SecureDrop Client 0.17.5 has been released to address a low-priority security issue. Exploiting this vulnerability would require a compromised server, and we are not aware of any exploits in the wild. Read More

SecureDrop Inbox, the new window into the SecureDrop Workstation, has been rewritten from the ground up to replace the previous client application for existing journalist users. Improving upon the core functionality, it also includes bug fixes, speed improvements, and a range of new features. Read More

A new SecureDrop Inbox will be released in the next few weeks, the result of work begun by the team in July 2025 to redesign how journalists process submissions. SecureDrop Workstation users will receive it automatically during a system update. Read More

This update contains multiple security fixes, all of which are low or informational priority. We are not aware of any exploitation in the wild for any vulnerability. Read More

Web applications are only as trustworthy as the servers that serve them, and servers can get hacked. So, last year, we introduced WEBCAT (Web-Based Code Assurance and Transparency), a project designed to enable verifiable in-browser code for web applications. We wrote extensively about WEBCAT’s requirements, constraints, and goals.Today, we’re excited to announce the alpha release of WEBCAT. In particular, we invite community participation in a new, decentralized enrollment infrastructure. Read More

We’ll be presenting on establishing trust in web applications and on the next generation of SecureDrop. Hope to see you in Taipei! Read More

This release ensures KeePassXC remains installed on Tails. It also lays groundwork for the upcoming SecureDrop App. Read More

This release addresses potential undefined behavior in a dependency Read More