DDoS’s Newest Minions: IoT Devices (Volume 1)
The latest evolution of cyber weapons is brought to you by the default passwords in Internet of Things (IoT) devices. - Read more
ISRG Legal Transparency Report, January 2016 – June 2016
The trust of our users is ISRG’s most critical asset. Transparency regarding legal requests is an important part of making sure our users can...
What It Costs to Run Let’s Encrypt
Today we’d like to explain what it costs to run Let’s Encrypt. We’re doing this because we strive to be a transparent organization, we...
Let’s Encrypt Root to be Trusted by Mozilla
The Let’s Encrypt root key (ISRG Root X1) will be trusted by default in Firefox 50, which is scheduled to ship in Q4 2016....
Full Support for IPv6
Let’s Encrypt is happy to announce full support for IPv6.
As IPv4 address space is exhausted, more and more people are deploying services that are...
Web Injection Threats: The Cost of Community Engagement on Your Site
Customer engagement drives web application design, but user-generated content brings inherent security challenges. - Read more
Defending Our Brand [Updated]
Update, June 24 2016
We have confirmed that Comodo submitted Requests for Express Abandonment for all three trademark registration applications in question. We’re happy to...
Progress Towards 100% HTTPS, June 2016
Our goal with Let’s Encrypt is to get the Web to 100% HTTPS. We’d like to give a quick progress update.
Let’s Encrypt has issued...
Latest article
Chromium: CVE-2026-13027 Use after free in FileSystem
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2025) for more information. - Read...
Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more
Help shape the future of Metasploit FrameworkWe are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they...
New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets
A new Linux kernel local privilege escalation vulnerability, dubbed “DirtyClone” (CVE-2026-43503), that allows unprivileged local users to gain full root access by manipulating cloned...
Hackers Claim French Employment Leak Exposes Over 1M Records, Health Data
Hackers claim 1M+ records tied to French employment apps were exposed, including HR files, health data, worker details, and plaintext passwords.
The post Hackers Claim...
