Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
Curated security news from across the threat landscape.
Apache ActiveMQ CVE-2026-34197: 13-Year-Old Jolokia API Flaw Enables Unauthenticated RCE
A critical unauthenticated remote code execution vulnerability in Apache ActiveMQ's Jolokia management API allows attackers to execute arbitrary OS commands by invoking a management MBean. CVE-2026-34197 roots in a design flaw present since ActiveMQ 5.x and chains dangerously with CVE-2024-32114. Patches are available in ActiveMQ 6.2.3 and 5.19.4.
BlueHammer Windows LPE Zero-Day Gives Attackers SYSTEM Access β No Patch Available
A publicly disclosed zero-day local privilege escalation vulnerability in Windows Defender's signature-update mechanism allows any authenticated user to escalate to SYSTEM. Named BlueHammer by researchers at Cyderes, the flaw has a working public exploit and no Microsoft patch as of publication. Security teams should implement interim mitigations immediately.
CIRCIA Final Rule Expected May 2026: What Critical Infrastructure Operators Must Do Now
CISA is expected to publish the long-awaited CIRCIA final rule in May 2026, mandating 72-hour cyber incident reporting and 24-hour ransomware payment reporting for critical infrastructure sectors. With weeks remaining, organisations that have not started preparing face significant compliance and legal exposure when the rule takes effect.
CISA Supplemental Direction ED 26-03: How to Hunt for Compromise in Cisco Catalyst SD-WAN
CISA has issued supplemental hunt-and-hardening guidance for Cisco Catalyst SD-WAN systems under Emergency Directive 26-03, providing defenders with specific indicators to look for in environments exposed to CVE-2026-20127 β a CVSS 10.0 authentication bypass exploited since 2023. Organisations running Cisco SD-WAN infrastructure should treat this guidance as a mandatory compromise assessment checklist.
NSA's January 2027 PQC Deadline Is Nine Months Away β Enterprise Migration Is Now Mandatory
With NIST's post-quantum cryptography standards finalised and the NSA's CNSA 2.0 deadline requiring all new National Security System acquisitions to be quantum-resistant by January 2027, the migration window for enterprise and federal contractor environments is closing fast. Most organisations have yet to inventory their cryptographic assets, let alone begin migration.
AI-Powered Device Code Phishing Bypasses MFA at Hundreds of Organisations
A sophisticated phishing campaign is abusing the OAuth device authorisation flow to hijack Microsoft 365 access tokens while victims complete entirely genuine MFA challenges. Hundreds of organisations have been compromised. FIDO2 passkeys block this attack; push notifications, TOTP, and SMS codes do not. Organisations should block the device code grant in Conditional Access immediately.
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
Cisco Discloses Two CVSS 9.8 Vulnerabilities Affecting Enterprise Server and Licence Infrastructure
Cisco has patched two critical unauthenticated remote code execution and authentication bypass flaws in widely-deployed enterprise infrastructure. Organisations running Cisco UCS rack servers or managing software licences on-premises face complete compromise of affected systems if patches are not applied urgently.
North Korean State Actors Poisoned 1,700+ Open-Source Packages Used by Your Development Teams
North Korea's UNC1069 threat group has systematically planted malicious code across five major software package registries, targeting developer credentials, cloud infrastructure tokens, and CI/CD pipeline secrets. Organisations whose development teams install open-source software packages β which is effectively every technology organisation β are in scope.
Microsoft Secure Boot Certificates Expire June 2026 β Enterprise Fleet Action Required Before Deadline
Microsoft's foundational Secure Boot signing certificates expire on 26 June 2026, with the Windows bootloader certificate following in October. Organisations that miss the OEM firmware update window will permanently lose the ability to receive boot-level security patches, leaving systems exposed to UEFI bootkit attacks that survive OS reinstallation. The update process requires OEM firmware coordination and cannot be deferred to the final week.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β