Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
CISA Adds Eight CVEs to KEV: PaperCut, JetBrains TeamCity, and Cisco SD-WAN Actively Exploited
CISA's April 20 Known Exploited Vulnerabilities addition is the largest single-day batch this month, confirming active exploitation across enterprise print management, CI/CD pipelines, content management, and Cisco SD-WAN infrastructure. The batch spans CVE publication years from 2023 to 2026, demonstrating that unpatched legacy vulnerabilities continue to be weaponised alongside newly disclosed flaws. Federal agencies face a BOD 22-01 remediation deadline, and private sector organisations should treat these as immediate prioritisation signals.
Four Critical Cisco Flaws: Webex SSO User Impersonation (CVSS 9.8) and ISE Root Code Execution (CVSS 9.9)
Cisco patched four critical vulnerabilities across Webex Services and Identity Services Engine. CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user via crafted SSO tokens. Three ISE flaws at CVSS 9.9 let read-only admins execute arbitrary commands as root. Webex deployments with SSO require urgent manual action β Cisco's cloud fix is not sufficient without administrator intervention.
Public Exploit Released for Critical FortiSandbox RCE (CVE-2026-39808, CVSS 9.1) β Unauthenticated Root Access
A public proof-of-concept exploit has been released for CVE-2026-39808, a critical OS command injection vulnerability in Fortinet FortiSandbox that allows unauthenticated attackers to execute arbitrary commands as root via a single HTTP request. A companion authentication bypass flaw (CVE-2026-39813) affects the same versions. Patch to FortiSandbox 4.4.9 or 5.0.6 immediately.
Two Unpatched Windows Defender Zero-Days (RedSun + UnDefend) Actively Exploited β No Fix Available
A security researcher released two additional Windows Defender zero-days β RedSun and UnDefend β after Microsoft failed to patch them. RedSun exploits Defender's cloud file rollback mechanism to achieve SYSTEM privileges on all supported Windows versions. UnDefend silently prevents Defender from updating its threat signatures. Both are confirmed exploited in the wild, and neither has a patch or assigned CVE.
Vercel Confirms Breach via Compromised AI Tool β Developer Environment Variables and Credentials Exposed
Cloud deployment platform Vercel has confirmed a breach traced to a Lumma infostealer infection at Context.ai, a third-party AI tool used by a Vercel employee. Attackers used the stolen Google Workspace OAuth access to reach Vercel's internal environments, exposing environment variables and a limited set of customer credentials. ShinyHunters is claiming responsibility and demanding $2 million for the stolen data.
McGraw Hill Confirms 13.5 Million Account Breach After ShinyHunters Exploits Salesforce Misconfiguration
Education publisher McGraw Hill has confirmed a data breach affecting 13.5 million accounts after the ShinyHunters cybercriminal group threatened to publish 45 million Salesforce records. The breach stemmed from a misconfiguration within Salesforce's environment β one McGraw Hill acknowledges is part of a broader issue affecting multiple organisations. Over 100GB of data has been publicly released.
Opinion & Analysis
Commentary
The Shared Responsibility Model Is a Liability Shield, Not a Security Framework
McGraw Hill's statement that its Salesforce breach 'appears to be part of a broader issue involving a misconfiguration within Salesforce's environment' exposes what the shared responsibility model actually is: a contractual arrangement that tells you who to blame after a breach, not a security control that prevents one.
CipherWatch Editorial
Security Intelligence Platform
Patch Tuesday Is Not a Patching Programme
Every second Tuesday, the industry runs a collective sprint to triage, test, and deploy hundreds of Microsoft patches before the next cycle begins. We call this a patching programme. It isn't. It's a treadmill β and the real security question is whether we're measuring the right thing.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
Critical Cisco Webex SSO and Identity Services Engine Vulnerabilities Require Immediate Action
Four critical Cisco vulnerabilities patched April 15 demand urgent enterprise response. CVE-2026-20184 (CVSS 9.8) enables unauthenticated user impersonation in Webex β Cisco's cloud fix is insufficient without administrator action. Three ISE vulnerabilities at CVSS 9.9 allow read-only admins to achieve root code execution on the network access control system underpinning enterprise segmentation.
Two Unpatched Windows Defender Zero-Days Actively Exploited β No Microsoft Fix Available
RedSun and UnDefend are two unpatched zero-day vulnerabilities in Windows Defender that are actively exploited in real attacks. RedSun escalates any local user to SYSTEM; UnDefend silently prevents Defender from receiving threat intelligence updates. Both affect all supported Windows versions and remain fully exploitable after April Patch Tuesday.
Ransomware Group Uses Virtual Machines to Operate Invisibly Inside Enterprise Networks
The Payouts King ransomware operation, linked to former BlackBasta affiliates, deploys a legitimate QEMU virtual machine on compromised Windows hosts to conduct credential theft and data exfiltration in a zone where endpoint security cannot see. The technique directly defeats EDR investment and is now actively used in attacks. Organisations must extend detection beyond endpoint telemetry.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β