Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
ADT Confirms Customer Data Breach After ShinyHunters Vishing Attack on Help Desk
ADT, the US home and business security monitoring provider, has confirmed a data breach after ShinyHunters used voice phishing to social-engineer a support employee into granting access to customer management systems. Names, phone numbers, and account data were exfiltrated. The incident underlines how thoroughly attackers have made help desk social engineering a standard tool.
CISA Adds Four Exploited Flaws to KEV β SimpleHelp RMT and Samsung MagicINFO Head New Additions
CISA's Known Exploited Vulnerabilities catalogue has grown by four entries including critical flaws in SimpleHelp remote management tooling and Samsung's MagicINFO digital signage platform. Federal agencies face a May 2026 remediation deadline. Enterprise operators of RMM tools and display infrastructure should treat these as urgent.
Critical Flaw in CrowdStrike Falcon LogScale and High-Severity Nessus Bug Patched β Security Tooling Vulnerabilities Demand Rapid Response
CrowdStrike has patched a critical SSRF vulnerability in Falcon LogScale, its SIEM and log management platform, while Tenable has addressed a privilege escalation flaw in Nessus. Security tooling vulnerabilities are among the most consequential: a compromised SIEM or vulnerability scanner has privileged visibility across the entire environment it monitors.
FIRESTARTER Backdoor Persists on Cisco Firepower Devices After Patching β Federal Agency Confirmed Victim
A joint CISA and NCSC advisory reveals FIRESTARTER, a sophisticated backdoor implanted on Cisco FTD and ASA firewalls that survives firmware updates and reimaging. At least one US federal agency is a confirmed victim. Defenders must verify device integrity rather than assume patching closed the access.
LMDeploy RCE Vulnerability CVE-2026-33626 Weaponised in the Wild 13 Hours After Disclosure
A critical remote code execution flaw in LMDeploy, a widely used LLM inference serving framework, was exploited in active attacks just 13 hours after public disclosure. Organisations running self-hosted AI inference infrastructure must treat these platforms with the same urgency as any internet-exposed web application server β because attackers already do.
Microsoft Entra Passkeys Rolling Out to All Windows Devices β Phishing-Resistant MFA Now Generally Available
Microsoft has begun rolling out Entra passkey support to managed, unmanaged, and shared Windows devices, with general availability set for mid-June 2026. Passkeys close the credential-phishing gap that conventional passwords, SMS codes, and TOTP leave open, and enterprise deployment is now achievable at scale through existing Conditional Access policies.
Opinion & Analysis
Commentary
The 13-Hour Problem: Your AI Inference Infrastructure Is Already a Tier-One Target
LMDeploy was exploited 13 hours after its RCE vulnerability was disclosed. Langflow took 20 hours. Marimo lasted days. The pattern is not bad luck β it is the predictable consequence of treating AI inference infrastructure as development tooling while exposing it like a production web server. The window for getting ahead of this has closed.
CipherWatch Editorial
Security Intelligence Platform
AI Inference Frameworks Are a First-Class Attack Surface β and Most Enterprises Are Treating Them Like Research Tools
Two critical AI inference framework vulnerabilities disclosed this week β one exploited within 13 hours, one scoring CVSS 9.8 β reveal an uncomfortable truth: the AI toolchain has become enterprise infrastructure, but most security programmes are still treating it like a research curiosity. That gap is now being actively exploited.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
FIRESTARTER Backdoor Confirmed on US Federal Cisco Firewalls β Patching Alone Does Not Remove the Implant
A joint CISA and NCSC advisory confirms that sophisticated attackers have implanted a backdoor on Cisco Firepower and ASA firewalls that survives firmware updates and reimaging. At least one US federal agency is a confirmed victim. Organisations must run vendor-provided integrity checks β not just apply patches β to confirm their devices are clean.
Microsoft's Cloud Identity Platform Had a CVSS 10.0 Vulnerability β And Patched It Silently
A perfect-score SSRF vulnerability in Microsoft Entra ID Entitlement Management β the governance layer controlling access requests to Azure resources and Microsoft 365 β was disclosed and confirmed patched by Microsoft. No customer action is required. But the disclosure raises a governance question organisations cannot avoid: how do you detect exploitation of a vulnerability in cloud infrastructure you cannot inspect?
Critical Microsoft Bing Vulnerability Allows Unauthenticated Remote Takeover β Apply April Patches Immediately
A maximum-severity vulnerability in Microsoft Bing allows attackers with no account or credentials to take full control of affected systems over the internet. Microsoft has released a patch as part of April 2026 updates β all organisations should apply immediately and verify that enterprise search infrastructure is updated.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β