Cisco VPNs, Email Services Hit in Separate Threat Campaigns
The company suffered one sophisticated five-alarm campaign and one messy spray-and-pray attack, mere days apart.
A VPN creates an encrypted tunnel between devices and a remote network, making its configuration and flaws important to privacy and access control.
Search across headline titles and summaries.
Background for this topic.
VPN (virtual private network) creates an encrypted tunnel between a device and a VPN gateway, or between networks, across an untrusted network such as the internet. It is commonly used for remote access and site-to-site connectivity. Encryption protects traffic in transit between the tunnel endpoints, but it does not secure a compromised device, protect data after it reaches the destination, or automatically make the VPN provider trustworthy; logging and traffic visibility depend on its configuration and operator.
VPN gateways are high-value entry points: vulnerabilities in internet-facing appliances, weak protocols or configurations, and stolen credentials can enable unauthorized access to internal systems. Organizations should patch and securely configure gateways, require phishing-resistant or otherwise strong multi-factor authentication where practical, restrict access and segment remote sessions, and monitor authentication and connection logs. During an incident, VPN account and gateway records can help identify access, while compromised gateways may require credential resets and network-wide review.
The company suffered one sophisticated five-alarm campaign and one messy spray-and-pray attack, mere days apart.
WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks
An automated campaign is targeting multiple VPN platforms, with credential-based attacks being observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN. [...]
More than 8 million people have installed extensions that eavesdrop on chatbot interactions Ad blockers and VPNs are supposed to protect your privacy, but four popular browser extensions have been doing just the opposite. According to research from Koi Security, these pernicious plug-ins have been harvesting the text of chatbot conversations from more than 8 million people and sending them back to the developers.…
The browser extension Urban VPN Proxy has been reportedly collecting users’ AI chat conversations
Urban VPN Proxy, which claims to protect users' privacy, collects data from conversations with ChatGPT, Claude, Gemini, Copilot and other AI assistants.
Bum note for 20 percent of users whose data leaked Music hosting and streaming service SoundCloud has admitted it suffered a cyberattack.…
Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database containing user information. [...]
Users accessing the SoundCloud audio streaming platform through a virtual private network (VPN) connection are denied access to the service and see a 403 'forbidden' error. [...]
A Google Chrome extension with a "Featured" badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity
Microsoft says that recent Windows 11 security updates are causing VPN networking failures for enterprise users running Windows Subsystem for Linux. [...]
Minister insists 'modest' bill is not an assault on privacy-preserving tech The Danish government wants the public to weigh in on its proposed laws restricting use of VPNs to access certain corners of the internet.…