TPMS in Toyota, Mercedes, Hyundai Enables Silent Car Tracking
Tire Pressure Monitoring Systems in Toyota, Mercedes, Hyundai, and Renault cars send unencrypted data. This lets anyone with cheap receivers track vehicles and drivers passively.…
News
Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
CISA Warns of RESURGE Malware Targeting Ivanti Devices
CISA issued a warning about RESURGE malware exploiting zero-day flaws in Ivanti Connect Secure gateways. This threat uses CVE-2025-0282, a stack buffer overflow, to gain…
Angular SSR Vulnerability Enables Unauthorized Server Requests
A critical flaw in Angular Server-Side Rendering lets attackers trick apps into making unauthorized requests. Known as CVE-2026-27739, this Server-Side Request Forgery issue affects many…
QuickLens Chrome Extension Turns Rogue with Script Injection Attack
A Chrome extension named QuickLens transformed into a malicious tool after a quiet ownership change. It started injecting scripts and stripping browser security headers from…
US Military Used Claude AI in Iran Strikes Despite Trump Ban
The US military deployed Anthropic’s Claude AI during joint strikes on Iran. This happened hours after President Trump banned its use across federal agencies. The…
Hacked Prayer App Delivers Surrender Messages to Iranians Amid US-Israel Strikes
A popular Iranian prayer app called BadeSaba Calendar sent unauthorized push notifications to millions of users. These messages urged military personnel to surrender during joint…
AWS Middle East Outage Hits EC2 and Networking After Data Center Fire
AWS faced a major outage in its me-central-1 region on March 1, 2026. Unidentified objects struck a data center in mec1-az2, sparking a fire. Fire…
DOJ Seizes $61 Million Tether Tied to Pig Butchering Scams
The U.S. Department of Justice seized over $61 million in Tether (USDT) linked to pig butchering cryptocurrency scams. Homeland Security Investigations (HSI) in Raleigh traced…
Samsung TVs Stop Data Collection on Texas Users Without Consent
Samsung agreed to halt Automated Content Recognition (ACR) data collection from Texas smart TVs without express user consent. This settlement resolves a lawsuit filed by…
QuickLens Chrome Extension Steals Crypto Wallets in ClickFix Campaign
The QuickLens Chrome extension delivered malware to thousands of users starting February 17, 2026. It used ClickFix attacks and stole cryptocurrency from browsers. Google removed…
Korean Tax Agency Seed Phrase Leak Leads to $4.8M Crypto Theft
South Korea’s National Tax Service lost $4.8 million in seized cryptocurrency assets on February 28, 2026. A public press release exposed the mnemonic recovery phrase…
OpenClaw 0-Click Vulnerability Lets Malicious Sites Hijack AI Agents
A critical zero-click vulnerability in OpenClaw exposes developers to attacks from any malicious website. It allows silent takeover of the AI agent framework without user…
Hackers Abuse .arpa TLD and IPv6 Tunnels to Bypass Phishing Defenses
Phishing campaigns now exploit .arpa top-level domain and IPv6 tunnels to evade detection. Infoblox Threat Intel uncovered attackers creating A records in infrastructure-only .arpa namespace…
Metasploit Framework Update Delivers Critical RCE Modules and Evasion Tools
Metasploit released seven new modules on February 27, 2026 targeting high-value enterprise infrastructure. Penetration testers gain unauthenticated RCE exploits for Ollama AI servers, BeyondTrust appliances,…
Claude Code Vulnerabilities Enable RCE and API Key Theft via Malicious Repos
Claude Code from Anthropic contained critical flaws allowing remote code execution and API key theft through malicious project files. CVE-2025-59536 and CVE-2026-21852 triggered on cloning…