate risk. Update to .NET 10.0.7 now.
Cohere Terrarium AI Sandbox Escape β CVSS 9.3 WebAssembly Flaw Allows Root Code Execution on Host
CVE-2026-5752 (CVSS 9.3) in Cohere Terrarium allows an attacker to escape the Pyodide WebAssembly sandbox via JavaScript prototype chain traversal, achieving root code execution on the host Node.js process. Organisations running AI code execution environments should patch immediately and network-isolate these workloads.
Everest Ransomware Claims Citizens Bank Breach β 380 GB Including 250,000 SSNs and 3.4 Million Records
The Everest ransomware group claims to have stolen 380 GB of Citizens Bank customer data via a third-party vendor, including 250,000 Social Security Numbers and 3.4 million banking records. Citizens attributes the breach to a vendor, not its core systems β but regulatory notification obligations apply regardless.
Google Antigravity AI Coding Assistant Had Two Chained Vulnerabilities β Prompt Injection to RCE and Reinstall-Surviving Backdoor
Mindgard researchers discovered two vulnerabilities in Google's Antigravity AI coding assistant: a prompt injection via the find_by_name tool that bypasses Strict Mode to achieve code execution, and a persistent backdoor via workspace trust that survives reinstallation of the IDE extension. Google has patched both; update immediately and audit workspace trust settings.
ShinyHunters Claims Breaches at Zara, Carnival, and 7-Eleven β Extortion Deadline Set
Prolific threat actor ShinyHunters posted simultaneous claims of data theft from Inditex/Zara, Carnival Corporation, and 7-Eleven on dark web forums on 21 April, threatening to publish stolen datasets. None of the companies has confirmed the breaches. Given ShinyHunters' track record, claims should be treated as credible pending investigation.
Opinion & Analysis
Commentary
AI Has Learned to Find Bugs Faster Than We Can Fix Them
Claude Mythos discovering thousands of zero-days confirms what was already theoretically obvious: AI vulnerability research is orders of magnitude faster than human-paced remediation. The industry's response β private disclosure programmes β is a delay mechanism, not a solution to the structural asymmetry between discovery speed and patch deployment speed.
CipherWatch Editorial
Security Intelligence Platform
The Shared Responsibility Model Is a Liability Shield, Not a Security Framework
McGraw Hill's statement that its Salesforce breach 'appears to be part of a broader issue involving a misconfiguration within Salesforce's environment' exposes what the shared responsibility model actually is: a contractual arrangement that tells you who to blame after a breach, not a security control that prevents one.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
Emergency .NET 10 Patch Required β DataProtection Key Leak Exposes Enterprise Web Application Sessions
A critical security flaw in Microsoft's .NET 10 framework (CVE-2026-40372, CVSS 9.1) has caused encryption keys protecting web application sessions to be exposed on Linux servers since November 2025. Any organisation running .NET 10 web applications on Linux must apply an emergency patch and rotate all session keys immediately.
Everest Ransomware Claims Citizens Bank Data via Vendor β 250,000 SSNs and 3.4 Million Banking Records Allegedly Stolen
The Everest ransomware group claims to have stolen 380 GB of Citizens Bank customer data including 250,000 Social Security Numbers and 3.4 million banking records through a third-party vendor breach. Under GLBA and NYDFS regulations, Citizens bears breach notification obligations regardless of vendor attribution. Regulatory timelines may already be running.
Critical Cisco Webex SSO and Identity Services Engine Vulnerabilities Require Immediate Action
Four critical Cisco vulnerabilities patched April 15 demand urgent enterprise response. CVE-2026-20184 (CVSS 9.8) enables unauthenticated user impersonation in Webex β Cisco's cloud fix is insufficient without administrator action. Three ISE vulnerabilities at CVSS 9.9 allow read-only admins to achieve root code execution on the network access control system underpinning enterprise segmentation.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β