Sensor Intel Series: Top CVEs in August 2022
Learn what attackers scanned for last month so you can tune your defenses. - Read more
Remembering Peter Eckersley
Artwork by Hugh D’Andrade
Peter Eckersley, a Let’s Encrypt co-founder, passed away unexpectedly on September 2nd from complications of cancer...
A New Life for Certificate Revocation Lists
This month, Let’s Encrypt is turning on new infrastructure to support revoking certificates via Certificate Revocation Lists. Despite having been largely supplanted by the...
Nurturing Continued Growth of Our Oak CT Log
Let’s Encrypt has been running a Certificate Transparency (CT) log since 2019 as part of our commitment to keeping the Web PKI ecosystem healthy....
TLS Beyond the Web: How MongoDB Uses Let’s Encrypt for Database-to-Application Security
Most of the time, people think about using Let’s Encrypt certificates to encrypt the communication between a website and server. But connections that need...
Let’s Encrypt Receives the Levchin Prize for Real-World Cryptography
On April 13, 2022, the Real World Crypto steering committee presented the Max Levchin Prize for Real-World Cryptography to Let’s Encrypt. The following...
New Major Funding from the Ford Foundation
ISRG's pragmatic, public-interest approach to Internet security has fundamentally changed the web at an astonishing scale and pace. —Michael Brennan,...
TLS Simply and Automatically for Europe’s Largest Cloud Customers
OVHcloud, the largest hosting provider in Europe, has used Let’s Encrypt for TLS certificates since 2016. Since then, they’ve provisioned tens of millions of...
Making the Web safer and more secure for everyone
The Internet Society has supported our work toward a 100% encrypted Web since before we’d even issued our first certificate. Their commitment to helping...
Resources for Certificate Chaining Help
As planned, the DST Root CA X3 has expired and we’re now using our own ISRG Root X1 for trust. We used a cross-sign...
Latest article
CVE-2026-41940: cPanel & WHM Authentication Bypass
OverviewOn April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In...
Cursor Extension Flaw Exposes Developer API Keys
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX - Read more
CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only. - Read more
ClickUp Data Leak Exposes Enterprise Emails for Over a Year
A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns.
The post ClickUp Data...
