$ cipherwatch --feed live --domains all β–ˆ

Decoding Threats.
Watching the Wire.

Daily security intelligence curated from the world's leading sources, mapped across 8 core security disciplines β€” from threat intelligence to application security.

8

Security Domains

Daily

Updates

CVEs

Tracked Live

Latest Intelligence

Recent Articles

Curated security news from across the threat landscape.

βš–οΈRisk Mgmt

CIRCIA Final Rule Expected May 2026: What Critical Infrastructure Operators Must Do Now

CISA is expected to publish the long-awaited CIRCIA final rule in May 2026, mandating 72-hour cyber incident reporting and 24-hour ransomware payment reporting for critical infrastructure sectors. With weeks remaining, organisations that have not started preparing face significant compliance and legal exposure when the rule takes effect.

#circia +6
πŸ”¬Assessment

CISA Supplemental Direction ED 26-03: How to Hunt for Compromise in Cisco Catalyst SD-WAN

CISA has issued supplemental hunt-and-hardening guidance for Cisco Catalyst SD-WAN systems under Emergency Directive 26-03, providing defenders with specific indicators to look for in environments exposed to CVE-2026-20127 β€” a CVSS 10.0 authentication bypass exploited since 2023. Organisations running Cisco SD-WAN infrastructure should treat this guidance as a mandatory compromise assessment checklist.

#cisco +7
πŸ›οΈArchitecture

NSA's January 2027 PQC Deadline Is Nine Months Away β€” Enterprise Migration Is Now Mandatory

With NIST's post-quantum cryptography standards finalised and the NSA's CNSA 2.0 deadline requiring all new National Security System acquisitions to be quantum-resistant by January 2027, the migration window for enterprise and federal contractor environments is closing fast. Most organisations have yet to inventory their cryptographic assets, let alone begin migration.

#post-quantum +7
πŸ—„οΈAssets

World Leaks Exposes 7.7TB of LAPD Records After City Attorney's Discovery Tool Breach

Extortion group World Leaks has published more than 337,000 sensitive LAPD files β€” including officer personnel records, Internal Affairs investigations, and witness medical information β€” after breaching a third-party legal discovery transfer tool used by the Los Angeles City Attorney's Office. The incident illustrates how legal and compliance workflows that touch sensitive data are increasingly targeted as a softer entry point than agency systems themselves.

#data-breach +6
πŸ›‘οΈSecOps

DPRK-Linked Hackers Steal $285 Million from Drift Protocol in Six-Month Social Engineering Operation

North Korean threat actors attributed to UNC4736 (Citrine Sleet/AppleJeus) stole $285 million from Solana-based Drift Protocol after a six-month infiltration campaign combining social engineering of multisig signers with a novel durable nonce pre-signing technique. The incident reveals social engineering tactics directly transferable to enterprise environments.

#north-korea +9
πŸ”‘IAM

Fortinet FortiClient EMS Zero-Day CVE-2026-35616 Actively Exploited β€” Apply Emergency Hotfix Now

A critical pre-authentication API bypass in Fortinet FortiClient EMS (CVSS 9.1) is being actively exploited in the wild, with CISA adding the vulnerability to its Known Exploited Vulnerabilities catalogue on 6 April. Organisations running FortiClient EMS 7.4.5 or 7.4.6 must apply the emergency hotfix immediately β€” FCEB agencies faced a remediation deadline of 9 April.

#fortinet +7

Stay Vigilant

Intelligence is your first line of defence.

CipherWatch compiles and synthesises security news daily from Krebs on Security, The Hacker News, BleepingComputer, CISA advisories, and more β€” so you stay ahead of the threat curve.

Learn how it works β†’