Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
NIST Ends Full NVD Enrichment β What It Means for Your Vulnerability Management Programme
NIST has announced it will no longer enrich every CVE record in the National Vulnerability Database, shifting to a risk-based model that prioritises only the most critical submissions. With CVE volumes up 263% since 2020 and the NVD backlog now officially unresolvable, security teams that rely on NVD CVSS scores and CPE data for vulnerability prioritisation must urgently adapt their tooling and workflows.
CVE-2026-33826: Windows Active Directory RCE via Crafted RPC Calls β Patch Now
A critical remote code execution flaw in Windows Active Directory allows any authenticated domain user to execute arbitrary code on domain controllers and other AD-joined servers by sending specially crafted RPC calls. Rated CVSS 8.0 and assessed by Microsoft as 'Exploitation More Likely', CVE-2026-33826 poses a serious lateral-movement and domain-compromise risk for every Windows Server environment. The April 2026 Patch Tuesday update provides the only full remediation.
CVE-2026-33824: Critical Windows IKE Service RCE Demands Urgent Patching
A CVSS 9.8 double-free vulnerability in the Windows Internet Key Exchange service allows unauthenticated remote attackers to achieve SYSTEM-level code execution on all supported Windows versions. With no user interaction required and confirmation of pre-patch exploitation, every unpatched Windows host with IKEv2 enabled is at immediate risk. Apply the April 2026 Patch Tuesday update or block UDP ports 500 and 4500 immediately.
CVE-2026-5194: Critical wolfSSL Flaw Enables Certificate Forgery Across 5 Billion Devices
A critical cryptographic validation flaw in wolfSSL, a lightweight TLS library embedded in billions of IoT devices, routers, industrial control systems, and automotive components, allows attackers to present forged X.509 certificates that pass signature verification without a legitimate private key. The vulnerability enables man-in-the-middle attacks and authentication bypass across an enormous installed base. wolfSSL version 5.9.1, released 8 April 2026, provides the fix.
nginx-ui CVE-2026-33032 Actively Exploited β Unauthenticated Full Server Takeover
A critical authentication bypass vulnerability (CVSS 9.8) in the nginx-ui web management interface allows any network attacker to take complete control of the underlying Nginx server without credentials. Over 2,600 instances are internet-exposed and the flaw is being actively exploited. Update to version 2.3.4 immediately.
OpenSSH 10.3 Patches CVE-2026-35385 β SCP Privilege Escalation via Setuid Bit Preservation
OpenSSH 10.3 fixes CVE-2026-35385 (CVSS 7.5), a privilege escalation flaw in the legacy SCP protocol where files downloaded as root without the -p flag may retain their setuid or setgid bits. Any Linux or macOS system with OpenSSH prior to 10.3 and a workflow involving scp downloads as root is affected.
Opinion & Analysis
Commentary
Patch Tuesday Is Not a Patching Programme
Every second Tuesday, the industry runs a collective sprint to triage, test, and deploy hundreds of Microsoft patches before the next cycle begins. We call this a patching programme. It isn't. It's a treadmill β and the real security question is whether we're measuring the right thing.
CipherWatch Editorial
Security Intelligence Platform
Security Awareness Training Is Solving the Wrong Problem
We spend billions every year teaching employees not to click malicious links. The same employees work in environments where clicking a malicious link can collapse the company. The problem isn't the clicking.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
Critical Windows IKE Vulnerability Allows Unauthenticated Remote Takeover of All Windows Servers
A severity-9.8 flaw in Windows networking software allows an attacker on the internet to seize complete control of any unpatched Windows server or workstation with no login credentials required. Microsoft has confirmed the flaw was exploited before the patch was released. All organisations running Windows must apply the April 2026 security update as an emergency measure.
wolfSSL Certificate Forgery Flaw Exposes Billions of Connected Devices to Network Interception
A critical flaw in a widely embedded networking security library allows attackers to present forged digital identity certificates that connected devices accept as genuine, enabling interception and manipulation of supposedly secure communications. The library is present in an estimated 5 billion devices including routers, industrial controllers, and automotive systems. Organisations must audit which of their devices and vendor-supplied equipment are affected.
Critical nginx-ui Flaw Enables Unauthenticated Web Server Takeover β Patch Now
A CVSS 9.8 vulnerability in nginx-ui is being actively exploited, allowing attackers without any credentials to take full control of Nginx web servers. Organisations running nginx-ui as a server management interface should patch immediately or isolate the service from external access.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β