Why software security audits matter
Audits help ensure software is free of vulnerabilities. Find out how we incorporate them into our overall security strategy.
Why we’d never install a Trusted Root CA on your device
What is a Trusted Root CA, what could go wrong if a VPN company installs its own, and why we won’t ever do so.
Code integrity primer: GitHub commit signature verification via YubiKey
We discuss our preference for YubiKey as a form of 2FA and look at how to use YubiKey for signature verification for GitHub code commits.
Log4Shell’s long-tail impact on your security
ExpressVPN’s mitigation technique against Log4Shell and what you can do to protect yourself against the Log4j vulnerability.
Cybersecurity lessons: Safer private keys with Shamir’s Secret Sharing
Learn how digital certificates work and why Shamir’s Secret Sharing is a secure method for storing private keys.
Cybersecurity lessons: Risk of email takeover via a 4th-party provider
ExpressVPN's Security Team investigated a bug that could have been exploited by signing up on Mailgun and hijacking an email subdomain.
Cybersecurity lessons: Privilege escalation via file read/write
How a highly privileged process interacting with a lower-privilege user space can lead to attackers elevating their access or a DoS attack.
Cybersecurity lessons: A PATH vulnerability in Windows
Our cybersecurity experts discuss the PATH environment variable and the security implications of having it misconfigured.
Cybersecurity lessons: Flaw in Zendesk file-upload feature
Our cybersecurity team worked with Zendesk, a support software provider, to fix a flaw in its file-upload system. Here's a play-by-play of how we did it.
Cybersecurity lessons: Monitoring password manager activity
ExpressVPN's Security Team explains how to detect vulnerabilities and attacks on password managers and analyze the risks.
