Summary PyPI now checks for expired domains to prevent domain resurrection attacks,a type of supply-chain attack where someone buys an expired domainand uses it to take over PyPI accounts through password resets. These changes improve PyPI’s overall account security posture,making it harder for attackers to exploit expired domain namesto gainContinue Reading
PyPI now serves project status markers in its standardindex APIs. This allows downstream consumers (like Python package installers andindex mirrors) to retrieve project statuses programmatically and use them toinform users when a project is archived or quarantined. Summary PyPI has implemented project status markers as proposed and accepted in PEPContinue Reading
Changes to the S/MIME Certificate Baseline Requirements add support for automated mailbox validation (via the ACME protocol) and post-quantum cryptography algorithm testing July 2025 was a busy period in the CA/Brower Forum’s (CABF) S/MIME Certificate Working Group (SMCWG). There are two key ballots relating to S/MIME certificates that have beenContinue Reading
From cyber attacks on emergency call centers to electric and telecom network infiltrations, here’s what to know about the threats plaguing critical infrastructure sectors and how to fight back “We’re sorry, the number you are calling is not available.” Service outages can bring emergency services like 911 to a standstill.Continue Reading
These 30 social engineering attack statistics reveal human vulnerabilities and how bad guys love to exploit them (to your detriment) Social engineering doesn’t hack your company’s devices or digital assets; it “hacks” the people who have access to them. Bad guys have been influencing the behaviors of others throughout recordedContinue Reading
Google’s Chrome Root Store Policy (v1.6) update encourages CAs not to wait to shift to PKI hierarchies that support server authentication only Google Chrome has announced that it will stop trusting public server certificates (SSL/TLS certificates) that support the client authentication extended key usage (clientAuth EKU) starting June 15, 2026.Continue Reading
Let’s Encrypt will stop sending SSL/TLS expiration emails effective June 4 — now’s the time to ensure you have SSL monitoring and alerts set up Let’s Encrypt (LE) announced earlier this year that it would discontinue SSL/TLS expiration notification emails on Wednesday, June 4. That’s just two days from now,Continue Reading
We’ve asked 8 experts how they recommend maneuvering through a tumultuous cyber security threat landscape — here are their solutions Portnox’s survey data shows that 77% of Chief Information Security Officers (CISOs) are “very” or “extremely” worried about their jobs. (Who can blame them?) The cyber security threat landscape isContinue Reading
Microsoft joins Gmail and Yahoo in expanding their efforts to control the spam and malicious emails that make it into users’ inboxes by enforcing stringent bulk email sender requirements On April 2, Microsoft announced its plans to step up its commitment to hardening consumer email inboxes against spammers and scammersContinue Reading
Starting in 2026, SSL/TLS certificate lifespans will be reduced from the current maximum of 13 months. By 2029, all public SSL/TLS certificates will have a 1.5-month maximum validity. Here’s what you need to know. On April 11, 2025, the CA/Browser Forum (CA/B Forum) approved Ballot SC-081v3, a proposal from AppleContinue Reading