Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
AMD Discloses Elevation of Privilege Vulnerability in Zen 2 Micro-Op Cache β Microcode and Firmware Updates Required
AMD has disclosed an elevation-of-privilege vulnerability in the micro-op cache of Zen 2 processors, where a low-privileged process can exploit speculative execution behaviour to access privileged memory content. Full remediation requires microcode updates delivered via OEM BIOS firmware. Zen 3 and later generations are not affected. Dell PowerEdge EPYC Rome servers and AMD EPYC Rome cloud instances require priority attention.
Fortinet Patches Critical Vulnerabilities in FortiAuthenticator and FortiSandbox β Enterprise SSO and Security Infrastructure at Risk
Fortinet released patches for critical vulnerabilities in FortiAuthenticator and FortiSandbox as part of the May 2026 patch cycle. FortiAuthenticator flaws can enable authentication bypass and session manipulation in enterprise SSO deployments, while FortiSandbox issues affect the analysis platform. Apply patches immediately given Fortinet's established exploitation history.
Microsoft May 2026 Patch Tuesday Fixes 120 Vulnerabilities β No Zero-Days but Wormable RCEs Demand Immediate Action
Microsoft released 120 security fixes in May's Patch Tuesday update, including 17 Critical-rated vulnerabilities and no actively exploited zero-days. Among the most significant are a network-based Windows DNS Client RCE and an authenticated SharePoint Server RCE. Security teams should prioritise network-facing systems within 48 hours.
SAP May 2026 Security Patch Day: Critical SQL Injection in S/4HANA and Unauthenticated RCE in Commerce Cloud
SAP's May 2026 Security Patch Day addresses 14 vulnerabilities including two Critical-rated flaws: a SQL injection in S/4HANA Enterprise Search (CVE-2026-34260, CVSS 9.6) and an unauthenticated remote code execution in Commerce Cloud's Spring Security configuration (CVE-2026-34263, CVSS 9.6). Organisations running SAP ERP or e-commerce infrastructure should patch immediately.
SharePoint Server RCE and Office Preview Pane Vulnerabilities Fixed in May Patch Tuesday β Enterprise Document Attack Surface Elevated
May's Patch Tuesday patches an authenticated RCE in SharePoint Server (CVE-2026-40365) and multiple Office vulnerabilities exploitable via the Windows Explorer and Outlook preview pane without opening files. Together they represent a significant enterprise document attack surface. Assess SharePoint exposure and validate Office update deployment this week.
TanStack npm Supply Chain Attack: GitHub Actions OIDC Token Hijack Used to Publish 84 Malicious Package Versions
Attackers exploited a GitHub Actions misconfiguration in the TanStack project to publish 84 malicious versions of popular React ecosystem packages to the npm registry. The attack chained a Pwn Request misconfiguration, workflow cache poisoning, and runtime OIDC token theft to operate under TanStack's trusted publisher identity.
Windows DNS Client RCE CVE-2026-41096: Attacker-Controlled DNS Servers Can Trigger Memory Corruption on All Windows Versions
CVE-2026-41096 in the Windows DNS Client allows an attacker controlling a DNS server to send a crafted response that triggers memory corruption on any Windows system performing standard DNS resolution. No user interaction or authentication is required, and the flaw affects all supported Windows versions. Patch network-facing systems within 24 hours.
Australia ACSC Warns of ClickFix Campaign Delivering Vidar Infostealer β Fake CAPTCHA Bypass Technique Targeting Enterprise Users
The Australian Cyber Security Centre has issued a warning about an active ClickFix social engineering campaign delivering Vidar infostealer malware. ClickFix presents victims with fake CAPTCHA or browser-fix dialogs that instruct them to run PowerShell commands, bypassing standard malware delivery defences. The campaign has been observed across multiple Australian industry sectors.
Opinion & Analysis
Commentary
The 'No Zero-Days' Headline Is Teaching Defenders the Wrong Lesson About Patch Tuesday
Every month that Microsoft's Patch Tuesday contains no actively exploited zero-days, security coverage softens and patching urgency drops. This framing optimises for the wrong signal β it measures whether attackers have already acted, not whether they are about to. May's Patch Tuesday has 120 vulnerabilities including a wormable DNS RCE, but the dominant headline will be the absence of zero-days.
CipherWatch Editorial
Security Intelligence Platform
The Risk Calculus Changed Today
Google's confirmation of the first AI-developed zero-day used in live exploitation is not a warning about the future. It is a statement about the present. The security industry's habit of treating AI-assisted exploitation as a 'horizon threat' just ran out of runway.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
Microsoft May 2026 Patch Tuesday: 120 Vulnerabilities Including Wormable Network RCE Require Urgent Action
Microsoft's May 2026 update cycle addresses 120 security vulnerabilities, 17 rated Critical, including a wormable Remote Code Execution flaw in the Windows DNS Client that requires no user interaction. This release affects every Windows version in enterprise service. Security and IT leadership should authorise emergency patching of network-facing systems within 24 hours.
ShinyHunters Breach Canvas LMS β University Login Portals Defaced Across US, UK, Australia in Mass Extortion Campaign
Hackers exploited a vulnerability in Canvas LMS β the learning management platform used by over 5,000 universities and school districts globally β to deface university login portals with ransom demands visible to students and staff. The operator of Canvas, Instructure, has confirmed the breach and issued emergency patches. Student and faculty personal data was also exposed. Educational institutions running Canvas should apply the emergency patch and begin FERPA/GDPR notification assessments immediately.
CVSS 10.0 Vulnerability in Industrial IoT Platform Allows Unauthenticated Takeover of OT-Connected Systems
A maximum-severity (CVSS 10.0) vulnerability in Eclipse BaSyx β industrial automation software used to connect IT and manufacturing systems under Industry 4.0 programmes β allows an internet-accessible attacker to take complete control of the software and the systems it is connected to, without any credentials. A companion vulnerability allows the attacker to probe the manufacturing network from the internet, bypassing network controls. Organisations running BaSyx as part of smart factory or Industry 4.0 programmes must patch immediately.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β