VPN - Cyber Security Informer

New VPN Backdoor

Schneier on Security

JANUARY 27, 2025

A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders.

VPN

VPN Encryption Malware Technology

Malwarebytes acquires AzireVPN to fuel additional VPN features and functionalities

Malwarebytes

NOVEMBER 7, 2024

Today I have great news to share: We’ve acquired AzireVPN, a privacy-focused VPN provider based in Sweden. Malwarebytes has long been an advocate for user privacy (think Malwarebytes Privacy VPN and our free web extension Malwarebytes Browser Guard). What does this mean for existing Malwarebytes Privacy VPN customers?

VPN

VPN Data collection Internet Internet

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. How AI and automation are amplifying the scale and sophistication of VPN attacks.

VPN

VPN Authentication Ransomware Risk

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Security Affairs

NOVEMBER 19, 2024

Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. ” reads the advisory.

VPN

VPN Malware Spyware Authentication

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. ” reads the advisory.

VPN

VPN Ransomware Firewall Internet

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world.

VPN

VPN Passwords Firewall Firmware

Chinese-Owned VPNs

Schneier on Security

MAY 27, 2025

TTP was able to determine the Chinese ownership of the 20 VPN apps being offered to Apple’s U.S. The ownership of many appeared deliberately opaque, with several concealing their structure behind layers of offshore shell companies. users by piecing together corporate documents from around the world.

VPN

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

MAY 6, 2024

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. ” The feature being abused here is known as DHCP option 121 , and it allows a DHCP server to set a route on the VPN user’s system that is more specific than those used by most VPNs. .”

VPN

VPN Wireless Internet Internet

Do you actually need a VPN? Your guide to staying safe online!

Webroot

NOVEMBER 21, 2024

So maybe you’ve heard of VPNs but aren’t actually sure what they are. Simply put, a VPN creates a safe, anonymous pathway for the data you send and receive over a Wi-Fi network, allowing you to browse anonymously and access content as if you were in a different location. Do you really need a VPN for personal use? Why use a VPN?

VPN

VPN Antivirus Internet Internet

Proton VPN vs IPVanish: Which VPN is right for you?

Zero Day

MAY 15, 2025

Proton VPN and IPVanish are both solid VPN options. Here's why you might want to choose one over the other, based on our testing.

VPN

Windscribe Acquitted on Charges of Not Collecting Users’ Data

Schneier on Security

APRIL 28, 2025

The company doesn’t keep logs, so couldn’t turn over data : Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection with an alleged internet offence by an (..)

VPN

VPN Internet Internet Data collection

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Malwarebytes

APRIL 3, 2025

That’s according to a report from the non-profit Tech Transparency Project (TTP), who investigated the top 100 mobile VPN apps downloaded from Apple’s App Store as documented by mobile intelligence company AppMagic. Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world.

VPN

VPN Mobile Government Technology

Zero-Day Vulnerability in Ivanti VPN

Schneier on Security

JANUARY 9, 2025

It’s being actively exploited.

VPN

Top 11 Dangerous VPN Providers to Avoid in 2025

SecureBlitz

MAY 13, 2025

Here, I will show you the top dangerous VPN providers and the top red flags to identify and avoid dangerous VPN providers in 2024. In today’s digital landscape, a Virtual Private Network (VPN) has become an essential tool for many internet users.

VPN

VPN Internet Internet Encryption

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

The Hacker News

MAY 25, 2025

Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena.

Malware

Malware VPN Software Cybersecurity

News alert: Case dismissed against VPN executive, affirms no-logs policy as a valid legal defense

The Last Watchdog

APRIL 28, 2025

28, 2025, CyberNewswire — Windscribe , a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection with an alleged internet offence by an unknown user of the service.

VPN

VPN Advertising Internet Internet

New Attack on VPNs

Schneier on Security

MAY 7, 2024

TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address.

VPN

VPN Encryption Internet Internet

Are VPN-ready routers the best home Wi-Fi upgrade? My buying advice after testing one

Zero Day

MAY 2, 2025

Setting up a VPN for your whole home isn't always easy - so I put one of the top contenders, Privacy Hero 2, to the test. Here's what I learned.

VPN

App Stores OK’ed VPNs Run by China PLA

Security Boulevard

APRIL 3, 2025

is the shady entity behind a clutch of free VPN appswith over a million downloads. The post App Stores OKed VPNs Run by China PLA appeared first on Security Boulevard. Bad Apple: Chinese firm banned by the U.S.

