Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
Apache Thrift 0.23.0 Patches Out-of-Bounds Read (CVE-2026-41604) and Node.js Uncontrolled Recursion DoS (CVE-2026-41636)
Apache Thrift 0.23.0 addresses two vulnerabilities: CVE-2026-41604, an out-of-bounds read in the binary protocol parser affecting all language bindings that can crash Thrift-based services and potentially leak memory contents; and CVE-2026-41636, an uncontrolled recursion flaw in the Node.js library that enables remote denial of service via deeply nested Thrift structures. Organisations operating Thrift-based microservices or inter-service RPC should upgrade to 0.23.0.
CISA KEV Additions: Windows Shell Spoofing CVE-2026-32202 and Cisco SD-WAN Sensitive File Exposure CVE-2026-20133
CISA's late-April Known Exploited Vulnerabilities additions include a Windows Shell protection mechanism failure under active exploitation and a Cisco Catalyst SD-WAN Manager flaw allowing unauthenticated access to sensitive OS files. Federal agencies face a May 12 remediation deadline for CVE-2026-32202; enterprise organisations should treat both additions as confirmation of active threat actor interest and patch accordingly.
D-Link DIR-823X Command Injection CVE-2025-29635 Added to CISA KEV β Mirai Botnet Exploiting Actively
CVE-2025-29635, an authenticated command injection in D-Link DIR-823X routers, has been added to CISA's Known Exploited Vulnerabilities catalogue following an active Mirai botnet campaign documented by Akamai. CVSS 7.2 understates the real risk: D-Link DIR-823X reached end of life, meaning no patch will be issued. Organisations with these routers must replace them. Federal deadline: May 19, 2026.
CISA ICS Advisory: Milesight AIOT Cameras Carry Five CVEs Including CVSS 9.8 Hard-Coded SSL Key Flaw
CISA advisory ICSA-26-113-03 covers five vulnerabilities across 18-plus Milesight AIOT camera model families, including a CVSS 9.8 flaw where all devices share a hard-coded factory SSL private key that cannot be changed. An attacker with the key β which is extractable from any unit β can conduct undetectable man-in-the-middle attacks against the entire deployed fleet. Organisations using Milesight cameras in operational technology or physical security environments should isolate these devices immediately.
Spring AI CVE-2026-40978 and CVE-2026-40967 β SQL Injection and Filter Expression Injection in RAG Vector Store Components
Two injection vulnerabilities in Spring AI's vector store integration layer affect AI applications using retrieval-augmented generation pipelines. CVE-2026-40978 (CVSS 8.8) allows SQL injection through the CosmosDB vector store component; CVE-2026-40967 (CVSS 8.6) enables filter expression injection in the FilterExpressionConverter used across multiple backends. Both flaws affect Spring AI 1.0.x and 1.1.x and are patched in 1.1.5.
Spring Boot 4.0 CVE-2026-40976 β Default Security Misconfiguration Exposes All Actuator Endpoints Unauthenticated
CVE-2026-40976 in Spring Boot 4.0.0 through 4.0.5 allows unauthenticated network access to all Spring Boot Actuator management endpoints when applications rely on the default Spring Security auto-configuration but omit the spring-boot-health dependency. Exposed endpoints include heapdump, env, mappings, and loggers β enough to extract secrets and manipulate application behaviour. Upgrade to Spring Boot 4.0.6 or later.
AI Agents Can Autonomously Compromise Cloud Infrastructure With Minimal Human Oversight, Research Finds
New academic research demonstrates that AI agents equipped with common cloud security tools can autonomously identify, chain, and exploit misconfigurations in production-like cloud environments β achieving lateral movement, privilege escalation, and data exfiltration in multi-step attack sequences without human guidance. The findings have direct implications for red team methodologies, cloud security posture management, and the adversarial use of AI-assisted attack tooling.
SentinelLabs Uncovers Fast16 β NSA-Linked OT Sabotage Malware Active Five Years Before Stuxnet
SentinelLabs has published research identifying Fast16, a Lua-based OT sabotage framework compiled in 2005 that predates Stuxnet and is attributed to a US intelligence-linked operation targeting Iranian high-precision calculation software. The discovery rewrites the timeline of state-sponsored ICS sabotage and provides new technical context for understanding the development of destructive OT malware.
Opinion & Analysis
Commentary
The Model Context Protocol's Security Debt Is Already Piling Up
MCP's rapid enterprise adoption has outpaced its security design. The protocol was built to solve an integration problem, not a security one β and the debt is accumulating faster than the ecosystem can audit it.
CipherWatch Editorial
Security Intelligence Platform
Security Awareness Training Was Built to Spot Bad Phishing β AI Has Made That Irrelevant
The FTC's $2.1 billion social media fraud figure is not a user education failure. It is evidence that the threat model security awareness training was designed for no longer exists. AI-generated fraud does not produce the observable cues our training teaches users to detect β and the industry needs to acknowledge this before it spends another decade on the wrong solution.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
Milesight AIOT Camera Fleet: Shared SSL Key Means Every Unit Is Compromised If One Is
CISA advisory ICSA-26-113-03 covers five CVEs in Milesight AIOT network cameras, including a CVSS 9.8 flaw where all cameras in a model family share a single factory-embedded SSL private key. Any attacker who extracts this key β achievable from any unit, including from publicly available firmware β can silently intercept and replace video feeds and steal management credentials across the entire deployed fleet without triggering certificate warnings. Camera firmware patches are available; immediate isolation and patching is required for safety-critical and OT-adjacent deployments.
Medtronic Data Breach β 9 Million Patient Records Exposed, Healthcare Operators Face Regulatory Notification Deadlines
Medtronic, the world's largest medical device manufacturer, has confirmed a breach of its patient therapy management platform affecting up to nine million records across 150 countries. Exposed data includes patient identities, implanted device serial numbers, and follow-up care records. Healthcare organisations that share patient data with Medtronic for device management face co-controller obligations under HIPAA and GDPR β notification deadlines are measured in hours to days.
Smart Grid Supplier Itron Breached β Utility Operators Must Assess Supply Chain Exposure Now
Itron, the world's largest smart metering and grid management technology company, has disclosed a breach of its internal IT systems via a mandatory SEC filing. With Itron's infrastructure embedded in over 8,000 utility networks globally, the breach demands immediate action from utility operators to audit vendor access, rotate shared credentials, and verify the integrity of software delivered through Itron's channels.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β