Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

ExpressVPN Fixes Privacy Bug

February 12, 2024
Reading Time: 2 mins read
in Alerts

ExpressVPN has recently identified a critical bug in its software that compromised user privacy by exposing the domains visited to configured DNS servers. This bug specifically affected Windows versions 12.23.1 to 12.72.0, published between May 19, 2022, and February 7, 2024, and impacted users utilizing the split tunneling feature. Split tunneling allows users to selectively route internet traffic, but due to the bug, DNS requests were directed to the user’s ISP rather than ExpressVPN’s servers, potentially exposing browsing habits. This leak, reported by CNET’s Attila Tomaschek, could lead to ISPs tracking user activity, breaching the fundamental promise of VPN services to protect user privacy.

ExpressVPN promptly addressed the issue by removing the split tunneling feature from its latest version and advising affected users to upgrade to version 12.73.0. The company emphasized the importance of this upgrade to mitigate the vulnerability and restore user privacy. Additionally, ExpressVPN assured users that all online traffic remained encrypted and inaccessible to ISPs or any third parties, except for the leaked DNS requests.

Approximately 1% of ExpressVPN’s Windows users were impacted by this bug, mainly occurring in the “Only allow selected apps to use the VPN” split-tunneling mode. However, for those unable to upgrade immediately, ExpressVPN provided a temporary solution by recommending the disabling of split tunneling to prevent DNS request leaks. Furthermore, users requiring split tunneling functionality were advised to download and utilize version 10, which remained unaffected by the bug until a fix could be implemented and split tunneling reintroduced in a future release.

Reference:
  • After a tip, ExpressVPN acts swiftly to protect customers
Tags: Cyber AlertCyber Alerts 2024Cyber RiskCyber threatDNS tunnelingExpressVPNFebruary 2024VPNVulnerabilities
ADVERTISEMENT

Related Posts

TikTok Videos Spread Vidar StealC Malware

TikTok Videos Spread Vidar StealC Malware

May 23, 2025
TikTok Videos Spread Vidar StealC Malware

New ZeroCrumb Malware Steals Browser Cookies

May 23, 2025
TikTok Videos Spread Vidar StealC Malware

CISA Commvault ZeroDay Flaw Risks Secrets

May 23, 2025
GitLab Patch Stops Service Disruption Risks

Function Confusion Hits Serverless Clouds

May 22, 2025
GitLab Patch Stops Service Disruption Risks

3AM Ransomware Email Bomb and Vishing Threat

May 22, 2025
GitLab Patch Stops Service Disruption Risks

GitLab Patch Stops Service Disruption Risks

May 22, 2025

Latest Alerts

New ZeroCrumb Malware Steals Browser Cookies

TikTok Videos Spread Vidar StealC Malware

CISA Commvault ZeroDay Flaw Risks Secrets

GitLab Patch Stops Service Disruption Risks

3AM Ransomware Email Bomb and Vishing Threat

Function Confusion Hits Serverless Clouds

Subscribe to our newsletter

    Latest Incidents

    Cetus Crypto Exchange Hacked For $223M

    MCP Data Breach Hits 235K NC Lab Patients

    UFCW Data Breach Risks Social Security Data

    Cyberattack Paralyzes French Hauts de Seine

    Santa Fe City Loses $324K In Hacker Scam

    Belgium Housing Hit by Ransomware Attack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial