Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
A critical local privilege escalation flaw in Windows Error Reporting (WER) service now has a public PoC exploit. Known as CVE-2026-20817, it lets low-privileged users…
A critical Universal Cross-Site Scripting (UXSS) flaw hit the DuckDuckGo Android browser. It carried a CVSS score of 8.6. Cross-origin iframes could run arbitrary JavaScript…
APT28 hackers exploited a zero-day flaw in Microsoft’s MSHTML framework before the February 2026 Patch Tuesday fix. Tracked as CVE-2026-21513, this vulnerability carries a CVSS…
Anthropic’s Claude AI faced a major global outage on March 2, 2026. Elevated error rates hit the web interface, developer console, and APIs starting at…
GTFire phishing scheme uses Google Translate and Firebase to steal login credentials worldwide. Attackers hide behind trusted Google domains to bypass email filters and security…
Hackers launched a massive scan against SonicWall firewalls using over 4,000 unique IP addresses. The campaign hit 84,142 sessions from February 22-25, 2026. Attackers mapped…
OCRFix botnet trojan spreads through fake CAPTCHA tricks and blockchain-stored commands. It impersonates Tesseract OCR software to infect Windows machines. Cyjax researchers uncovered this campaign…
Tire Pressure Monitoring Systems in Toyota, Mercedes, Hyundai, and Renault cars send unencrypted data. This lets anyone with cheap receivers track vehicles and drivers passively.…
CISA issued a warning about RESURGE malware exploiting zero-day flaws in Ivanti Connect Secure gateways. This threat uses CVE-2025-0282, a stack buffer overflow, to gain…
A critical flaw in Angular Server-Side Rendering lets attackers trick apps into making unauthorized requests. Known as CVE-2026-27739, this Server-Side Request Forgery issue affects many…
A Chrome extension named QuickLens transformed into a malicious tool after a quiet ownership change. It started injecting scripts and stripping browser security headers from…
The US military deployed Anthropic’s Claude AI during joint strikes on Iran. This happened hours after President Trump banned its use across federal agencies. The…
A popular Iranian prayer app called BadeSaba Calendar sent unauthorized push notifications to millions of users. These messages urged military personnel to surrender during joint…
AWS faced a major outage in its me-central-1 region on March 1, 2026. Unidentified objects struck a data center in mec1-az2, sparking a fire. Fire…
The U.S. Department of Justice seized over $61 million in Tether (USDT) linked to pig butchering cryptocurrency scams. Homeland Security Investigations (HSI) in Raleigh traced…