Reflections on a Year of Sunlight
The Certificate Transparency ecosystem has been improving transparency for the web PKI since 2013. It helps make clear exactly what certificates each certificate authority...
Information Disclosure on SSLVPN endpoint
CVSSv3 Score: 3.9
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in FortiOS SSL-VPN web-mode may allow an...
ANU investigates possible hack after vice-chancellor’s account liked ‘highly offensive’ LinkedIn posts
University spokesperson says Genevieve Bell’s account had ‘liked’ posts she had never seen before about Julie Bishop and GazaGet our breaking news email, free...
How We Reduced the Impact of Zombie Clients
Every night, right around midnight (mainly UTC), a horde of zombies wakes up and clamors for … digital certificates!
The zombies in question are abandoned...
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends - Read more
Earth Lamia APT Attack
FortiGuard’s global sensor network report consistently high levels of attack attempts targeting vulnerabilities associated with Earth Lamia APT campaigns. According to Trend Research, the...
The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions
Analysis of a threat actor campaign targeting Solidity developers via three malicious VS Code extensions - Read more
Sustaining a More Secure Internet: The Power of Recurring Donations
At Let’s Encrypt we know that building a secure Internet isn’t just a technical challenge—it’s a long-term commitment. Over the past decade we’ve made...
Ending TLS Client Authentication Certificate Support in 2026
Let’s Encrypt will no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026. Most users who use...
CrushFTP Authentication Bypass Attack
FortiGuard Labs has identified ongoing and persistent attack attempts in the wild that are aimed at exploiting CVE-2025-31161, which is an authentication bypass vulnerability...
Latest article
Chromium: CVE-2026-13027 Use after free in FileSystem
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2025) for more information. - Read...
Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more
Help shape the future of Metasploit FrameworkWe are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they...
New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets
A new Linux kernel local privilege escalation vulnerability, dubbed “DirtyClone” (CVE-2026-43503), that allows unprivileged local users to gain full root access by manipulating cloned...
Hackers Claim French Employment Leak Exposes Over 1M Records, Health Data
Hackers claim 1M+ records tied to French employment apps were exposed, including HR files, health data, worker details, and plaintext passwords.
The post Hackers Claim...
