Security news aggregator

Latest coverage for VPN

A VPN creates an encrypted tunnel between devices and a remote network, making its configuration and flaws important to privacy and access control.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

VPN (virtual private network) creates an encrypted tunnel between a device and a VPN gateway, or between networks, across an untrusted network such as the internet. It is commonly used for remote access and site-to-site connectivity. Encryption protects traffic in transit between the tunnel endpoints, but it does not secure a compromised device, protect data after it reaches the destination, or automatically make the VPN provider trustworthy; logging and traffic visibility depend on its configuration and operator.

VPN gateways are high-value entry points: vulnerabilities in internet-facing appliances, weak protocols or configurations, and stolen credentials can enable unauthorized access to internal systems. Organizations should patch and securely configure gateways, require phishing-resistant or otherwise strong multi-factor authentication where practical, restrict access and segment remote sessions, and monitor authentication and connection logs. During an incident, VPN account and gateway records can help identify access, while compromised gateways may require credential resets and network-wide review.

Volume over time

Weekly headline count for the current query.

Showing 7 most recent headlines Filtered view

U.S. sanctions hit VPN provider 1VPNS and a cryptor seller for enabling ransomware gangs behind billions in losses to critical infrastructure. The U.S. Treasury’s Office of Foreign Assets Control sanctioned two individuals and one entity on July 13 for supplying tools and infrastructure to ransomware groups that have caused billions of dollars in losses to […]

Fake apps like WireVPN and a trojanized 7-Zip turn victims’ devices into residential proxies, letting criminals route traffic through their IPs. Infoblox’s threat research team started pulling on a single thread in early 2026: a fake version of the 7-Zip archive utility hosted at 7zip[.]com instead of the real site, 7-zip[.]org. The researchers uncovered a […]

FortiBleed: Admin Passwords for 75,000 Fortinet Firewalls Are Out in the Wild. Half the Internet-Facing Fortinets on the Planet. Security researcher Bob Diachenko found a server sitting open on the internet containing what appeared to be valid Fortinet VPN credentials, including usernames, email addresses, and plaintext passwords for tens of thousands of organizations. He posted […]

Palo Alto Networks warns that attackers are actively exploiting CVE-2026-0257, a PAN-OS flaw that lets unauthorized users bypass authentication and establish VPN connections. Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a PAN-OS authentication bypass vulnerability affecting GlobalProtect portals and gateways. Palo Alto Networks addressed the vulnerability on May 13. Two weeks later, cybersecurity firm Rapid7 […]

CVE-2026-0257 lets attackers forge Palo Alto GlobalProtect auth cookies and bypass VPN login. Exploitation confirmed since May 17. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May 13. Two weeks later, cybersecurity firm Rapid7 confirmed active exploitation across multiple customer environments. The flaw impacts the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS […]

19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they hand to companies is locked somewhere safe. Researchers at Mysterium VPN just ran the numbers, and the numbers disagree. Across 535,480 publicly listable cloud storage […]