2023, Cybersecurity and VPN - Cyber Security Informer

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. How AI and automation are amplifying the scale and sophistication of VPN attacks.

VPN

VPN Authentication Ransomware Risk

Top 15 Exploited Vulnerabilities of 2023

SecureWorld News

NOVEMBER 12, 2024

A new joint Cybersecurity Advisory, co-authored by leading cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom, details the vulnerabilities malicious actors routinely exploited in 2023.

Software

Software Cyber threats Risk Passwords

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 26, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Array Networks AG and vxAG ArrayOS flaw CVE-2023-28461 (CVSS score: 9.8)

VPN

VPN Authentication Hacking Risk

Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns

Security Affairs

APRIL 12, 2025

The cybersecurity firm revealed that attackers exploited known FortiGate flaws like CVE-2022-42475 , CVE-2023-27997 , and CVE-2024-21762 to gain persistent read-only access via a symlink in SSL-VPN language folders. ” Fortinet pointed out that only devices with SSL-VPN enabled are impacted. . FortiOS 7.4,

VPN

VPN Engineering Hacking Cybersecurity

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware.

VPN

VPN Government Malware Manufacturing

CVE-2023-34990 (CVSS 9.8): Critical Security Flaw Found in Fortinet FortiWLM

Penetration Testing

DECEMBER 18, 2024

Fortinet, a leading cybersecurity vendor, has issued urgent advisories regarding several critical vulnerabilities affecting its popular products, including FortiClient VPN, FortiManager, and FortiWLM.

VPN

VPN Passwords Cybersecurity

Veeam Backup & Replication exploit reused in new Frag ransomware attack

Security Affairs

NOVEMBER 9, 2024

Florian Hauser, cybersecurity researcher at CODE WHITE Gmbh, reported this vulnerability. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. Some of these VPNs were running unsupported software versions.” reads the advisory.

Backups

Backups Ransomware VPN Accountability

News Alert: CrowdSec report highlights the rise of IPv6 in cyber criminal activities

The Last Watchdog

JULY 27, 2023

Paris, France, July 27, 2023 – CrowdSec , the pioneering open source and collaborative cybersecurity company, today released its Q2 2023 Majority Report , a comprehensive community-driven data report fueled by the collective efforts of its thousands of users. Only 5% of reported IPs are flagged as VPN or proxy users.

VPN

VPN Data collection Cybersecurity Threat Detection

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted.

Risk

Risk VPN Internet Internet

France links Russian APT28 to attacks on dozen French entities

Security Affairs

APRIL 30, 2025

On Tuesday, the French cybersecurity agency ANSSI published a report linking attacks on local government, diplomatic, research, and financial organizations, as well as think tanks, to the cyber espionage group APT28. CVE-2023-23397 ). In 2023, they used free web services like InfinityFree and Mocky.IO

Government

Government Phishing DNS VPN

86 million AT&T customer records reportedly up for sale on the dark web

Zero Day

JUNE 6, 2025

Based on an analysis by cybersecurity news platform Hackread , the data contains dates of birth, phone numbers, email addresses, street addresses, and even social security numbers. The hackers say that the dates of birth and social security numbers were originally encrypted but have since been decrypted and are now visible in plain text.

Password Management

Password Management Passwords Artificial Intelligence Software

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 2, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! is an improper neutralization of special elements in the SMA100 SSL-VPN management interface.

Firmware

Firmware Authentication VPN Mobile

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

The Last Watchdog

JANUARY 3, 2023

At the start of 2023, consumers remain out in the cold when it comes to online protection. Malicious online actors grow ever more sophisticated, making cybersecurity as big a concern for everyday consumers as it ever has been. You can also invest in a virtual private network (VPN) for use when you are connected to a public network.

Risk

Risk Cybersecurity Antivirus Phishing

Macs targeted by info stealers in new era of cyberthreats

Malwarebytes

FEBRUARY 19, 2025

With the right cybersecurity practices, everyday Mac users can stay safe from these emerging threats. In 2023, a new info stealer on Mac called Atomic Stealer (AMOS) made its debut, and since its launch, it has not only showcased new featuresmuch like TrickBotit has also been gussied up with some of the markings of a legitimate business.