VPN

VPN Social Engineering Data privacy Security Awareness

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.” Again, this upgrade addresses a high vulnerability for SSL VPN users that should be considered at imminent risk of exploitation and updated immediately. hardware firewalls: SonicOS 6.5.5.1-6n

Firewall

Firewall Firmware VPN Authentication

Cisco fixed tens of vulnerabilities, including an actively exploited one

Security Affairs

OCTOBER 24, 2024

is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. . Services that are not related to VPN are not affected.” ” continues the advisory.

VPN

VPN Firewall Passwords Software

Not Just for Unlocking Content: How Attackers Are Leveraging Personal VPNs

Duo's Security Blog

APRIL 17, 2025

As many a podcast host will tell you, its about time you used a consumer or personal Virtual Private Network (VPN). VPNs have become commonplace, serving various purposes from the noble, like protecting an individuals digital footprint, to the dubious, like accessing geo-restricted content.

VPN

VPN Risk Cybersecurity

Is Your Computer Part of ‘The Largest Botnet Ever?’

Krebs on Security

MAY 29, 2024

” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. government, they were unaware,” Leatherman said.

VPN

VPN Government Cybercrime Internet

Zero-Day Vulnerability in FortiClient Exploited by BrazenBamboo APT

Penetration Testing

NOVEMBER 15, 2024

Cybersecurity firm Volexity has uncovered a zero-day vulnerability in Fortinet’s Windows VPN client, FortiClient, being exploited by the BrazenBamboo Advanced Persistent Threat (APT) group.

VPN

VPN Cybersecurity Malware

Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns

Security Affairs

APRIL 12, 2025

The cybersecurity firm revealed that attackers exploited known FortiGate flaws like CVE-2022-42475 , CVE-2023-27997 , and CVE-2024-21762 to gain persistent read-only access via a symlink in SSL-VPN language folders. ” Fortinet pointed out that only devices with SSL-VPN enabled are impacted. . FortiOS 7.4,

VPN

VPN Engineering Hacking Cybersecurity

SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN Tools

eSecurity Planet

MARCH 10, 2025

The post SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN Tools appeared first on eSecurity Planet. Explore best practices to prevent malware so you can protect your sensitive data and avoid financial and data loss.

VPN

VPN Antivirus Cryptocurrency Malware

Best of 2024: If You are Reachable, You Are Breachable, and Firewalls & VPNs are the Front Door

Security Boulevard

JANUARY 3, 2025

Firewalls and VPN appliances are critical gateways. The post Best of 2024: If You are Reachable, You Are Breachable, and Firewalls & VPNs are the Front Door appeared first on Security Boulevard. Like all on-prem systems, a vulnerability can lead to a compromise that is used to open the door for attackers.

Firewall

Firewall VPN Security Awareness Cybersecurity

Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

The Hacker News

MAY 3, 2025

An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years.

VPN

VPN Malware

Private Internet Access (PIA) vs ExpressVPN (2024): Which VPN Is Better?

Tech Republic Security

AUGUST 15, 2024

ExpressVPN’s overall polish, fast performance and wider server network give it a slight edge over PIA VPN’s feature-rich and affordable package.

VPN

VPN Internet Internet

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

911 says its network is made up entirely of users who voluntarily install its “free VPN” software. In this scenario, users indeed get to use a free VPN service, but they are often unaware that doing so will turn their computer into a proxy that lets others use their Internet address to transact online. “The 911[.]re

VPN

VPN Computers and Electronics Antivirus Software

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Services that are not related to VPN are not affected.” continues the advisory.

VPN

VPN Firewall Technology Passwords

Veeam Backup & Replication exploit reused in new Frag ransomware attack

Security Affairs

NOVEMBER 9, 2024

Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Some of these VPNs were running unsupported software versions.”

Backups

Backups Ransomware VPN Accountability

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 26, 2024

Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication.

VPN

VPN Authentication Hacking Risk

Surveillance of the Internet Backbone

Schneier on Security

AUGUST 25, 2021

It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. At a high level, netflow data creates a picture of traffic flow and volume across a network.

Internet

Internet Internet Surveillance VPN

Microsoft Will Remove the Free VPN That Comes With Windows Defender Soon

Tech Republic Security

FEBRUARY 3, 2025

The feature will no longer be available starting Feb. Microsoft wants to focus on new areas that will better align to customer needs.

