15-Year-Old strongSwan Flaw Lets Attackers Crash VPNs via Integer Underflow A 15-year-old integer underflow in strongSwan’s EAP-TTLS plugin can trigger massive heap corruption and allow an attacker to knock VPN services offline by forcing impossible memory allocations. Bishop Fox and strongSwan (CVE-2026-25075) advise upgrading vulnerable installations to 6.0.5 or later, disabling EAP-TTLS if unused, and using the provided non-crashing test tool...

A 15-year-old integer underflow in strongSwan’s EAP-TTLS plugin (CVE-2026-25075) causes massive heap corruption, allowing attackers to crash VPNs via impossible memory allocations. Affects versions 4.5.0 to 6.0.4. #strongSwan #VPNFlaw #Germany

FortiClient VPN Flaw Enables Undetected Brute-Force Attacks A design flaw in the logging mechanism of Fortinet's VPN servers has been uncovered, allowing attackers to conduct brute-force attacks without detection.

FortiClient VPN Flaw Enables Undetected Brute-Force Attacks
gbhackers.com/forticlient-...
#Infosec #Security #Cybersecurity #CeptBiro #FortiClient #VPNFlaw #Undetected #BruteForceAttacks

Critical flaw alert! Researchers uncover attack on VPN apps, redirecting traffic outside encrypted tunnels. Android takes action to mitigate risk, prioritizing user security. Stay informed, stay protected. #VPNFlaw #AndroidSecurity r/martechnewser