serisec

Category: VPN

  • Urban VPN Proxy Surreptitiously Intercepts AI Chats

    Urban VPN Proxy Surreptitiously Intercepts AI Chats This is pretty scary: Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), Meta AI. For each platform, the extension includes a dedicated “executor” script designed to intercept and capture conversations. The harvesting is enabled by default through hardcoded…

  • Banning VPNs

    Banning VPNs This is crazy. Lawmakers in several US states are contemplating banning VPNs, because…think of the children! As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” in A.B. 105/S.B. 130. It’s an age verification bill that requires all websites distributing material that…

  • Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack

    Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack A critical security vulnerability affecting Cisco Meraki MX and Z Series devices could allow unauthenticated attackers to launch denial of service (DoS) attacks against AnyConnect VPN services.  The vulnerability, tracked as CVE-2025-20271 with a CVSS score of 8.6, was published on June 18, 2025, and…

  • Chinese-Owned VPNs

    Chinese-Owned VPNs One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain. A new study found that many commercials VPNS are (often surreptitiously) owned by Chinese companies. It would…

  • Windscribe Acquitted on Charges of Not Collecting Users’ Data

    Windscribe Acquitted on Charges of Not Collecting Users’ Data The company doesn’t keep logs, so couldn’t turn over data: Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in…

  • Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom

    Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom In episode 403 of “Smashing Security” we dive into the mystery of $65 million vanishing from Coinbase users faster than J-Lo slipped into Graham’s DMs, Geoff gives a poor grade for PowerSchool’s security, and Carole takes a curious look at QR…

  • New VPN Backdoor

    New VPN Backdoor A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a…

  • Zero-Day Vulnerability in Ivanti VPN

    Zero-Day Vulnerability in Ivanti VPN It’s being actively exploited. Bruce Schneier Go to bruce schneier