Skip to main content
  1. Home
  2. Computing
  3. News

ProtonVPN and NordVPN patched up vulnerabilities before they became known

Add as a preferred source on Google
Mark Coppock/Digital Trends

Following the announcement from Cisco Talos that both NordVPN and ProtonVPN’s internet traffic obfuscating services were vulnerable to a newly discovered bug, both companies have come out with statements of their own to calm the fears of their users. It turns out that the respective flaws were patched out weeks ago, back when no one had heard anything about them.

The flaws in question piggybacked a patch applied by both companies to a bug discovered earlier this year. That April fix had its own flaw in it, according to ZDNet, which made it possible for a theoretical attacker to take control of the user’s system by exploiting the design of both NordVPN and ProtonVPN’s clients. Fortunately, those bugs were patched out well before the general public was made aware of them.

Recommended Videos

“The vulnerability described in their report no longer exists on our systems. When it did, it was completely undocumented and quite possibly unknown to anyone in the world,” NordVPN said on its blog. “When they discovered the CVE vulnerability in our and other VPN providers’ systems, Talos Intelligence, like all ethical security research firms, approached us with the news first before publishing it. They waited until we fixed the problem before publishing their findings to ensure that no VPN users were exposed to any additional risk.”

ProtonVPN released its own statement to ZDNet, claiming that the fix it has now implemented would eliminate all bugs of this type, but it will continue to investigate the issue to make sure.

Also of import is the fact that this particular exploit required hard access to a victim’s machine in the first place. That meant that even if this bug hadn’t been patched out, an attacker would have to have physical or remote access to the machine through a guest account or malware attack to execute the VPN exploit. As NordVPN pointed out in its blog post, if a hacker already has such access to a system, there are many other options they would have to further the attack. This exploit would merely be one extra attack vector.

With that in mind, this security breach wasn’t as damaging as some may have made out, but regardless, it’s good to see companies like NordVPN and ProtonVPN responding so swiftly to the problem.

If you want to make sure that your system is as protected as it can be, just run the updater within your VPN software to download the latest version if it hasn’t done so automatically.

For a look at some of our favorite VPNs, here’s our guide to the best.

Jon Martindale
Jon Martindale covers how to guides, best-of lists, and explainers to help everyone understand the hottest new hardware and…
Canva Code 2.0 just made vibe coding way less intimidating for everyone
Canva Code 2.0 feature

Coding used to be reserved for developers who spent years learning complex languages. That has slowly changed with vibe coding, which lets you build apps and websites using simple, plain-language prompts. 

The problem is that most of these tools still feel intimidating for regular folks, as they still need to understand the code to make any meaningful changes. If not, everything you make tends to look the same.

Read more
Windows users can finally pick when updates stop with Microsoft’s latest patch
From pausing updates on your own schedule to rolling back a broken PC in one click, here's everything new in Windows 11's July 2026 update.
Windows 11 Laptop

Patch Tuesday updates are usually a shrug-and-install affair, but Microsoft's July 2026 release actually gives you something to be excited about.

You can grab this update, tagged KB5101650, right now through Settings, or manually via the Microsoft Update Catalog if you'd rather not wait for it to roll out.

Read more
Can AI audiobooks narrate better than humans? This study says many listeners think so
New study finds listeners favor AI narrated audiobooks over traditional human narration in blind testing.
Audiobooks on Spotify on an iPhone.

You might assume most listeners would pick a real human voice over a synthetic one, but a new study says otherwise. Edison Research at SSRS surveyed 1,005 fiction audiobook fans in May 2026 for a study commissioned by AI audio company Spoken. The twist is that listeners rated the AI narration higher, and they did not even know it was AI until after they heard it (via Variety).

Why listeners favored the AI narration

Read more