Dataproof Communications

Analysis of a threat actor campaign targeting Solidity developers via three malicious VS Code extensions - Read more

At Let’s Encrypt we know that building a secure Internet isn’t just a technical challenge—it’s a long-term commitment. Over the past decade we’ve made enormous strides: from issuing billions of TLS certificates to continually innovating to keep the web safer and more accessible. But none of this would be possible without recurring donations from individuals and organizations around the...

Let’s Encrypt will no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026. Most users who use Let’s Encrypt to secure websites won’t be affected and won’t need to take any action. However, if you use Let’s Encrypt certificates as client certificates to authenticate to a server, this change may impact you. To...

FortiGuard Labs has identified ongoing and persistent attack attempts in the wild that are aimed at exploiting CVE-2025-31161, which is an authentication bypass vulnerability found in CrushFTP file transfer server. If successfully exploited, this vulnerability could allow attackers to gain administrative access to the application, representing a significant risk to enterprise environments. - Read more

Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java. - Read more

FortiGuard Labs has detected persistent attempts to exploit the Commvault Command Center path traversal vulnerability, identified as CVE-2025-34028. If attacks succeed, they could achieve full system compromise. FortiGuard telemetry shows exploitation attempts in the United States, Brazil, Turkey, the United Kingdom and Italy. - Read more

How Pebble Supports ACME Client Developers Together with the IETF community, we created the ACME standard to support completely automated certificate issuance. This open standard is now supported by dozens of clients. On the server side, did you know that we have not one but two open-source ACME server implementations? The big implementation, which we use ourselves in production, is called...

Elastic Security integrates with MDE data to enhance visibility, threat detection, and response. Additional features include Elastic AI Assistant, which uses contextual AI to accelerate investigations by providing explanations and recommendations. - Read more

Elastic Security has a lot of generative AI capabilities, but two of them are now generally available for all Elastic users! Learn about Automatic Import and Attack Discovery. - Read more

Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS. - Read more