InfoSecBulletin Cybersecurity for mankind
Portugal has changed its cybercrime law to protect good-faith security research and to make hacking legal under specific, strict conditions.
Daniel Cuthbert identified a new rule in Article 8.o-A, called “Acts not punishable due to public interest in cybersecurity,” which exempts some actions from being illegal that were once seen as illegal system access or data interception.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The exemption applies only to security researchers who identify vulnerabilities to enhance cybersecurity. To avoid criminal liability, specific conditions must be met:
The article outlines the boundaries of security research while offering legal protection for ethical hackers.
In November 2024, Germany’s Federal Ministry of Justice proposed a draft law to protect security researchers who responsibly report flaws to vendors.
Earlier, in May 2022, the U.S. Department of Justice (DOJ) announced revisions to its federal prosecution policies regarding Computer Fraud and Abuse Act (CFAA) violations, adding an exemption for “good-faith” research.
Security research is recognized and allowed to explore systems, find vulnerabilities, and report them safely without legal repercussions.
