vpn-security
Safeguard articles tagged "vpn-security" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Comparing quantum-safe VPN and networking products on the...
A practical buyers guide to quantum-safe VPN options, comparing Cisco, Palo Alto Networks, Mullvad, ExpressVPN, Zscaler, and Post-Quantum on real strengths and limitations.
Ivanti Connect Secure Zero-Day: CVE-2025-0282 Under Active Exploitation
A stack-based buffer overflow in Ivanti Connect Secure allowed unauthenticated remote code execution. Chinese threat actors exploited it before any patch existed.
Cisco ASA and FTD CVE-2024-20481: Brute-Force DoS in VPN Services
CVE-2024-20481 in Cisco ASA and Firepower Threat Defense VPN services was actively exploited in large-scale brute-force campaigns, causing denial of service on critical VPN infrastructure.
SonicWall SSL VPN CVE-2024-40766: Ransomware's Favorite Front Door
CVE-2024-40766 in SonicWall SonicOS became an immediate target for Akira and Fog ransomware groups, highlighting the ongoing risk of VPN appliance vulnerabilities.
Check Point VPN Zero-Day CVE-2024-24919: Information Disclosure Under Active Exploitation
A critical information disclosure vulnerability in Check Point VPN products allowed attackers to read sensitive files including password hashes, enabling lateral movement into enterprise networks.
Ivanti Connect Secure Zero-Day: CVE-2024-21887 and CVE-2023-46805 Exploited in the Wild
Two chained zero-days in Ivanti Connect Secure VPN appliances gave attackers unauthenticated remote code execution. Here's what happened and why perimeter devices remain a favorite target.
FortiGate CVE-2023-27997: Critical Heap Overflow in SSL VPN
A pre-authentication heap overflow in FortiOS SSL VPN allowed remote code execution on hundreds of thousands of internet-facing firewalls.