Decoding Threats.
Watching the Wire.
Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β from threat intelligence to application security.
8
Security Domains
Daily
Updates
CVEs
Tracked Live
Latest Intelligence
Recent Articles
Curated security news from across the threat landscape.
Google Patches Fourth Chrome Zero-Day of 2026 β CVE-2026-5281 Use-After-Free in WebGPU
Google has patched CVE-2026-5281, a use-after-free vulnerability in Chrome's Dawn WebGPU implementation that is being actively exploited in the wild. This is the fourth Chrome zero-day exploited in attacks in 2026. CISA added it to the KEV catalogue on 1 April with a deadline of 15 April for federal agencies. Update to Chrome 146.0.7680.177/178.
Fortinet FortiClient EMS Zero-Day CVE-2026-35616 Actively Exploited β Emergency Hotfix Available
A pre-authentication remote code execution zero-day in Fortinet FortiClient Enterprise Management Server (CVE-2026-35616, CVSS 9.1) has been under active exploitation since 31 March 2026, ahead of Fortinet's advisory. CISA added it to the KEV catalogue on 6 April with a federal deadline of 9 April. An emergency hotfix is available without requiring system downtime.
Microsoft April 2026 Patch Tuesday: 167 Flaws Patched Including Two Zero-Days
Microsoft's April 2026 Patch Tuesday addresses 167 vulnerabilities, including an actively exploited SharePoint spoofing zero-day (CVE-2026-32201) and a publicly disclosed Defender elevation-of-privilege flaw. Eight Critical-rated vulnerabilities include a CVSS 9.8 IKE RCE and a Critical Active Directory RCE assessed as exploitation more likely.
North Korea's UNC4736 Spent Six Months Infiltrating Drift Protocol Before Stealing $285 Million
North Korean state hackers (UNC4736/AppleJeus) executed a meticulously planned six-month social engineering operation against Drift Protocol, culminating in a $285 million theft from the Solana DeFi platform on 1 April 2026. The attack leveraged fabricated tokens and pre-signed transactions to hand attackers admin control β the largest DeFi exploit of 2026 and the second-largest in Solana's history.
Basic-Fit Breach Exposes Personal and Bank Data of One Million European Gym Members
Dutch fitness chain Basic-Fit has disclosed a data breach affecting approximately one million members across six European countries, with bank account details among the compromised data. The breach targeted the company's visit-tracking system, exposing names, contact details, dates of birth, and banking information. GDPR notifications have been filed.
Linux Kernel Netfilter Vulnerability Batch: CVE-2026-31414 and Cluster Require Prompt Patching
A cluster of Linux kernel vulnerabilities in the netfilter subsystem β led by CVE-2026-31414 β has been patched across stable kernel branches, affecting versions 6.1 through 6.10. The flaws span NULL pointer dereferences and connection tracking weaknesses that can cause privilege escalation or denial of service. Enterprise Linux distributions are releasing updates; unmanaged servers and container hosts running custom kernel builds require manual attention.
Opinion & Analysis
Commentary
Patch Tuesday Is Not a Patching Programme
Every second Tuesday, the industry runs a collective sprint to triage, test, and deploy hundreds of Microsoft patches before the next cycle begins. We call this a patching programme. It isn't. It's a treadmill β and the real security question is whether we're measuring the right thing.
CipherWatch Editorial
Security Intelligence Platform
Security Awareness Training Is Solving the Wrong Problem
We spend billions every year teaching employees not to click malicious links. The same employees work in environments where clicking a malicious link can collapse the company. The problem isn't the clicking.
CipherWatch Editorial
Security Intelligence Platform
For CISOs, CIOs & Board Members
CIO Briefings
Security events translated into business language β financial exposure, regulatory obligations, and board-ready summaries.
SharePoint Zero-Day Added to CISA KEV Before Patch Exists β Action Required Today
CISA has added an actively exploited SharePoint Server vulnerability (CVE-2026-32201) to its Known Exploited Vulnerabilities catalogue while no vendor patch exists. Microsoft's fix arrives in tomorrow's Patch Tuesday. Boards and security leaders face a rare decision: implement compensating controls now, or accept a confirmed zero-day exposure overnight.
Adobe Acrobat Zero-Day: Four Months of Silent PDF-Based Attacks Across Enterprise Desktops
A zero-day in Adobe Acrobat Reader (CVE-2026-34621) has been exploited since November 2025 β meaning enterprise environments have been exposed for over four months without a patch. Simply opening a PDF triggered the attack. Adobe released an emergency fix on 13 April 2026; the financial and reputational exposure window is now a board-level question.
Critical Ivanti MDM Vulnerability Puts Every Managed Device at Risk
A critical unauthenticated remote code execution vulnerability in Ivanti Endpoint Manager Mobile (EPMM) is being actively exploited. CISA has mandated federal agencies patch by 11 April. A compromised MDM platform exposes the management layer for an organisation's entire mobile device fleet β including device certificates, VPN credentials, and configuration profiles pushed to thousands of employee devices.
Security Domains
Browse by Domain
Security intelligence mapped across 8 core disciplines.
Risk Mgmt
Governance, compliance, ethics, risk frameworks, legal regulations, and business continuity planning.
Assets
Data classification, ownership, privacy protection, retention policies, and data security standards.
Architecture
Secure design principles, cryptography, physical security, and security models.
Network
Network architecture, protocols, secure communication channels, and network attacks.
IAM
Authentication, authorization, access control models, identity federation, and MFA.
Assessment
Vulnerability assessment, penetration testing, audit strategies, and security metrics.
SecOps
Incident response, forensics, threat intelligence, SIEM, and operational security.
AppSec
Secure SDLC, code review, application vulnerabilities, DevSecOps, and software security testing.
Stay Vigilant
Intelligence is your first line of defence.
CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β so you stay ahead of the threat curve.
Learn how it works β