Malware

Malware Software Passwords Cryptocurrency

Why SMS two-factor authentication codes aren't safe and what to use instead

Zero Day

JUNE 17, 2025

"Cybersecurity researchers and investigative journalists have published reports alleging Fink's involvement in multiple instances of infiltrating private online accounts." " Analyzing the data, Bloomberg and Lighthouse found that the senders included such major tech players as Google, Meta, and Amazon.

Authentication

Authentication Password Management Small Business Passwords

Apple quietly makes running Linux containers easier on Macs

Zero Day

JUNE 13, 2025

ZDNET Recommends Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors Innovation Artificial Intelligence AR + VR Cloud (..)

Password Management

Password Management Small Business Energy and Utilities Artificial Intelligence

Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks

Penetration Testing

JUNE 15, 2025

Skip to content June 16, 2025 Linkedin Twitter Facebook Youtube Daily CyberSecurity Primary Menu Home Cyber Criminals Cyber Security Data Leak Linux Malware Vulnerability Submit Press Release Vulnerability Report Windows Search for: Home News Vulnerability Report Critical Blink Router Flaws (CVSS 9.8) Every contribution matters.

Firmware

Firmware DNS Penetration Testing Malware

U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 7, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog. UNC5221 is a suspected China-nexus espionage actor that we previously observed conducting zero-day exploitation of edge devices dating back to 2023.

Malware

Malware Cybersecurity Hacking Software

How global threat actors are weaponizing AI now, according to OpenAI

Zero Day

JUNE 6, 2025

ZDNET Recommends Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors Innovation Artificial Intelligence AR + VR Cloud (..)

Artificial Intelligence

Artificial Intelligence Password Management Small Business Passwords

Fog Ransomware Exploits Legitimate Monitoring Software in Sophisticated Attacks

SecureWorld News

JUNE 12, 2025

Fog was first identified in May 2023, when it was seen exploiting stolen VPN credentials to gain access to enterprise networks. More recently, Fog has been linked to attacks exploiting vulnerabilities in Veeam Backup & Replication (VBR) servers and SonicWall SSL VPN endpoints.

Software

Software Ransomware VPN Surveillance

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

SecureList

OCTOBER 29, 2024

Moreover, exploitation of a public-facing application was the root cause in 42.37% of cases investigated by the Kaspersky Global Emergency Response Team (GERT) in 2023. In one of our compromise assessments, we identified an incident whose root cause was traced to a contracted cybersecurity consultant.

Risk

Risk Antivirus Accountability Malware

Here's why network infrastructure is vital to maximizing your company's AI adoption

Zero Day

JUNE 14, 2025

ZDNET Recommends Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors Innovation Artificial Intelligence AR + VR Cloud (..)

Artificial Intelligence

Artificial Intelligence Password Management Small Business Digital transformation

Threat Modeling in Solar Power Infrastructure

SecureWorld News

JUNE 18, 2025

Those of us in the cybersecurity space know that this connectivity creates an attack surface that traditional power infrastructure didn't have to consider. The number of exposed SolarView Compact devices grew by 350% in two years, from 600 in 2023 to close to 3,000 in 2025.

Firmware

Firmware Manufacturing IoT Mobile

Tips to make your summer travels cyber safe

Webroot

JUNE 17, 2025

Even the best trips can have stressful moments, and when you miss a flight or get lost in a new destination, it’s easy to become less vigilant about protecting your cybersecurity. Fewer than 1 in 3 travelers (31%) protect their data with a virtual private network (VPN) when traveling internationally.

VPN

VPN Scams Computers and Electronics Phishing

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Antivirus Architecture

Your Android phone just got a big upgrade for free - these Pixel models included

Zero Day

JUNE 17, 2025

Also: 'End of 10' offers hope and support to Windows 10 users who can't upgrade their PCs This is the earliest Google has launched a major Android release in a while (for comparison, Android 15 was released on Oct. 15, 2024, and Android 14 was released on Oct. Here's a look at four of the biggest upgrades in Android 16.

