Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines — from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
CISA KEV June 2026 Tracker: Vulnerability Additions, BOD 22-01 Deadlines, and Remediation Priorities
The CISA Known Exploited Vulnerabilities catalogue added three entries in the first week of June 2026, including the Oracle WebLogic deserialization vulnerability (CVE-2024-21182) and the Mirasvit Magento RCE (CVE-2026-45247). This tracker consolidates the June additions with their remediation deadlines and documents the patch availability status for each.
DBIR 2026 Identity Chapter: Credential Theft Remains Dominant, MFA Bypass Techniques Accelerating
The identity and credential findings from Verizon's 2026 DBIR show that stolen credentials remain the most common enabler of breaches across all sectors, used in 44% of analysed incidents. More troubling: the DBIR documents a significant increase in MFA bypass techniques — adversary-in-the-middle phishing toolkits, SIM swapping, and push notification fatigue attacks that defeat MFA as commonly deployed.
Magento and eCommerce Platform Security: Knowing What You Run and What You Owe Customers
CVE-2026-45247's CISA KEV status means organisations running Mirasvit Full Page Cache Warmer are now under a federal mandate to remediate — and should be asking whether their eCommerce platform inventory is accurate enough to comply. Magento deployments often span multiple versions, extension states, and customisation layers that make attack surface visibility a genuine challenge.
Verizon DBIR 2026: Vulnerability Exploitation Surpasses Phishing as Top Initial Access Vector — Enterprise Implications
Verizon's 2026 Data Breach Investigations Report, published mid-May, documents a structural shift in breach methodology: vulnerability exploitation has overtaken phishing as the most common initial access pathway in analysed breaches. The shift reflects a maturing attacker ecosystem that increasingly uses automated exploit delivery rather than requiring human interaction. Enterprise security programmes built around phishing awareness need recalibration.
CVE-2026-46243 and the CIFS Attack Surface: Network-Layer Hardening for Linux SMB Environments
CVE-2026-46243 exploits a flaw in the Linux kernel CIFS client subsystem reachable from local shell access. But the broader CIFS/SMB attack surface extends beyond this single CVE — SMB signing enforcement, unauthenticated share access, and uncontrolled NTLM relay paths are network-level risks that compound the impact of any CIFS kernel vulnerability. This article covers network hardening for Linux environments that use SMB/CIFS mounts.
Healthcare Ransomware and Identity: The IAM Controls That Limit Gentelman's Blast Radius
The Gentelman ransomware group gains initial access through RMM vulnerabilities, but its ability to encrypt an entire healthcare network depends on how identity and access management is configured. Strong IAM controls — privileged access segmentation, MFA enforcement on administrative accounts, and service account restrictions — significantly limit what a ransomware operator can encrypt once inside the perimeter.
Magento Extension Supply Chain Risk: CVE-2026-45247 and the Third-Party Plugin Attack Surface
CVE-2026-45247 in the Mirasvit Full Page Cache Warmer illustrates a structural security problem in the Magento ecosystem: eCommerce site security is determined not just by the core platform version, but by every third-party extension installed. This guide covers how to assess and reduce the Magento extension attack surface.
Healthcare Ransomware Business Continuity: Prioritising Recovery When Clinical Systems Go Down
When ransomware hits a healthcare organisation, the recovery sequence matters as much as the containment response. Clinical systems have dependencies that make naive 'restore in alphabetical order' approaches catastrophic. This guide covers healthcare-specific BCP prioritisation for ransomware recovery, including the clinical dependency chain that drives sequencing decisions.
Opinion & Analysis
Commentary
The Third-Party Plugin Is the Perimeter Now — Magento Today, Your Stack Next
CVE-2026-45247 in the Mirasvit Magento extension continues a pattern that security teams have been watching for years: the attack surface of any complex platform is not defined by the core platform's security — it is defined by every third-party component installed on it. This is not a Magento problem. It is an architecture problem that affects every enterprise platform stack.
CipherWatch Editorial
Security Intelligence Platform
CVE-2026-46243 and the Enterprise Linux Kernel Patch Lag Problem
The 19-year latency of CVE-2026-46243 makes headlines. What is less discussed is the operational lag between 'patch available' and 'patch applied' across enterprise Linux fleets. Distribution advisories are published. Patched kernels hit repositories. And then organisations schedule the reboots — often weeks later. CVE-2026-46243 is not unusual in its severity; it is unusual in making the patch lag visible.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language — financial exposure, regulatory obligations, and board-ready summaries.
Gentelman Ransomware Surges Against Healthcare — 15 Victims in 72 Hours
A ransomware group known as Gentelman (Storm-2697) has recorded at least 15 confirmed victims in healthcare and professional services between 1 and 3 June 2026. The attack chain exploits unpatched remote management tools. Healthcare organisations with internet-exposed remote access software should audit and patch immediately.
CRITICAL: Oracle WebLogic CVE-2024-21182 on CISA KEV — Ransomware Delivery Confirmed, Federal Deadline June 4
CISA added CVE-2024-21182 to the KEV on 1 June as honeypots confirm ransomware delivery via Oracle WebLogic T3/IIOP unauthenticated code execution. Despite a patch being available since January 2024, unpatched WebLogic deployments are being actively targeted. Organisations running WebLogic 12.2.1.4.0 or 14.1.1.0.0 must patch immediately.
CRITICAL: Windows Netlogon CVE-2026-41089 — Unauthenticated Domain Controller RCE, Active Exploitation Confirmed
CVE-2026-41089 (CVSS 9.8) allows an unauthenticated attacker to execute code as SYSTEM on Windows domain controllers via a stack overflow in the Netlogon service. Belgium's CCB confirmed active exploitation on 29 May. A successful exploit provides full Active Directory domain compromise. Patch all domain controllers immediately.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more — so you stay ahead of the threat curve.
Learn how it works →