Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
AI Agents Can Autonomously Compromise Cloud Infrastructure With Minimal Human Oversight, Research Finds
New academic research demonstrates that AI agents equipped with common cloud security tools can autonomously identify, chain, and exploit misconfigurations in production-like cloud environments β achieving lateral movement, privilege escalation, and data exfiltration in multi-step attack sequences without human guidance. The findings have direct implications for red team methodologies, cloud security posture management, and the adversarial use of AI-assisted attack tooling.
SentinelLabs Uncovers Fast16 β NSA-Linked OT Sabotage Malware Active Five Years Before Stuxnet
SentinelLabs has published research identifying Fast16, a Lua-based OT sabotage framework compiled in 2005 that predates Stuxnet and is attributed to a US intelligence-linked operation targeting Iranian high-precision calculation software. The discovery rewrites the timeline of state-sponsored ICS sabotage and provides new technical context for understanding the development of destructive OT malware.
FTC: Americans Lost $2.1 Billion to Social Media Scams in 2025 β AI-Enhanced Fraud Doubles Investment Losses
The US Federal Trade Commission's annual consumer fraud report records $2.1 billion in social media scam losses in 2025, a 47% increase from 2024 driven by AI-generated deepfake impersonations, synthetic romance fraud accounts, and AI-personalised investment scam targeting. Investment scams account for 53% of losses at $1.1 billion. The report carries compliance implications for organisations under FTC Section 5 and EU AI Act Article 50 transparency obligations.
Hugging Face LeRobot CVE-2026-25874 β Critical Unpatched RCE via Pickle Deserialization in Unauthenticated gRPC Endpoint
A critical unpatched remote code execution vulnerability in Hugging Face's LeRobot robotics AI framework allows unauthenticated attackers to execute arbitrary code on any server running the gRPC control interface. CVE-2026-25874, rated CVSS 9.3, affects the project's dataset loading and remote control pipeline via Python pickle deserialization. No patch is available; mitigations focus on network isolation.
Medtronic Confirms Data Breach β ShinyHunters Claims 9 Million Medical Device Patient Records Stolen
Medtronic, the world's largest medical device manufacturer, has confirmed a data breach after the ShinyHunters threat actor claimed to have stolen nine million patient records. The breach includes patient names, device serial numbers, implant dates, clinic details, and in some cases diagnostic data from cardiac, diabetes, and spinal device programmes across 150 countries. Regulatory notifications under HIPAA, GDPR, and MDR are expected.
Rituals Cosmetics Discloses Data Breach β Up to 40 Million My Rituals Members' PII Potentially Exposed
Amsterdam-based luxury cosmetics brand Rituals has disclosed a breach of its My Rituals membership platform affecting potentially up to 40 million registered members across its 1,170-plus retail locations in 37 countries. Exposed data includes names, contact details, date of birth, gender, and purchase history. The breach carries significant GDPR obligations as Rituals is headquartered in the EU.
Silk Typhoon Operator Xu Zewei Extradited to US β First MSS Shanghai Bureau Hacker Held Accountable
Xu Zewei, a hacker attributed to the MSS Shanghai Bureau and the Silk Typhoon (formerly Hafnium) APT group, has been extradited from Italy to face US federal charges relating to the theft of COVID-19 vaccine research, defence contractor IP, and financial sector data via Exchange Server zero-days. The extradition marks the first successful prosecution of a Silk Typhoon operator and sends a direct signal to MSS-affiliated cyber operators.
Azure Arc Windows Agent CVE-2026-26117 Lets Low-Privilege Users Escalate to SYSTEM and Seize Cloud-Managed Identity
CVE-2026-26117, a local privilege escalation flaw in the Azure Arc Connected Machine Agent for Windows, allows any domain user on a managed host to escalate to SYSTEM and inherit the host's Azure managed identity β granting access to all Azure resources the machine identity can reach. Microsoft rated the flaw CVSS 7.8; patch immediately given Arc's growing enterprise footprint.
Opinion & Analysis
Commentary
Security Awareness Training Was Built to Spot Bad Phishing β AI Has Made That Irrelevant
The FTC's $2.1 billion social media fraud figure is not a user education failure. It is evidence that the threat model security awareness training was designed for no longer exists. AI-generated fraud does not produce the observable cues our training teaches users to detect β and the industry needs to acknowledge this before it spends another decade on the wrong solution.
CipherWatch Editorial
Security Intelligence Platform
Managed Identity Is the New Local Admin β and Most Enterprises Haven't Noticed
CVE-2026-26117 in the Azure Arc agent is not just a patching story. It reveals that managed identity has quietly become the most powerful unguarded credential in enterprise infrastructure. We dismantled local admin accounts and hardcoded passwords over the past decade β and then rebuilt the same concentration of privilege under a different name, with even less monitoring attached.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
Medtronic Data Breach β 9 Million Patient Records Exposed, Healthcare Operators Face Regulatory Notification Deadlines
Medtronic, the world's largest medical device manufacturer, has confirmed a breach of its patient therapy management platform affecting up to nine million records across 150 countries. Exposed data includes patient identities, implanted device serial numbers, and follow-up care records. Healthcare organisations that share patient data with Medtronic for device management face co-controller obligations under HIPAA and GDPR β notification deadlines are measured in hours to days.
Smart Grid Supplier Itron Breached β Utility Operators Must Assess Supply Chain Exposure Now
Itron, the world's largest smart metering and grid management technology company, has disclosed a breach of its internal IT systems via a mandatory SEC filing. With Itron's infrastructure embedded in over 8,000 utility networks globally, the breach demands immediate action from utility operators to audit vendor access, rotate shared credentials, and verify the integrity of software delivered through Itron's channels.
Russia's GRU Hijacked 18,000 Home Routers to Harvest Microsoft 365 Login Tokens
Russia's military intelligence service operated an 18,000-router network to silently intercept Microsoft 365 authentication tokens from businesses and government agencies across 120 countries. US authorities dismantled US-based infrastructure on April 7 2026, but the campaign continues globally. Organisations with remote workers using home or small-office internet connections should assume Microsoft 365 accounts may have been silently monitored and take immediate steps to invalidate authentication tokens and harden access controls.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β