Password Management

Password Management Small Business Artificial Intelligence Software

Hacking campaign compromised at least 16 Chrome browser extensions

Security Affairs

DECEMBER 31, 2024

One of the victims of this campaign is the cybersecurity firm Cyberhaven, on December 24 attackers published a malware-laced version of their Chrome extension. The malicious code allowed attackers to steal cookies and access tokens.

Hacking

Hacking Phishing VPN Malware

Apple Intelligence is getting more languages - and AI-powered translation

Zero Day

JUNE 9, 2025

ZDNET Recommends Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors Innovation Artificial Intelligence AR + VR Cloud (..)

Artificial Intelligence

Artificial Intelligence Password Management Small Business Digital transformation

Iran-linked actors target critical infrastructure organizations

Security Affairs

OCTOBER 18, 2024

Intelligence and cybersecurity agencies from the U.S., The attacks have gone on since at least October 2023, Iran-linked threat actors attempted to hack user accounts and obtain access to organizations in the healthcare and public health (HPH), government, information technology, engineering, and energy sectors.

Healthcare

Healthcare Accountability Passwords Authentication

The iPad I recommend to most users is only $299 right now

Zero Day

JUNE 14, 2025

Hand-crafted deals chosen specifically for ZDNET readers like you, fully backed by our experts.

Small Business

Small Business Password Management Artificial Intelligence VPN

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 15, 2025

CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs Hacking Attackers exploit a new zero-day to hijack Fortinet firewalls Security OpenSSL patched high-severity flaw CVE-2024-12797 Progress Software fixed multiple high-severity (..)

Spyware

Spyware Firewall Artificial Intelligence Malware

Your Android phone just got a major feature upgrade for free - including these Pixel models

Zero Day

JUNE 13, 2025

Also: Why Denmark is dumping Microsoft Office and Windows for LibreOffice and Linux This is the earliest Google has launched a major Android release in a while (for comparison, Android 15 was released on Oct. 15, 2024, and Android 14 was released on Oct. Here's a look at four of the biggest upgrades in Android 16.

Password Management

Password Management Small Business Artificial Intelligence Software

Fortinet Uncovers Threat Actor Persistence via Symbolic Link Exploit in FortiGate Devices

Penetration Testing

APRIL 13, 2025

In an urgent alert to the cybersecurity community, Fortinet has detailed an active threat campaign exploiting known vulnerabilities The post Fortinet Uncovers Threat Actor Persistence via Symbolic Link Exploit in FortiGate Devices appeared first on Daily CyberSecurity.

Cybersecurity

Cybersecurity VPN

Yet another European government is ditching Microsoft for Linux - here's why

Zero Day

JUNE 16, 2025

ZDNET Recommends Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors Innovation Artificial Intelligence AR + VR Cloud (..)

Government

Government Password Management Small Business Software

ChatGPT can now connect to MCP servers - here's how, and what to watch for

Zero Day

JUNE 17, 2025

ZDNET Recommends Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors Innovation Artificial Intelligence AR + VR Cloud (..)

Artificial Intelligence

Artificial Intelligence Password Management Small Business Digital transformation

Is this the end of Intel-based Macs? Apple confirms bittersweet update policy for MacOS

Zero Day

JUNE 9, 2025

ZDNET Recommends Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors Innovation Artificial Intelligence AR + VR Cloud (..)

Password Management

Password Management Small Business Artificial Intelligence Digital transformation

Get a Google Pixel 9a and Pixel Buds A-Series on T-Mobile - here's how it works

Zero Day

JUNE 11, 2025

Hand-crafted deals chosen specifically for ZDNET readers like you, fully backed by our experts.

Mobile

Mobile Password Management Small Business Retail

International Women’s Day: accelerating action against online harms

BH Consulting

MARCH 7, 2025

In cybersecurity, danger isnt distributed equally. An investigation for BBCs Panorama programme found a spike in known misogynistic and abusive accounts on Twitter near key dates around Elon Musks takeover of the platform in 2023. In cybersecurity, vigilance is everything.

Scams

Scams Threat Reports Media Cybersecurity

I found a Linux distro that combines the best parts of other operating systems (and it works)

Zero Day

JUNE 13, 2025

ZDNET Recommends Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors Innovation Artificial Intelligence AR + VR Cloud (..)

