CyberSecurityBoard
Sponsor Register Login

ExpressVPN Windows Client Vulnerability Exposes Users Real IP Addresses With RDP Connection

The flaw, discovered through the company’s bug bounty program, affected specific versions of the Windows client and allowed TCP traffic over port 3389 to bypass the VPN tunnel, potentially revealing users’ actual network locations to internet service providers and network observers. Users are strongly advised to update to the latest version of the ExpressVPN Windows application to ensure they benefit from these security enhancements and maintain optimal privacy protection during their VPN sessions. This code caused a critical routing failure where traffic using TCP port 3389, the standard port for Remote Desktop Protocol connections, would not be properly tunneled through the VPN infrastructure as intended. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. This type of exposure defeats the primary purpose of VPN protection, which is to mask users’ real network locations and maintain anonymity. Security researcher Adam-X responsibly disclosed the vulnerability to ExpressVPN through their bug bounty platform.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 22 Jul 2025 10:35:12 +0000


Cyber News related to ExpressVPN Windows Client Vulnerability Exposes Users Real IP Addresses With RDP Connection

ExpressVPN Review (2024): Pricing, Features, Pros, & Cons - You can unsubscribe at any ...
10 months ago Techrepublic.com
How To Protect RDP From Ransomware Attacks - RDP is common across businesses now that roughly half of all Americans can work at least part time from home. Employees can keep their work computers in the office but use them from their home devices through RDP. How Cybercriminals Target RDP As ...
1 year ago Feeds.dzone.com
ExpressVPN bug leaked user IPs in Remote Desktop sessions - ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. Last year, ExpressVPN faced another issue causing DNS ...
1 month ago Bleepingcomputer.com
ExpressVPN bug has been leaking some DNS requests for years - ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. The bug was introduced in ExpressVPN Windows versions 12.23.1 - ...
1 year ago Bleepingcomputer.com
Adobe Real-Time CDP: Personalized Customer Experience - Adobe Experience Cloud Products like Adobe Real-Time CDP are available to assist. A revolutionary solution called Adobe Real-Time Customer Data Platform was created to assist companies in realizing the whole value of their customer data. Adobe ...
1 year ago Hackread.com
New Forensic Technique Uncovers Hidden Trails Left by Hackers Exploiting RDP - Forensic tools reconstruct attacker screen activity from thousands of 64x64 pixel bitmap fragments stored in RDP cache files, revealing viewed files and commands. Investigators identify RDP attackers through Windows Event IDs 4624/4625 and unique ...
1 month ago Cybersecuritynews.com
ExpressVPN Windows Client Vulnerability Exposes Users Real IP Addresses With RDP Connection - The flaw, discovered through the company’s bug bounty program, affected specific versions of the Windows client and allowed TCP traffic over port 3389 to bypass the VPN tunnel, potentially revealing users’ actual network locations to ...
1 month ago Cybersecuritynews.com
CVE-2024-56547 - In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix missed RCU barrier on deoffloading Currently, running rcutorture test with torture_type=rcu fwd_progress=8 n_barrier_cbs=8 nocbs_nthreads=8 nocbs_toggle=100 ...
7 months ago Tenable.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
15 Best Bandwidth Monitoring Tools in 2025 - By providing real-time data on network usage, bandwidth monitoring tools enable proactive management and quick resolution of issues that could impact network performance. It provides real-time monitoring of network performance, traffic analysis, and ...
1 month ago Cybersecuritynews.com
15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
3 months ago Cybersecuritynews.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
New Remote Desktop Puzzle Let Hackers Exfiltrate Sensitive Data From Organization - “The RDP bitmap cache is a witness to remote desktop interactions, providing insights into past activities,” Pen Test Partners said to Cyber Security News. In a recent case study, Pen Test Partners investigated a data breach where an ...
3 months ago Cybersecuritynews.com
Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections - This method, described as “Rogue RDP” by GTIG, allows attackers to access the victim’s file systems, clipboard data, and potentially even system variables, all under the guise of a legitimate application check. The deployment of ...
4 months ago Cybersecuritynews.com
Surge in coordinated scans targets Microsoft RDP auth servers - A recent surge in coordinated scanning activity has been detected targeting Microsoft Remote Desktop Protocol (RDP) authentication servers. This increase in scanning is believed to be a precursor to potential exploitation attempts, aiming to identify ...
23 hours ago Bleepingcomputer.com
Tech CEO Sentenced to 5 Years in IP Address Scheme - Amir Golestan, the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC, has been sentenced to five years in prison for wire fraud. Golestan's sentencing comes nearly two years after he pleaded guilty to using an elaborate ...
1 year ago Krebsonsecurity.com
What Is Dynamic Host Configuration Protocol (DHCP)? - DHCP, or Dynamic Host Configuration Protocol, is a network protocol that allows devices on a network to be automatically assigned an IP address. DHCP is used extensively in both home and enterprise networks, as it simplifies the process of ...
2 years ago Heimdalsecurity.com
Kimusky Hackers Exploiting RDP & MS Office Vulnerabilities in Targeted Attacks - A sophisticated Advanced Persistent Threat (APT) operation named Larva-24005, linked to the notorious Kimsuky threat group, has been discovered actively exploiting critical vulnerabilities in Remote Desktop Protocol (RDP) and Microsoft Office ...
4 months ago Cybersecuritynews.com Equation Kimsuky CVE-2019-0708
15 Best Docker Monitoring Tools in 2025 - What is Good ?What Could Be Better ?cAdvisor monitors containers without much overhead because to its minimal resource footprint.Real-time monitoring is its main focus, and historical data storage is limited.It simplifies troubleshooting using ...
1 month ago Cybersecuritynews.com
Microsoft fixes Remote Desktop issues caused by Windows updates - "After installing the January 2025 Windows preview update (KB5050094) and later updates, users might experience unexpected disconnections with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS)," the company said in a ...
4 months ago Bleepingcomputer.com
Google Chrome To Roll Out Real-Time Phishing Protection - Google Chrome has been protecting users from malicious websites and files with Safe Browsing, which maintains a locally-stored list updated every 30-60 minutes. To address it, Chrome is introducing a new version of Safe Browsing that provides ...
1 year ago Cybersecuritynews.com
Microsoft: Recent Windows updates cause Remote Desktop issues - "After installing the January 2025 Windows preview update (KB5050094) and later updates, users might experience unexpected disconnections with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS)," the company said in a new ...
5 months ago Bleepingcomputer.com
10 Best Dark Web Monitoring Tools in 2025 - DarkOwl is a comprehensive dark web monitoring tool that provides organizations with real-time intelligence on emerging threats and data breaches. Recorded Future is a comprehensive dark web monitoring tool that leverages machine learning and ...
3 weeks ago Cybersecuritynews.com
Microsoft Warns of New StilachiRAT Stealing Remote Desktop Protocol Sessions Data - Microsoft has issued an urgent security advisory regarding a newly discovered malware strain called StilachiRAT, which specifically targets and exfiltrates data from Remote Desktop Protocol (RDP) sessions. Microsoft recommends organizations implement ...
5 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)