2024 Vulnerability Scanning Surges 91%
Scans intensify, looking for a critical vulnerability in TBK DVR devices. - Read more
Encryption for Everybody
2025 marks ten years of Let’s Encrypt. Already this year we’ve taken steps to continue to deliver on our values of user privacy,...
Scaling Our Rate Limits to Prepare for a Billion Active Certificates
Let’s Encrypt protects a vast portion of the Web by providing TLS certificates to over 550 million websites—a figure that has grown by 42%...
Ending Support for Expiration Notification Emails
Since its inception, Let’s Encrypt has been sending expiration notification emails to subscribers that have provided an email address to us. We will be...
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government. - Read more
Elastic recruiters reveal how to stand out in your job search
We asked Elastic recruiters for their best tips on how to stand out in the application and interview process and how they advise their...
Announcing Six Day and IP Address Certificate Options in 2025
This year we will continue to pursue our commitment to improving the security of the Web PKI by introducing the option to get certificates...
The Dangers of DNS Hijacking
How expired domains and improper DNS management can lead to severe security risks like MitM attacks, fraudulent TLS/SSL certifications, and more. - Read more
Announcing Certificate Profile Selection
We are excited to announce a new extension to Let’s Encrypt’s implementation of the ACME protocol that we are calling “profile selection.” This new...
Ending OCSP Support in 2025
Earlier this year we announced our intent to provide certificate revocation information exclusively via Certificate Revocation Lists (CRLs), ending support for providing certificate revocation...
Latest article
What the March 2026 Threat Technique Catalog update means for your AWS environment
The AWS Customer Incident Response Team (AWS CIRT) regularly encounters patterns that repeat across their engagements when helping customers respond to security...
New BlobPhish Attack Leverages Browser Blob Objects to Steal Users’ Login Credentials
A sophisticated, memory-resident phishing campaign called BlobPhish, active since October 2024, that exploits browser Blob URL APIs to silently steal credentials from Microsoft 365...
Medtronic Confirms Data Breach After ShinyHunters Claims
Medtronic confirms IT breach as ShinyHunters claims millions of records accesseda - Read more
Why AI agents are triggering a rethink of enterprise identity
The Computer Weekly Security Think Tank considers the intersection of AI and IAM. In this article, we look at the specific impacts of agentic...
