Incident Response
The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.
Hi, what are you looking for?
SecurityWeek
All posts tagged "VPN"
Vulnerabilities
Palo Alto Networks and SonicWall VPNs affected by vulnerabilities allowing remote code execution and privilege escalation.
Malware & Threats
The DeepData malware framework was seen exploiting a Fortinet VPN client for Windows zero-day that remains unpatched.
Funding/M&A
Malwarebytes has acquired Sweden-based privacy-focused VPN provider AzireVPN to expand its product offerings.
Endpoint Security
The vulnerabilities, patched in OpenVPN 2.6.10, expose users on the Windows platform to remote code execution attacks.
Privacy
Researchers show how the Port Shadow technique against VPNs can allow MitM attacks, enabling threat actors to intercept and redirect traffic.
Malware & Threats
PoC code targeting a recent Check Point VPN zero-day has been released as Censys identifies 14,000 internet-accessible appliances.
Malware & Threats
The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords.
Identity & Access
Check Point is warning customers that threat actors are targeting insecure VPN instances for initial access to enterprise networks.
Vulnerabilities
A new VPN bypass technique allows threat actors to snoop on victims’ traffic by forcing it off the VPN tunnel using built-in features of...
Malware & Threats
Cisco has observed an increase in brute-force attacks targeting web application authentication, VPNs, and SSH services.
Network Security
Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution.
Vulnerabilities
ExpressVPN disables split tunneling on Windows after learning that DNS requests were not properly directed.
Malware & Threats
In an unprecedented move, CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48...
Nation-State
Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won't be available until January 22.
Vulnerabilities
AtlasVPN developers are working on a patch for an IP leak vulnerability after a researcher publicly disclosed the flaw due to being ignored.
Network Security
Join Cloudflare and SecurityWeek for a webinar to discuss “VPN Replacement: Other ZTNA Superpowers CISOs Should Know”
Nation-State
A China-linked hackers are exploiting a vulnerability (CVE-2022-42475 ) in Fortinet FortiOS SSL-VPN, Mandiant claims.
Cybersecurity Funding
The investment round was led by CRV and Insight Partners, with participation from existing investors Accel, Heavybit, Uncork Capital, and angel investors.
IoT Security
PCA Cyber Security has discovered critical vulnerabilities in the BlueSDK Bluetooth stack that could have allowed remote code execution on car systems.
Artificial Intelligence
Network Security
Mobile & Wireless
Details have been disclosed for an eSIM hacking method that could impact many, but the industry is taking action.
Data Breaches
Cybersecurity Funding
Artificial Intelligence