Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
nginx-ui CVE-2026-33032 Actively Exploited β Unauthenticated Full Server Takeover
A critical authentication bypass vulnerability (CVSS 9.8) in the nginx-ui web management interface allows any network attacker to take complete control of the underlying Nginx server without credentials. Over 2,600 instances are internet-exposed and the flaw is being actively exploited. Update to version 2.3.4 immediately.
OpenSSH 10.3 Patches CVE-2026-35385 β SCP Privilege Escalation via Setuid Bit Preservation
OpenSSH 10.3 fixes CVE-2026-35385 (CVSS 7.5), a privilege escalation flaw in the legacy SCP protocol where files downloaded as root without the -p flag may retain their setuid or setgid bits. Any Linux or macOS system with OpenSSH prior to 10.3 and a workflow involving scp downloads as root is affected.
ShinyHunters Leaks 78.6M Rockstar Records β The Real Story Is Anodot's Access
ShinyHunters has released 78.6 million records stolen from Rockstar Games, following the company's refusal to pay a ransom by the April 14 deadline. The breach did not involve Rockstar's own systems: attackers compromised Anodot, a third-party SaaS analytics vendor with direct access to Rockstar's Snowflake data warehouse. No player records were exposed, but the incident illustrates the persistent enterprise risk of SaaS vendor data access.
Microsoft Closes APT29's Favourite Phishing Door With New RDP File Protections
The April 2026 Windows update introduces mandatory security warnings and redirections-blocked-by-default for RDP connection files, directly countering the technique used by APT29 and other threat actors to silently redirect local drives and harvest credentials. Organisations using Windows 10 and 11 should confirm the KB is deployed.
Google Patches Fourth Chrome Zero-Day of 2026 β CVE-2026-5281 Use-After-Free in WebGPU
Google has patched CVE-2026-5281, a use-after-free vulnerability in Chrome's Dawn WebGPU implementation that is being actively exploited in the wild. This is the fourth Chrome zero-day exploited in attacks in 2026. CISA added it to the KEV catalogue on 1 April with a deadline of 15 April for federal agencies. Update to Chrome 146.0.7680.177/178.
Fortinet FortiClient EMS Zero-Day CVE-2026-35616 Actively Exploited β Emergency Hotfix Available
A pre-authentication remote code execution zero-day in Fortinet FortiClient Enterprise Management Server (CVE-2026-35616, CVSS 9.1) has been under active exploitation since 31 March 2026, ahead of Fortinet's advisory. CISA added it to the KEV catalogue on 6 April with a federal deadline of 9 April. An emergency hotfix is available without requiring system downtime.
Opinion & Analysis
Commentary
Patch Tuesday Is Not a Patching Programme
Every second Tuesday, the industry runs a collective sprint to triage, test, and deploy hundreds of Microsoft patches before the next cycle begins. We call this a patching programme. It isn't. It's a treadmill β and the real security question is whether we're measuring the right thing.
CipherWatch Editorial
Security Intelligence Platform
Security Awareness Training Is Solving the Wrong Problem
We spend billions every year teaching employees not to click malicious links. The same employees work in environments where clicking a malicious link can collapse the company. The problem isn't the clicking.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
Critical nginx-ui Flaw Enables Unauthenticated Web Server Takeover β Patch Now
A CVSS 9.8 vulnerability in nginx-ui is being actively exploited, allowing attackers without any credentials to take full control of Nginx web servers. Organisations running nginx-ui as a server management interface should patch immediately or isolate the service from external access.
Rockstar Games Breach Exposes the SaaS Vendor Access Risk Every CISO Should Address
ShinyHunters stole 78.6 million records from Rockstar Games without touching Rockstar's own systems β they compromised a third-party analytics vendor that held persistent access to Rockstar's cloud data warehouse. The same access model exists in most large enterprises and represents a significant unmanaged exposure.
SharePoint Zero-Day Added to CISA KEV Before Patch Exists β Action Required Today
CISA has added an actively exploited SharePoint Server vulnerability (CVE-2026-32201) to its Known Exploited Vulnerabilities catalogue while no vendor patch exists. Microsoft's fix arrives in tomorrow's Patch Tuesday. Boards and security leaders face a rare decision: implement compensating controls now, or accept a confirmed zero-day exposure overnight.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β