Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
April Patch Tuesday Bug Crashes LSASS on PAM-Enabled Domain Controllers β No Fix Yet
KB5082063, Microsoft's April 2026 cumulative update, is causing LSASS to crash on non-Global Catalog domain controllers in Privileged Access Management environments, triggering unrecoverable reboot loops that take down Active Directory authentication. Microsoft has confirmed the issue across all Windows Server versions from 2016 to 2025 and is developing a corrected update, but none is available yet.
CISA Confirms Active Exploitation of Windows Task Host Privilege Escalation CVE-2025-60710 β Four Public Exploits Available
A link-following flaw in the Windows Host Process for Tasks allows any local user to escalate to SYSTEM privileges. Patched in November 2025, CVE-2025-60710 has been confirmed as actively exploited β CISA added it to the Known Exploited Vulnerabilities catalogue on 13 April with a 27 April federal deadline. Four public proof-of-concept exploits are now freely available on GitHub.
NIST Ends Full NVD Enrichment β What It Means for Your Vulnerability Management Programme
NIST has announced it will no longer enrich every CVE record in the National Vulnerability Database, shifting to a risk-based model that prioritises only the most critical submissions. With CVE volumes up 263% since 2020 and the NVD backlog now officially unresolvable, security teams that rely on NVD CVSS scores and CPE data for vulnerability prioritisation must urgently adapt their tooling and workflows.
Standard Bank Breach: 1.2TB of Client Data β Including Credit Card Details β Published Online
A threat actor claiming to have spent three weeks inside Standard Bank's network has published approximately 1.2TB of stolen data online, including client names, national identity numbers, account details, and a subset of credit card numbers. One of Africa's largest banks, Standard Bank operates across more than 20 countries and holds significant international exposure. The double-extortion attack pattern and lessons for database-layer monitoring are directly relevant to financial services defenders globally.
CVE-2026-33826: Windows Active Directory RCE via Crafted RPC Calls β Patch Now
A critical remote code execution flaw in Windows Active Directory allows any authenticated domain user to execute arbitrary code on domain controllers and other AD-joined servers by sending specially crafted RPC calls. Rated CVSS 8.0 and assessed by Microsoft as 'Exploitation More Likely', CVE-2026-33826 poses a serious lateral-movement and domain-compromise risk for every Windows Server environment. The April 2026 Patch Tuesday update provides the only full remediation.
CVE-2026-33824: Critical Windows IKE Service RCE Demands Urgent Patching
A CVSS 9.8 double-free vulnerability in the Windows Internet Key Exchange service allows unauthenticated remote attackers to achieve SYSTEM-level code execution on all supported Windows versions. With no user interaction required and confirmation of pre-patch exploitation, every unpatched Windows host with IKEv2 enabled is at immediate risk. Apply the April 2026 Patch Tuesday update or block UDP ports 500 and 4500 immediately.
Opinion & Analysis
Commentary
Patch Tuesday Is Not a Patching Programme
Every second Tuesday, the industry runs a collective sprint to triage, test, and deploy hundreds of Microsoft patches before the next cycle begins. We call this a patching programme. It isn't. It's a treadmill β and the real security question is whether we're measuring the right thing.
CipherWatch Editorial
Security Intelligence Platform
Security Awareness Training Is Solving the Wrong Problem
We spend billions every year teaching employees not to click malicious links. The same employees work in environments where clicking a malicious link can collapse the company. The problem isn't the clicking.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
April Patch Tuesday Defect Triggers Authentication Outage on PAM Domain Controllers
KB5082063 causes LSASS to crash on non-Global Catalog domain controllers in PAM-enabled environments, creating unrecoverable reboot loops that take Active Directory authentication offline. No corrected update is available. All organisations with PAM-enabled AD must immediately pause KB5082063 deployment on domain controllers and engage Microsoft Support if affected DCs are already looping.
Critical Windows IKE Vulnerability Allows Unauthenticated Remote Takeover of All Windows Servers
A severity-9.8 flaw in Windows networking software allows an attacker on the internet to seize complete control of any unpatched Windows server or workstation with no login credentials required. Microsoft has confirmed the flaw was exploited before the patch was released. All organisations running Windows must apply the April 2026 security update as an emergency measure.
wolfSSL Certificate Forgery Flaw Exposes Billions of Connected Devices to Network Interception
A critical flaw in a widely embedded networking security library allows attackers to present forged digital identity certificates that connected devices accept as genuine, enabling interception and manipulation of supposedly secure communications. The library is present in an estimated 5 billion devices including routers, industrial controllers, and automotive systems. Organisations must audit which of their devices and vendor-supplied equipment are affected.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β