// #platform-security

2 articles

CVE-2026-45247's CISA KEV status means organisations running Mirasvit Full Page Cache Warmer are now under a federal mandate to remediate — and should be asking whether their eCommerce platform inventory is accurate enough to comply. Magento deployments often span multiple versions, extension states, and customisation layers that make attack surface visibility a genuine challenge.

Jun 5, 2026 #magento +6

⚖️ Risk Mgmt

ITSM Platform Security Governance: Why ServiceNow, Jira, and Freshservice Are High-Value Targets

The ServiceNow API breach this week highlights a category of platform that organisations consistently underestimate as an attack target: IT Service Management tools. ITSM platforms aggregate privileged information about the organisation's infrastructure, credentials, and operational processes — making them a high-value target and a high-consequence breach.

Jun 2, 2026 #servicenow +7

Commentary tagged #platform-security

Opinion

AI Platforms Inherited the npm Trust Model and Its Problems Are Arriving on Schedule

A fake OpenAI repository reached #1 trending on Hugging Face and delivered an infostealer to 244,000 users. This was predictable. The AI/ML developer ecosystem adopted the open-publishing, community-trust model of package registries without adopting the hard-won security lessons those registries learned over the past decade. The attack surface Hugging Face presents in 2026 looks remarkably like the attack surface npm presented in 2016.

CipherWatch Editorial

Security Intelligence Platform

May 9, 2026

Magento and eCommerce Platform Security: Knowing What You Run and What You Owe Customers

ITSM Platform Security Governance: Why ServiceNow, Jira, and Freshservice Are High-Value Targets

Commentary tagged #platform-security

AI Platforms Inherited the npm Trust Model and Its Problems Are Arriving on Schedule