Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines — from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
Europol Dismantles AudiA6 Cryptocurrency Laundering Service That Processed €336M+ for Ransomware Gangs
Europol, in coordination with German BKA, Dutch FIOD, and Lithuanian law enforcement, has dismantled AudiA6 — a professional cryptocurrency money laundering service that processed more than €336 million in criminal proceeds for ransomware groups including Conti, REvil, and BlackCat/ALPHV. Seven individuals have been arrested across three countries and the service's infrastructure seized.
The Gentlemen Ransomware Hits Mackay Sugar — Mill Operations Shut Down as OT Systems Disrupted
The Gentlemen ransomware group has claimed an attack on Mackay Sugar, Australia's second-largest sugar producer, causing the shutdown of mill crushing operations during the critical harvest season. The attack disrupted operational technology systems controlling sugar processing at two mills in Queensland, representing a significant escalation of The Gentlemen group's targeting of OT-dependent industrial operations.
Novo Nordisk Discloses Breach of Clinical Trial Participant Data — Ozempic and GLP-1 Research Records Exposed
Danish pharmaceutical giant Novo Nordisk has disclosed a cybersecurity incident in which attackers gained unauthorised access to IT systems holding personal data of clinical trial participants, including individuals enrolled in GLP-1 receptor agonist trials for Ozempic and Wegovy. The breach raises significant regulatory concerns under EU clinical trial data protection requirements and the ICH GCP framework governing trial participant data handling.
Oracle PeopleSoft CVE-2026-35273 (CVSS 9.8): ShinyHunters Exploit Zero-Day to Breach University Student Records at Scale
A critical zero-day vulnerability in Oracle PeopleSoft Campus Solutions — CVE-2026-35273, CVSS 9.8 — has been exploited by the ShinyHunters threat group to breach student record systems at multiple universities across the US, UK, and Australia. The flaw allows unauthenticated attackers to bypass authentication in the PeopleSoft web application layer, granting direct access to student enrolment, financial aid, and academic records.
PAN-OS GlobalProtect CVE-2026-0257 (CVSS 9.3): Authentication Bypass Exploited Against Government and Critical Infrastructure
Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a critical authentication bypass in the GlobalProtect gateway that allows an unauthenticated attacker to establish VPN sessions as arbitrary users. CISA has added the flaw to the Known Exploited Vulnerabilities catalogue, and Palo Alto's Unit 42 has observed exploitation targeting government and critical infrastructure networks since at least 12 June.
SimpleHelp Remote Support: New OIDC Flaw Lets Unauthenticated Attackers Create Rogue Privileged Technician Accounts
A new authentication vulnerability in SimpleHelp Remote Support — distinct from the path traversal and privilege escalation flaws patched earlier in 2026 — allows an unauthenticated attacker to exploit a flaw in the OIDC single sign-on implementation to create privileged technician accounts with full remote session capabilities. SimpleHelp has released emergency patches; exploitation has been observed in the wild.
Dell DSA-2026-239: CVE-2026-23856 Privilege Escalation in iDRAC9 Exposes PowerEdge Server Management Plane
Dell has patched a high-severity privilege escalation vulnerability in the iDRAC9 remote management controller affecting PowerEdge servers across multiple generations. CVE-2026-23856, rated CVSS 8.8, allows a low-privileged authenticated attacker to escalate to Administrator rights on the iDRAC management plane — granting control over server power, firmware, BIOS settings, and virtual console access outside the scope of the host operating system.
Fortinet FortiSandbox CVE-2026-25089 (CVSS 9.8): Unauthenticated Command Injection in Web Management UI
Fortinet has patched a critical command injection vulnerability in FortiSandbox that allows an unauthenticated remote attacker to execute arbitrary system commands through the web management interface. CVE-2026-25089, rated CVSS 9.8, requires no credentials to exploit and affects FortiSandbox versions through 5.4.5 — a particularly sensitive target given the appliance's privileged role in malware analysis.
Opinion & Analysis
Commentary
Your Most Trusted Tool Is Now Your Biggest Blind Spot: The RMM Security Problem
The SimpleHelp OIDC authentication bypass is the latest in a consistent pattern: remote monitoring and management tools — the software your IT team uses to fix problems — have become one of the primary entry points for sophisticated attackers. The reason is structural, and it won't be solved by patching one vendor at a time.
CipherWatch Editorial
Security Intelligence Platform
Your Internal Package Mirror Is Not a Supply Chain Defence
The Miasma supply chain campaign — which compromised publisher credentials to inject malicious code into legitimate packages including the Red Hat npm namespace — exposes a fundamental gap in how most organisations think about dependency security. Internal package mirrors provide real value against several attack classes, but credential compromise of legitimate publishers is not one of them.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language — financial exposure, regulatory obligations, and board-ready summaries.
CRITICAL: PAN-OS VPN Flaw CVE-2026-0257 Actively Exploited — Attackers Gaining Silent Network Access
A critical vulnerability in Palo Alto Networks GlobalProtect VPN — the primary remote access gateway for thousands of enterprises — allows attackers to bypass login controls entirely and gain access to internal corporate networks without credentials. Exploitation is confirmed and ongoing, with government agencies and critical infrastructure operators among identified victims. Immediate patching is required.
CRITICAL: Ivanti Sentry CVE-2026-10523 + CVE-2026-10520 Chain Enables Complete MDM Gateway Compromise
Two critical Ivanti Sentry vulnerabilities — CVE-2026-10523 (CVSS 9.9, auth bypass) and CVE-2026-10520 (CVSS 10.0, pre-auth RCE) — chain to enable complete unauthenticated takeover of the Sentry MDM gateway. Organisations that applied the initial patch for CVE-2026-10520 remain exposed through CVE-2026-10523. Immediate upgrade to 9.19.0 required.
CIO Brief: Ivanti Sentry CVE-2026-10520 (CVSS 10.0) — Mobile Management Gateway Actively Under Attack
Ivanti Sentry carries a CVSS 10.0 pre-authentication remote code execution vulnerability being actively exploited in the wild. Ivanti Sentry is deployed as an internet-facing mobile device management gateway — any organisation using Sentry for mobile email and application access is exposed. Upgrade to Sentry 9.19.1 immediately.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more — so you stay ahead of the threat curve.
Learn how it works →