Security News

"TunnelVision's effect is independent of the underlying VPN protocol because it reconfigures the operating system network stack the VPN relies on." Anyone who is able to operate a DHCP server on the same network as someone using a VPN, and get that VPN client's machine to use that DHCP server, can decloak their traffic because of a particular feature in the configuration protocol: option 121, which allows administrators to add classless static routes to client routing tables.

A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. The attackers set up a rogue DHCP server that alters the routing tables so that all VPN traffic is sent straight to the local network or a malicious gateway, never entering the encrypted VPN tunnel.

Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user's IP address.

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. As Mullvad found out while investigating the issue spotted on April 22, an Android bug leaks some DNS information even when these features are enabled on the latest OS version.

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. Enabling the "Block Connections Without VPN" option ensures that ALL network traffic and connections pass through the always-connected VPN tunnel, blocking prying eyes from monitoring the users' web activity.

Microsoft has confirmed that the April 2024 Windows security updates break VPN connections across client and server platforms. The company explains on the Windows health dashboard that "Windows devices might face VPN connection failures after installing the April 2024 security update or the April 2024 non-security preview update."

VPNs are legal to use in most countries, including the United States, United Kingdom, Canada, some European Union countries, Australia and Japan. So while VPNs provide privacy and security, they don't exempt users from legal responsibilities.

With numerous VPN options available for iPhone users, choosing the right app can be a challenge. To help simplify the selection process, we have curated a list of the best VPNs for iPhone users.

Atlas VPN Free is a lifetime-free version of the Atlas VPN service, which allows users to enjoy VPN services in four locations. Atlas VPN has a unique feature-set - some of which available both in the Free and Premium versions - especially on a fairly new VPN founded in 2019.

Modern protocols IKEv2 and WireGuard are available in both VPNs. Unfortunately, only Proton VPN supports the widely-used, industry standard OpenVPN protocol. Visit Atlas VPN. Should your organization use Proton VPN or Atlas VPN? Proton VPN and Atlas VPN offer similar features to protect their users' web activity and online privacy.