Security News

A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. [...]

Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely...

America's Cyber Defense Agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS. [...]

A design flaw in the Fortinet VPN server's logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of...

ProtonVPN is an all-around VPN that operates under Switzerland’s strong privacy laws, setting it apart from other services in the market.

Vendor offers 20% discount on new model, but not patches Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious...

No word on when or if the issue will be fixed Chinese government-linked snoops are exploiting a zero-day bug in Fortinet's Windows VPN client to steal credentials and other information, according...

D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices. [...]

The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. [...]

Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials. [...]