Password Management

Password Management Small Business Energy and Utilities Artificial Intelligence

Privacy Roundup: Week 7 of Year 2025

Security Boulevard

FEBRUARY 17, 2025

Privacy Services Mullvad has partnered with Obscura VPN Mullvad Mullvad announces its partnership with ObscuraVPN; Mullvad WireGuard VPN servers can be used as the exit hop for the two-party VPN service offered by ObscuraVPN. Information and summaries provided here are as-is for warranty purposes.

Surveillance

Surveillance Data breaches VPN Malware

Is your Pixel glitchy after Android 16? Here's the best workaround we've found so far

Zero Day

JUNE 17, 2025

ZDNET Recommends Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors Innovation Artificial Intelligence AR + VR Cloud (..)

Password Management

Password Management Small Business Artificial Intelligence Digital transformation

Your Apple Watch is getting a big upgrade. Here are the 8 features I can't wait to use in WatchOS 26

Zero Day

JUNE 14, 2025

ZDNET Recommends Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors Innovation Artificial Intelligence AR + VR Cloud (..)

Password Management

Password Management Small Business Software Artificial Intelligence

Google's viral research assistant just got its own app - here's how it can help you

Zero Day

JUNE 7, 2025

ZDNET Recommends Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors Innovation Artificial Intelligence AR + VR Cloud (..)

Password Management

Password Management Artificial Intelligence Small Business Digital transformation

These XR glasses gave me a 200-inch screen to work with - and have replaced my monitors

Zero Day

JUNE 18, 2025

ZDNET Recommends Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors Innovation Artificial Intelligence AR + VR Cloud (..)

Password Management

Password Management Small Business Energy and Utilities Software

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Top 15 Exploited Vulnerabilities of 2023

Trending Sources

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns

China’s Volt Typhoon botnet has re-emerged

CVE-2023-34990 (CVSS 9.8): Critical Security Flaw Found in Fortinet FortiWLM

Veeam Backup & Replication exploit reused in new Frag ransomware attack

News Alert: CrowdSec report highlights the rise of IPv6 in cyber criminal activities

CISA Order Highlights Persistent Risk at Network Edge

France links Russian APT28 to attacks on dozen French entities

86 million AT&T customer records reportedly up for sale on the dark web

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

Macs targeted by info stealers in new era of cyberthreats

Why SMS two-factor authentication codes aren't safe and what to use instead

Apple quietly makes running Linux containers easier on Macs

Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks

U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog

How global threat actors are weaponizing AI now, according to OpenAI

Fog Ransomware Exploits Legitimate Monitoring Software in Sophisticated Attacks

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Here's why network infrastructure is vital to maximizing your company's AI adoption

Threat Modeling in Solar Power Infrastructure

Tips to make your summer travels cyber safe

Akira ransomware received $42M in ransom payments from over 250 victims

Your Android phone just got a big upgrade for free - these Pixel models included

Hacking campaign compromised at least 16 Chrome browser extensions

Apple Intelligence is getting more languages - and AI-powered translation

Iran-linked actors target critical infrastructure organizations

The iPad I recommend to most users is only $299 right now

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Your Android phone just got a major feature upgrade for free - including these Pixel models

Fortinet Uncovers Threat Actor Persistence via Symbolic Link Exploit in FortiGate Devices

Yet another European government is ditching Microsoft for Linux - here's why

ChatGPT can now connect to MCP servers - here's how, and what to watch for

Is this the end of Intel-based Macs? Apple confirms bittersweet update policy for MacOS

Get a Google Pixel 9a and Pixel Buds A-Series on T-Mobile - here's how it works

International Women’s Day: accelerating action against online harms

I found a Linux distro that combines the best parts of other operating systems (and it works)

Privacy Roundup: Week 7 of Year 2025

Is your Pixel glitchy after Android 16? Here's the best workaround we've found so far

Your Apple Watch is getting a big upgrade. Here are the 8 features I can't wait to use in WatchOS 26

Google's viral research assistant just got its own app - here's how it can help you

These XR glasses gave me a 200-inch screen to work with - and have replaced my monitors

Stay Connected