Latest VPN News
New Mistic Backdoor Fuels KongTuke Ransomware Attacks
Security researchers have uncovered a new piece of malware called the Mistic backdoor, and it is built for one purpose: to stay hidden for as long as possible. First spotted in active attacks in April 2026, Mistic has been deployed against organizations in insurance, education, IT, and professional services. Researchers believe it is the latest tool from KongTuke, a criminal

OpenAI Daybreak Cybersecurity Push Targets Patching
Finding security flaws in software has never been easier. Fixing them is a different story. That gap between discovery and remediation has grown into one of the most serious problems in modern cybersecurity, and OpenAI just made it the central focus of its expanded Daybreak cybersecurity initiative. The company rolled out a new wave of tools and partnerships under the

LastPass Confirms Data Breach in Supply Chain Attack
Password manager giant LastPass has confirmed a data breach affecting customer information stored in its Salesforce environment. The incident traces back to a supply chain attack on Klue, a third-party market intelligence platform, which gave hackers access to authentication tokens that connected into LastPass's CRM systems. Importantly, the breach did not touch user vaults or LastPass's core infrastructure. How the

WhatsApp Phishing Attack Spreads Via Fake Docs
A WhatsApp phishing attack is currently spreading across at least 11 countries, and it is more convincing than most. The messages arrive from people you know. The attachments look like invoices, financial reports, or account notices. And if you open one on a Windows PC, attackers can quietly take full control of your machine. Cybersecurity researchers have identified an active

Prinz Eugen Ransomware Targets Your Newest Files
A new ransomware strain called Prinz Eugen is drawing attention from security researchers, and its approach sets it apart from most threats in this space. Rather than encrypting files in a random or alphabetical order, Prinz Eugen targets the most recently modified files first. The goal is to lock down the data that matters most before defenders have a chance

ShapedPlugin Hit by Supply Chain Attack on WordPress Updates
A trusted update button just became a liability for thousands of WordPress site owners. ShapedPlugin, a vendor known for popular front-end and content display tools, confirmed that its official update system delivered backdoored software directly to paying customers. The company's free plugins alone power more than 400,000 active websites. Which gives a sense of how wide ShapedPlugin's reach extends across

FortiBleed Leak Hits Thousands of Fortinet VPN Devices
A new security incident known as FortiBleed has exposed Fortinet VPN credentials for tens of thousands of organizations worldwide. Researchers found a database containing login credentials for more than 73,000 Fortinet and FortiGate firewall devices. The data includes usernames, email addresses, and plaintext passwords. The list names household brands like Chevron, Samsung, Foxconn, Comcast, AT&T, Mercedes-Benz, and Toyota. Security researcher

New Rokarolla Android Malware Hits 217 Banking Apps
A fake Chrome download could hand a stranger full control of your phone. So could a bogus TikTok app. Security researchers at Zimperium just uncovered a new Android banking trojan that does exactly that. The newly identified Rokarolla Android malware targets 217 banking and cryptocurrency apps, backed by 137 remote commands. This isn't a typical credential stealer. Rokarolla locks onto

Infinite Campus Data Breach Exposes 137K School Staff
A new wave of school cybersecurity trouble landed in March. Attackers broke into the Salesforce systems behind Infinite Campus, a student information platform used by school districts nationwide. The Infinite Campus data breach didn't touch student records directly. Instead, it exposed personal details for more than 137,000 school staff members across the country. The incident adds another entry to a

Kyushu Electric Power Data Breach Hits 10.9 Million Customers
A backup hard drive holding personal data on up to 10.9 million people has vanished from a Japanese utility's server room. Weeks into the investigation, nobody can say where it went. The Kyushu Electric Power data breach is shaping up to be one of the largest data exposure incidents reported in Japan this year. This didn't involve a sophisticated hack.
