Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
Apache has fixed two security issues in Apache ActiveMQ that affect the web console and management interfaces, including a header injection flaw in MessageServlet and…
A threat actor used AI-assisted development tools to build a post-exploitation framework that automates Active Directory discovery and tests malware against endpoint detection and response…
A critical vulnerability in the Kirki WordPress plugin can let unauthenticated attackers take over administrator accounts on vulnerable websites by abusing the plugin’s password reset…
Five newly reported OpenClaw vulnerabilities exposed a serious weakness in how AI agents decide who can issue trusted commands across messaging platforms such as Slack,…
CISA, the FBI, NSA, DOE, EPA, TSA, DOT, and USDA are warning owners and operators to secure automatic tank gauge systems after malicious activity targeted…
Security researchers have identified a new JavaScript-based remote access threat called JS.MonoGlyphRAT that targets businesses through fake purchase orders, quotes, and request-for-proposal attachments. The malware,…
The Gentlemen has become one of the most active ransomware operations of 2026, using Fortinet exploits, stolen credentials, custom command-and-control tooling, and AI-assisted workflows to…
Security researchers are warning about HazyBeacon, a Windows backdoor campaign that abuses Amazon Web Services infrastructure to hide command-and-control traffic inside trusted cloud communications. The…
Security researchers found a Google Gemini prompt injection flaw that could let a malicious notification from WhatsApp, Slack, SMS, Signal, Instagram, Messenger, or another messaging…
Hackers reportedly hijacked several Instagram accounts by tricking Meta’s AI-powered support assistant into helping them add a new email address and reset passwords. The incident…
A critical vulnerability in the WP Maps Pro WordPress plugin can let unauthenticated attackers create administrator accounts and take over vulnerable websites. The flaw is…
Gamaredon is using a modular malware chain that hides inside native Windows features and relies on public cloud and messaging platforms to maintain command-and-control access.…
Dashlane has confirmed that a brute-force attack targeting user accounts caused temporary account lockouts and, in fewer than 20 cases, allowed attackers to download encrypted…
A StrongDM authentication vulnerability could let attackers reuse locally stored session material to gain access to infrastructure resources as another user. The flaw, tracked as…
Google has patched an Android zero-day vulnerability that may have been exploited in limited, targeted attacks. The flaw, tracked as CVE-2025-48595, affects the Android Framework…