We’ve Issued Our First IP Address Certificate
Since Let’s Encrypt started issuing certificates in 2015, people have repeatedly requested the ability to get certificates for IP addresses, an option that only...
The State of Post-Quantum Cryptography (PQC) on the Web
We analyze the world’s most popular websites and most widely used web browsers to determine the current state of PQC adoption on the web....
Expiration Notification Service Has Ended
Since its inception, Let’s Encrypt has been sending expiration notification emails to subscribers that have provided an email address to us via the ACME...
Langflow Unauth RCE Attack
FortiGuard Labs has observed a significant uptick in attacks targeting Langflow, leveraging a recently discovered authentication bypass vulnerability that allows unauthenticated remote attackers to...
Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025
Elastic has been named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025. Elastic Security is AI-driven and open, delivering detection, investigation...
TBK DVRs Botnet Attack
Threat Actors are actively exploiting CVE-2024-3721, a command injection vulnerability in TBK DVR devices (Digital Video Recorders). This flaw allows unauthenticated remote code execution...
SimpleHelp Support Software Attack
FortiGuard Labs continues to observe ongoing attack attempts targeting SimpleHelp, a Remote Monitoring and Management (RMM) software, due to a critical unauthenticated path traversal...
UK ‘woefully’ unprepared for Chinese and Russian undersea cable sabotage, says report
CSRI finds China and Russia may be coordinating ‘grey zone’ tactics against vulnerable western infrastructureChina and Russia are stepping up sabotage operations targeting undersea...
F5 Labs Top CWEs & OWASP Top Ten Analysis
We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025. - Read more
European journalists targeted with Paragon Solutions spyware, say researchers
Citizen Lab says it found ‘digital fingerprints’ of military-grade spyware that Italy has admitted using against activistsThe hacking mystery roiling the Italian prime minister...
Latest article
Chromium: CVE-2026-13027 Use after free in FileSystem
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2025) for more information. - Read...
Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more
Help shape the future of Metasploit FrameworkWe are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they...
New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets
A new Linux kernel local privilege escalation vulnerability, dubbed “DirtyClone” (CVE-2026-43503), that allows unprivileged local users to gain full root access by manipulating cloned...
Hackers Claim French Employment Leak Exposes Over 1M Records, Health Data
Hackers claim 1M+ records tied to French employment apps were exposed, including HR files, health data, worker details, and plaintext passwords.
The post Hackers Claim...
