ACME Renewal Information (ARI) Published as RFC 9773
Let’s Encrypt has been proud to work with the IETF to maintain ACME as an open standard since we first developed the technology a...
More Mozilla User-Agents, Please: a Deep Dive into an Inadvertent Disclosure Scanner
Sensor Intel Series: September 2025 Trends - Read more
ShadowSilk Data Exfiltration Attack
FortiGuard Labs’ network telemetry has observed active exploitation of known vulnerabilities in Drupal Core and the WP-Automatic WordPress plugin for initial access. Following compromise,...
Native ACME Support Comes to NGINX
NGINX and Let's Encrypt share a common vision of an open and secure web. Now, with built-in support for ACME,...
[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.4.x, 6.5.1 and 6.6.0:...
Stand-alone Security Patches Available for Tenable Security Center versions 6.4.x, 6.5.1 and 6.6.0: SC-202508.1 Arnie Cabral Thu, 08/28/2025 - 11:18
Security Center leverages...
The Prevalence of Web-Based RCE Vulnerabilities
Sensor Intel Series: July 2025 CVE Trends - Read more
CVE-2025-52882: WebSocket authentication bypass in Claude Code extensions
A critical vulnerability in older versions of the Claude Code for Visual Studio Code (VS Code) and other IDE extensions allowed malicious websites to...
MCP vulnerability case study: SQL injection in the Postgres MCP server
Learn how vulnerability in Anthropic's reference Postgres MCP server allowed us to bypass the read-only restriction and execute arbitrary SQL statements. - Read...
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer
Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap. ...
Datadog threat roundup: Top insights for Q2 2025
Threat insights from Datadog Security Labs for Q2 2025. - Read more
Latest article
Chromium: CVE-2026-2319 Race in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2024 ) for more information. -...
Substack Breach May Have Leaked Nearly 700,000 User Details Online
Substack says hackers accessed user emails, phone numbers, and internal metadata in October 2025, with a database of 697,313 records later posted online.
The post...
Cryptojacking Campaign Exploits Driver to Boost Monero Mining
Cryptojacking campaign used pirated software to deploy a persistent XMRig miner with stealth tactics - Read more
The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP
I don’t know about you, but when I think about “critical vulnerabilities,” I usually picture ransomware, data theft, or maybe a server falling over...
