Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
Azure IoT Central Privilege Escalation via Sensitive Data Exposure β CVSS 9.9
A CVSS 9.9 privilege escalation vulnerability in Azure IoT Central exposes sensitive platform data allowing authenticated low-privilege attackers to gain administrative control. April 2026 Patch Tuesday addressed the flaw β audit IoT Central role assignments and rotate provisioning credentials now.
CISA Adds Quest KACE (CVSS 10.0), Kentico Xperience, and Zimbra ZCS to Known Exploited Vulnerabilities β Federal Deadline May 4
CISA's April 2026 KEV additions include a CVSS 10.0 unauthenticated SQL injection in Quest KACE Systems Management Appliance, active exploitation of Kentico Xperience CMS, and Zimbra Collaboration Suite vulnerabilities. Federal agencies have a May 4 remediation deadline; enterprise organisations should treat confirmed KEV additions as indicators of active attacker tooling and prioritise these systems immediately.
26 Fake Crypto Wallet Apps Found on Apple App Store Harvesting Mnemonic Seed Phrases
Researchers have discovered 26 malicious applications that bypassed Apple's App Store review and actively harvest cryptocurrency wallet seed phrases from victims. Users who installed any suspect app should rotate all wallet credentials immediately β mnemonic phrase compromise results in permanent, irreversible asset loss.
KTransformers AI Inference Framework Exposes Unauthenticated RCE via Pickle Deserialization β CVSS 9.8
CVE-2026-26210 is a CVSS 9.8 pre-authentication RCE in KTransformers, a popular AI inference acceleration framework. The scheduler's ZMQ ROUTER socket binds to all interfaces with no authentication and deserialises arbitrary pickle payloads β any network-reachable host can execute code on the inference server.
Microsoft Bing Remote Code Execution via Deserialization β CVSS 10.0 Patch Now
A critical CVSS 10.0 unauthenticated RCE vulnerability in Microsoft Bing allows attackers to execute arbitrary code over the network via unsafe deserialization. Patched in April 2026 Patch Tuesday β update immediately.
Microsoft Entra ID Entitlement Management SSRF (CVE-2026-35431, CVSS 10.0) β Cloud IAM Attack Surface Disclosed Before Silent Server-Side Fix
A perfect-score SSRF vulnerability in Microsoft Entra ID Entitlement Management allowed unauthenticated network-accessible exploitation of Microsoft's cloud identity governance platform. Microsoft patched it server-side with no customer action required, but the disclosure surfaces a structural question enterprise security teams need to answer: how do you monitor for exploitation of a vulnerability in infrastructure you don't control?
Opinion & Analysis
Commentary
AI Inference Frameworks Are a First-Class Attack Surface β and Most Enterprises Are Treating Them Like Research Tools
Two critical AI inference framework vulnerabilities disclosed this week β one exploited within 13 hours, one scoring CVSS 9.8 β reveal an uncomfortable truth: the AI toolchain has become enterprise infrastructure, but most security programmes are still treating it like a research curiosity. That gap is now being actively exploited.
CipherWatch Editorial
Security Intelligence Platform
TeamPCP Has Now Hit Every Developer Distribution Channel. The Pipeline Is the Perimeter.
In six weeks, one supply chain threat group has successfully backdoored GitHub Actions, PyPI, npm, Docker Hub, and the VS Code Marketplace. The security industry's response has been to treat each incident as a separate patching problem. It isn't. It's a systematic demonstration that the developer distribution stack has no defence-in-depth, and that the security controls the industry has built β SCA, SBOM, SAST β operate at entirely the wrong layer.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
Microsoft's Cloud Identity Platform Had a CVSS 10.0 Vulnerability β And Patched It Silently
A perfect-score SSRF vulnerability in Microsoft Entra ID Entitlement Management β the governance layer controlling access requests to Azure resources and Microsoft 365 β was disclosed and confirmed patched by Microsoft. No customer action is required. But the disclosure raises a governance question organisations cannot avoid: how do you detect exploitation of a vulnerability in cloud infrastructure you cannot inspect?
Critical Microsoft Bing Vulnerability Allows Unauthenticated Remote Takeover β Apply April Patches Immediately
A maximum-severity vulnerability in Microsoft Bing allows attackers with no account or credentials to take full control of affected systems over the internet. Microsoft has released a patch as part of April 2026 updates β all organisations should apply immediately and verify that enterprise search infrastructure is updated.
Wormable Windows Network Vulnerability Requires Immediate Patching β All IPv6-Enabled Networks at Risk
A race condition in the Windows TCP/IP stack allows self-propagating, unauthenticated remote code execution across networks with IPv6 enabled β which is the default configuration for all modern Windows systems. Demonstrated at Pwn2Own 2026 and patched in April's Patch Tuesday, unpatched organisations face a threat capable of spreading automatically from a single compromised host across entire network segments, comparable in propagation characteristics to EternalBlue.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β