Security News

Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps
2025-04-22 02:23

10 other certificates 'were mis-issued and have now been revoked' Certificate issuer SSL.com’s domain validation system had an unfortunate bug that was exploited by miscreants to obtain, without...

Why shorter SSL/TLS certificate lifespans matter
2025-04-15 06:00

Digital certificates are the unsung heroes of the internet, silently verifying that the websites, apps, and services you use are legit and your data is safe. For years, we’ve leaned on...

New SSL/TLS certs to each live no longer than 47 days by 2029
2025-04-14 21:31

IT admins, get ready to grumble CA/Browser Forum – a central body of web browser makers, security certificate issuers, and friends – has voted to cut the maximum lifespan of new SSL/TLS certs to...

SSL/TLS certificate lifespans reduced to 47 days by 2029
2025-04-14 17:49

The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. [...]

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
2025-04-11 17:55

Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched....

How SSL Misconfigurations Impact Your Attack Surface
2025-04-02 10:00

When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration...

SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN
2025-02-14 22:53

Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall...

Hackers exploit critical bug in Array Networks SSL VPN products
2024-11-26 13:26

America's Cyber Defense Agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS. [...]

SSL Certificate Best Practices Policy
2024-11-13 16:00

SSL certificates are essential for encrypting traffic between systems such as clients, which access servers via web browsers or applications that communicate with remote systems. Certificates...

DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight
2024-07-31 14:13

Certificate authority DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper Domain Control Validation.