VPN

VPN Artificial Intelligence

Google Chrome AI extensions deliver info-stealing malware in broad attack

Malwarebytes

JANUARY 9, 2025

Analyzed by researchers at Extension Total, the cybercriminal campaign has managed to take over the accounts of at least 36 Google Chrome extensions that provide AI and VPN services. million people.

Malware

Malware Small Business Artificial Intelligence VPN

J-magic malware campaign targets Juniper routers

Security Affairs

JANUARY 24, 2025

Lumen’s telemetry shows that roughly 50% of the targeted enterprise devices are configured as a virtual private network (VPN) gateway. The J-magic campaign is notable for targeting JunoOS, a FreeBSD-based operating system that threat actors rarely target in malware attacks.

Malware

Malware VPN Encryption Hacking

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). In the next phase (starting Dec 4, 2024), attackers targeted SSL VPN access by creating super admin accounts or hijacking existing ones.

Firewall

Firewall VPN Accountability Firmware

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Some of these VPNs were running unsupported software versions.”

Backups

Backups VPN Ransomware Authentication

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities. The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts.

Passwords

Passwords Wireless VPN Accountability

Attackers exploited SonicWall SMA appliances since January 2025

Security Affairs

APRIL 19, 2025

Arctic Wolf has uncovered an active campaign, running from January to April 2025, targeting SonicWall SMA 100 series appliances to steal VPN credentials. This week, SonicWall updated its advisory, confirming that this vulnerability is potentially being exploited in the wild.

Passwords

Passwords VPN Firewall Accountability

Popular Chrome Extensions Caught Leaking Sensitive User Data via Unencrypted HTTP

Penetration Testing

JUNE 6, 2025

Symantec reveals popular Chrome extensions like Browsec VPN & DualSafe Password Manager are leaking sensitive user data over unencrypted HTTP, risking privacy.

Password Management

Password Management VPN Passwords Risk

NailaoLocker ransomware targets EU healthcare-related entities

Security Affairs

FEBRUARY 20, 2025

The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features.

Healthcare

Healthcare Ransomware VPN Malware

Zyxel firewalls targeted in recent ransomware attacks

Security Affairs

NOVEMBER 25, 2024

“A command injection vulnerability in the IPSec VPN feature of some firewall versions could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device.” for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series. .

Firewall

Firewall Ransomware VPN Firmware

New VPN Backdoor

Malwarebytes acquires AzireVPN to fuel additional VPN features and functionalities

Trending Sources

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Chinese-Owned VPNs

Why Your VPN May Not Be As Secure As It Claims

Do you actually need a VPN? Your guide to staying safe online!

Proton VPN vs IPVanish: Which VPN is right for you?

Windscribe Acquitted on Charges of Not Collecting Users’ Data

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Zero-Day Vulnerability in Ivanti VPN

Top 11 Dangerous VPN Providers to Avoid in 2025

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

News alert: Case dismissed against VPN executive, affirms no-logs policy as a valid legal defense

New Attack on VPNs

Are VPN-ready routers the best home Wi-Fi upgrade? My buying advice after testing one

App Stores OK’ed VPNs Run by China PLA

SonicWall warns of an exploitable SonicOS vulnerability

Cisco fixed tens of vulnerabilities, including an actively exploited one

Not Just for Unlocking Content: How Attackers Are Leveraging Personal VPNs

Is Your Computer Part of ‘The Largest Botnet Ever?’

Zero-Day Vulnerability in FortiClient Exploited by BrazenBamboo APT

Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns

SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN Tools

Best of 2024: If You are Reachable, You Are Breachable, and Firewalls & VPNs are the Front Door

Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

Private Internet Access (PIA) vs ExpressVPN (2024): Which VPN Is Better?

A Deep Dive Into the Residential Proxy Service ‘911’

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Veeam Backup & Replication exploit reused in new Frag ransomware attack

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Surveillance of the Internet Backbone

Microsoft Will Remove the Free VPN That Comes With Windows Defender Soon

Google Chrome AI extensions deliver info-stealing malware in broad attack

J-magic malware campaign targets Juniper routers

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Chinese threat actors use Quad7 botnet in password-spray attacks

Attackers exploited SonicWall SMA appliances since January 2025

Popular Chrome Extensions Caught Leaking Sensitive User Data via Unencrypted HTTP

NailaoLocker ransomware targets EU healthcare-related entities

Zyxel firewalls targeted in recent ransomware attacks

Stay Connected