Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Trending Topics
Latest Intelligence
Recent Articles
Curated security news from across the threat landscape.
CISA Adds Ivanti EPMM CVE-2026-1340 to KEV β Federal Patch Deadline Today
CISA has added CVE-2026-1340, a critical unauthenticated remote code execution flaw in Ivanti Endpoint Manager Mobile, to the Known Exploited Vulnerabilities catalogue with a federal agency deadline of 11 April. The vulnerability chains with CVE-2026-1281 to enable full appliance takeover and has been actively exploited since January 2026. All organisations running Ivanti EPMM on-premises must patch immediately.
NIS2 Moves From Grace Period to Enforcement β Germany's BSI Registration Deadline Is Now
Eighteen months after the NIS2 transposition deadline, EU member states are moving from legislative implementation to active supervisory enforcement. Germany's BSI has set April 2026 as the registration deadline for essential and important entities under the national NIS2 implementation (NIS2UmsuCG). Organisations still treating NIS2 as a future requirement face immediate regulatory exposure as national competent authorities begin audit and penalty activity.
Apache ActiveMQ CVE-2026-34197: 13-Year-Old Jolokia API Flaw Enables Unauthenticated RCE
A critical unauthenticated remote code execution vulnerability in Apache ActiveMQ's Jolokia management API allows attackers to execute arbitrary OS commands by invoking a management MBean. CVE-2026-34197 roots in a design flaw present since ActiveMQ 5.x and chains dangerously with CVE-2024-32114. Patches are available in ActiveMQ 6.2.3 and 5.19.4.
BlueHammer Windows LPE Zero-Day Gives Attackers SYSTEM Access β No Patch Available
A publicly disclosed zero-day local privilege escalation vulnerability in Windows Defender's signature-update mechanism allows any authenticated user to escalate to SYSTEM. Named BlueHammer by researchers at Cyderes, the flaw has a working public exploit and no Microsoft patch as of publication. Security teams should implement interim mitigations immediately.
CIRCIA Final Rule Expected May 2026: What Critical Infrastructure Operators Must Do Now
CISA is expected to publish the long-awaited CIRCIA final rule in May 2026, mandating 72-hour cyber incident reporting and 24-hour ransomware payment reporting for critical infrastructure sectors. With weeks remaining, organisations that have not started preparing face significant compliance and legal exposure when the rule takes effect.
CISA Supplemental Direction ED 26-03: How to Hunt for Compromise in Cisco Catalyst SD-WAN
CISA has issued supplemental hunt-and-hardening guidance for Cisco Catalyst SD-WAN systems under Emergency Directive 26-03, providing defenders with specific indicators to look for in environments exposed to CVE-2026-20127 β a CVSS 10.0 authentication bypass exploited since 2023. Organisations running Cisco SD-WAN infrastructure should treat this guidance as a mandatory compromise assessment checklist.
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
Critical Ivanti MDM Vulnerability Puts Every Managed Device at Risk
A critical unauthenticated remote code execution vulnerability in Ivanti Endpoint Manager Mobile (EPMM) is being actively exploited. CISA has mandated federal agencies patch by 11 April. A compromised MDM platform exposes the management layer for an organisation's entire mobile device fleet β including device certificates, VPN credentials, and configuration profiles pushed to thousands of employee devices.
Cisco Discloses Two CVSS 9.8 Vulnerabilities Affecting Enterprise Server and Licence Infrastructure
Cisco has patched two critical unauthenticated remote code execution and authentication bypass flaws in widely-deployed enterprise infrastructure. Organisations running Cisco UCS rack servers or managing software licences on-premises face complete compromise of affected systems if patches are not applied urgently.
North Korean State Actors Poisoned 1,700+ Open-Source Packages Used by Your Development Teams
North Korea's UNC1069 threat group has systematically planted malicious code across five major software package registries, targeting developer credentials, cloud infrastructure tokens, and CI/CD pipeline secrets. Organisations whose development teams install open-source software packages β which is effectively every technology organisation β are in scope.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β