ACTIVE ADVISORIES
CVE-2026-1142CRITICALVolt Typhoon pre-positioning observed in five additional US utility networks— CISA AA26-148ACVE-2025-58801HIGHIvanti EPM unauthenticated SQLi — exploitation in the wild— Ivanti SAKEVAMBERCISA adds two Fortinet flaws to Known Exploited Vulnerabilities catalog— KEV-2026-05-26CVE-2026-0488CRITICALCisco IOS XE web UI RCE — patch released, mass-scanning detected— Cisco PSIRTBULLETINAMBERNCSC-UK warns of credential-stuffing wave targeting NHS supplier portals— NCSC UKCVE-2026-0991HIGHApache Tomcat path-traversal — proof-of-concept public— ASF securityKEVLOWPAN-OS GlobalProtect CVE-2024-3400 — vendor reports >98% patched— Palo Alto NetworksCVE-2026-1142CRITICALVolt Typhoon pre-positioning observed in five additional US utility networks— CISA AA26-148ACVE-2025-58801HIGHIvanti EPM unauthenticated SQLi — exploitation in the wild— Ivanti SAKEVAMBERCISA adds two Fortinet flaws to Known Exploited Vulnerabilities catalog— KEV-2026-05-26CVE-2026-0488CRITICALCisco IOS XE web UI RCE — patch released, mass-scanning detected— Cisco PSIRTBULLETINAMBERNCSC-UK warns of credential-stuffing wave targeting NHS supplier portals— NCSC UKCVE-2026-0991HIGHApache Tomcat path-traversal — proof-of-concept public— ASF securityKEVLOWPAN-OS GlobalProtect CVE-2024-3400 — vendor reports >98% patched— Palo Alto Networks
Raj "CipherGuard" Kumar Blog

Appearance

Portrait — Raj Kumar

CipherGuard — about

Independent investigative reporting on cybersecurity. Founded London, 2023.

Editor: Raj Kumar · Senior reporter: Sana Mehta · Two-person publication.

Masthead

RoleNameBeat
EditorRaj KumarThreat actors, supply chain, government IR
Senior reporterSana MehtaCloud, SaaS, privacy and surveillance
Contributing — BerlinLina BrandtEU regulation, vendor PSIRT
Contributing — SingaporeTomás YeoAPAC infrastructure, telco
Fact-checking(rotating, 3 freelancers)All long-form pieces
SubbingHolly TarrantAll long-form pieces
LegalHiscox MediaPre-publication review, named-subject pieces

CipherGuard has no investors and no parent company. The two operating partners are Raj Kumar and Sana Mehta. Day-to-day costs are met by the Threat Briefing subscription product and by a single underwriter — the Crooked Path Foundation, a UK-registered charity (no. 1198472) — whose grant covers 28% of the editorial budget under a non-interference agreement available on request.

What we cover, what we do not

We cover real incidents, real disclosures, real policy, and the supply chain that connects them. We do not cover product launches, conference keynotes, or analyst-firm "trend" predictions. The publishing cadence is one long-form piece per week and a Tuesday digest newsletter. The editorial calendar is in the welcome post.

For a plain-language statement of our sourcing rules, disclosure timeline, and correction policy, see the editorial standards page.

Secure contact

PurposeAddress
Tips, anonymous OK[email protected]
Corrections[email protected]
Editorial[email protected]
Press[email protected]

Signal: request the username by email. We rotate the handle monthly.

PGP: download the public key. Fingerprint:

4A7C 9D33 1F88 0C2B  E5A6 9C71 3A04 8821 B7FE 9D04

SecureDrop: we do not run our own; for the highest-sensitivity material, please use a partner outlet's instance and refer the reporter to us by email.

Postal: CipherGuard, c/o Stationers' Hall, Ave Maria Lane, London EC4M 7DD, UK. Letters opened by the editor only; no signature required for delivery.

Conflict-of-interest register

  • Raj Kumar serves on the technical advisory board of the Open Source Security Foundation (OpenSSF). This is unpaid. He recuses from coverage of OpenSSF projects.
  • Sana Mehta holds a small position (<£10k) in two listed cybersecurity vendors: Cloudflare (NET) and CrowdStrike (CRWD). She discloses this in pieces that mention either company and may not have authored or edited a piece about them in the trailing 90 days.
  • Neither editor accepts paid speaking engagements from cybersecurity vendors. We do accept honoraria for academic and government conferences; declared on request.

Independence policy

CipherGuard refuses any commercial arrangement that would compromise editorial independence. Practically this means:

  • We do not run sponsored content, native ads, or "research" articles produced by vendor marketing teams.
  • We do not accept paid trips, paid hardware, or paid access from vendors. Where a vendor offers a free trial we would otherwise have paid for, we accept and disclose.
  • Our underwriter has no prior review of any piece. They have, on three documented occasions, been mentioned critically in coverage and continued to renew their grant.

If a piece is funded by a specific grant restricted to a topic (rare; we have done it twice), we say so in the kicker.

Photographs

Photographs throughout CipherGuard are licensed from Unsplash contributors under the Unsplash License. Where a photograph is original to a story, the photo credit identifies the photographer and the date. We do not use AI-generated imagery for editorial illustration.

Newsletter and subscriptions

The Threat Briefing is the only commercial product we sell. £6 / month or £60 / year. Three subscriber tiers (Free, Standard, Institutional). Subscriptions managed by Stripe; we hold no card data. Cancellation is one-click from your account page. We honour pro-rata refunds for the unused portion of any annual subscription, no questions asked.

Last updated 22 May 2026. Changes to this page are tracked in our public git repo so that any revision to the standards is itself a matter of record.

Powered by VitePress - 1.6.3