Sustaining a More Secure Internet: The Power of Recurring Donations
At Let’s Encrypt we know that building a secure Internet isn’t just a technical challenge—it’s a long-term commitment. Over the past decade we’ve made...
CrushFTP Authentication Bypass Attack
FortiGuard Labs has identified ongoing and persistent attack attempts in the wild that are aimed at exploiting CVE-2025-31161, which is an authentication bypass vulnerability...
Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability
Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java. - Read more
Commvault Command Center Path Traversal Vulnerability
FortiGuard Labs has detected persistent attempts to exploit the Commvault Command Center path traversal vulnerability, identified as CVE-2025-34028. If attacks succeed, they could achieve...
Elastic extends production-ready AI capabilities for all!
Elastic Security has a lot of generative AI capabilities, but two of them are now generally available for all Elastic users! Learn about Automatic...
Apache Tomcat RCE
FortiGuard Labs has identified ongoing attack attempts aimed at exploiting the recently discovered Apache Tomcat remote code execution vulnerability, CVE-2025-24813. If successful, attackers could...
Outbreak Alert- Annual Report 2024
In 2024, FortiGuard blocked 3.1 trillion vulnerability exploits and stopped 2.5 billion malware deliveries—fortifying businesses against relentless cyber threats. Stay ahead with the latest...
Prevent Web Scraping by Applying the Pyramid of Pain
The Bots Pyramid of Pain: a framework for effective bot defense. - Read more
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses....
Analyzing the Global Increase in Vulnerability Scanning in 2024
BotPoke comes to the foreground yet again. - Read more
Latest article
Chromium: CVE-2026-2319 Race in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2024 ) for more information. -...
Substack Breach May Have Leaked Nearly 700,000 User Details Online
Substack says hackers accessed user emails, phone numbers, and internal metadata in October 2025, with a database of 697,313 records later posted online.
The post...
Cryptojacking Campaign Exploits Driver to Boost Monero Mining
Cryptojacking campaign used pirated software to deploy a persistent XMRig miner with stealth tactics - Read more
The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP
I don’t know about you, but when I think about “critical vulnerabilities,” I usually picture ransomware, data theft, or maybe a server falling over...
