Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
GNU SASL CVE-2026-48829: DIGEST-MD5 Parser Crash Affects Enterprise Mail Servers and LDAP Stacks
A NULL pointer dereference in GNU SASL's DIGEST-MD5 authentication mechanism (CVE-2026-48829, CVSS 7.5) allows a remote attacker to crash any service using GNU SASL for DIGEST-MD5 authentication by sending a malformed authentication token. Debian and other distribution security advisories published 24 May. Services affected include Postfix, Cyrus IMAP, and LDAP servers using SASL for authentication.
SASL Authentication Security in Enterprise Mail Servers: Deprecating DIGEST-MD5 and Hardening SMTP AUTH
The GNU SASL CVE-2026-48829 DIGEST-MD5 crash is a reminder that legacy authentication mechanisms in enterprise mail infrastructure carry risk that is often invisible to security teams. A structured review of SASL mechanism configuration in Postfix, Dovecot, and Exchange environments can eliminate entire vulnerability classes while improving authentication security.
UniFi OS Bulletin 064 Post-Disclosure Forensics: Detecting Compromise on Ubiquiti Controllers
Two days after Ubiquiti published Security Bulletin 064 with three CVSS 10.0 vulnerabilities, security teams should be confirming that patches have applied and hunting for indicators of pre-patch compromise. This guide covers the specific log sources, indicators, and commands available on UniFi OS devices for detecting exploitation activity.
Linux Kernel CVE-2026-43503: Networking skbuff Frag-Transfer Bug Causes Memory Corruption β CVSS 8.8
Linux kernel stable branch patches published 23 May address CVE-2026-43503, a CVSS 8.8 memory corruption vulnerability in two networking helper functions that incorrectly handle the SKBFL_SHARED_FRAG flag during fragment transfers. The bug affects the skb_shift and __pskb_copy_fclone functions across multiple kernel versions and can be triggered by crafted network traffic on affected configurations.
WishList Member WordPress Plugin: Four CVSS 8.8 Vulnerabilities Enable Subscriber-to-Admin Escalation on 100,000+ Sites
Wordfence published advisories for four CVSS 8.8 authorization failure vulnerabilities in WishList Member, a WordPress membership plugin with 100,000+ active installs, on 23 May 2026. Subscriber-level authenticated attackers can exploit the flaws to escalate to administrator access, read sensitive member data, and modify arbitrary site content. Patches are available.
WordPress Plugin Security Is an Enterprise Problem That Keeps Getting Treated as a Web Developer Problem
Four CVSS 8.8 vulnerabilities in a 100,000-install WordPress plugin β discoverable by any registered member with a subscriber account β highlight the structural mismatch between how WordPress CMS security is governed in enterprise organisations and the actual risk it carries. Membership sites, intranet portals, and course platforms built on WordPress process regulated data and host privileged access, but rarely receive enterprise-grade security governance.
Enterprise Wi-Fi Security Assessment: Evaluating Ubiquiti UniFi Against Enterprise-Grade Alternatives After Bulletin 064
The three CVSS 10.0 vulnerabilities in Ubiquiti UniFi OS Bulletin 064 prompt a broader question: how does UniFi's security posture, vendor support, and enterprise control plane architecture compare to traditional enterprise Wi-Fi vendors? A structured assessment framework helps organisations evaluate whether UniFi is appropriate for their specific threat model.
Golang crypto/ssh Mass Advisory: Nine CVEs Including CVSS 10.0 Re-Opened SSH Auth Bypass Affect Enterprise DevOps Infrastructure
The Go security team published a coordinated batch of nine CVE fixes for the golang.org/x/crypto SSH library on 22 May, including CVE-2026-46595 (CVSS 10.0), which re-opens a previously patched SSH authentication bypass for services using non-public-key authentication callbacks. Enterprise environments using Go-based SSH tooling, CI/CD pipelines, Kubernetes components, and cloud management tooling are affected.
Opinion & Analysis
Commentary
UniFi in the Enterprise: When Prosumer Infrastructure Carries Production Risk
Three CVSS 10.0 vulnerabilities in Ubiquiti UniFi OS this week exposed a gap that has widened quietly over a decade: the growing presence of prosumer-grade networking in environments carrying enterprise data. The security posture of UniFi was not designed for the scrutiny those environments require.
CipherWatch Editorial
Security Intelligence Platform
WordPress Plugin Vulnerabilities Keep Hitting Enterprise Sites That Don't Know They're Enterprise Sites
Four CVSS 8.8 flaws in a 100,000-install WordPress membership plugin. The subscriber-to-admin escalation is technically straightforward. The real problem is not the code β it is that these WordPress deployments exist outside the security governance perimeter of the organisations that run them.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
Three Maximum-Severity Security Flaws Discovered in Ubiquiti Network Management Software β Update Required Immediately
Ubiquiti has disclosed three maximum-severity (CVSS 10.0) security vulnerabilities in UniFi OS β the management software that controls Ubiquiti Wi-Fi access points, switches, and network gateways. Attackers with network access to the management interface can gain full administrative control without any password. Organisations using Ubiquiti UniFi equipment must apply updates immediately.
VPN Security Alert: Attackers Bypassing Palo Alto Networks VPN Passwords in Second Active Exploitation Wave
Attackers are actively bypassing password authentication on Palo Alto Networks GlobalProtect VPN systems without needing valid credentials. CISA has added the vulnerability to its mandatory patch list. Organisations using GlobalProtect VPN must apply patches immediately; all systems that have been internet-facing while on vulnerable software versions should be forensically reviewed for prior access.
AI Knowledge Base Software Has a Maximum-Severity Security Flaw β No Fix Available
A maximum-severity vulnerability has been disclosed in ChromaDB, one of the most widely used software components for building AI systems that access company knowledge bases and documents. Attackers can gain full control of the ChromaDB server without any login credentials, accessing all documents stored for the AI system. No fix is currently available. 73% of internet-exposed ChromaDB instances are affected.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β