News

• ExpressVPN issued an update to patch an RDP leak bug discovered by an independent researcher
• The leak in the Windows ExpressVPN client was found in April, in code rolled out in March, so its recent audit could not have spotted the bug
• ExpressVPN considers that "the likelihood of real-world exploitation was extremely low"

The ExpressVPN Windows client app has been updated to patch a leak vulnerability, discovered in April by an independent security researcher.

In a detailed blog post dated July 18, 2025, ExpressVPN – considered one of the best VPNs – confirmed the RDP bug that could have leaked users' real IP addresses, despite stating that "the likelihood of real-world exploitation was extremely low."

Nonetheless, a fix was issued in an update a few days later, meaning the bug should no longer exist, and cannot now be exploited.

RDP (Remote Desktop Protocol) allows a remote connection from one device to another (typically PC to PC, or PC to server). When an RDP connection is established with a virtual private network (VPN) enabled, the expectation is that the data travels through the encrypted VPN tunnel.

When the data is not encrypted and bypasses the tunnel, it is referred to as a leak. Besides RDP, other encryption-dodging leaks can occur with VPNs, such as DNS leaks.

With this bug, the RDP connection could have been observed by an ISP (Internet service provider), or anyone with network access. Not only was the target IP address not encrypted – enabling an observer to see that a connection to ExpressVPN was running – but it would have been clear that remote servers were being accessed over RDP.

The attack, as demonstrated by researcher Adam-X, would result in the user’s actual IP address being revealed, but not their browsing activity.

The value of a VPN is that all data should be encrypted between the user’s device and the VPN server. While it is possible to manually exclude some apps from the VPN connection, that didn’t happen here. Note, however, that this was a bug in the Windows version of the ExpressVPN desktop client, and did not affect other versions.

This news was announced soon after ExpressVPN published the details of its latest successful no-log audit by KPGM. Should the bug have been detected in the audit, and should users have been informed sooner?

ExpressVPN has stated: “The problem was traced to a piece of debug code (originally intended for internal testing) that mistakenly made it into production builds (versions 12.97 to 12.101.0.2-beta).” They also confirm that Adam-X reported the bug on April 25.

ExpressVPN was audited in February 2025, and solely to ensure that its TrustedServer infrastructure never collects users’ logs as claimed.

Meanwhile, according to Uptodown’s repository of version updates, ExpressVPN production builds 12.97 to 12.101.0.2-beta were issued between March and May.

In short, KPMG’s audit of ExpressVPN’s servers could not have found the bug – even if it was tested for – as this did not exist at the time.

Most users typically won’t connect to a VPN before establishing an RDP session, so it is unlikely that this affected many users.

ExpressVPN is used mostly by individuals, rather than organizations, so the attack surface of this vulnerability should be minimal. Exploiting the bug also required an attacker to know about it, and to find a way to direct the victim to a malicious website.

The VPN provider has, however, stated that it is introducing more checks to find issues like this before builds are released, and improving automated testing.

ExpressVPN’s response to the bug report – just five days between filing by Adam-X and the first patch – is impressive. But why take so long to share the information publicly? Well, it’s a security matter.

• Themes land on ExpressVPN mobile apps – with full Dark Mode now available for iOS
• ExpressVPN faces a class action in the US over alleged "illegal" auto-renewal fees
• “Once you have the data, you have to cooperate” – Windscribe CEO speak out against global threats to no-log VPNs

• A signing key that many Linux distributions use to support Secure Boot is about to expire
• Sytems that fail to recognize the new key might fail to boot Linux securely
• Users might need to disable Secure Boot to install or run Linux

A signing key used to support Secure Boot on many Linux distros is about to expire, which could open up devices to all sorts of cybersecurity risks.

Secure Boot is a security feature built into modern computers. It is part of the Unified Extensible Firmware Interface (UEFI), which makes sure that only trusted software can run when the system starts up. This helps block malware such as bootkits, and it relies on digital signatures and keys stored in the computer’s firmware.

In short - UEFI boots up, checks the right software is in place, and hands things over to the operating system.

Now, Microsoft has a signing key that many Linux distributions use to support Secure Boot, and that key is set to expire on September 11, 2025.

A replacement key has existed since 2023, but apparently - many systems don’t support it yet, and for those that don’t recognize the new key, it could mean Linux will not boot securely.

Fixing this problem requires firmware updates from original equipment manufacturers (OEM) but there is a risk that not all OEMs will issue updates - especially those for older, or less popular devices.

There is also a tool called “shim”, which some Linux distros use to work with Microsoft’s Secure Boot infrastructure. It is signed with Microsoft’s (soon-to-expire) key, and if it doesn’t get replaced on time, Secure Boot may break those distros entirely.

As a result, some users might need to disable Secure Boot to install or run Linux, while others may need to manually update firmware, or generate their own keys (which is rather complex and could be risky for those without extensive technical knowledge).

All of this could push people to either stick with Windows, or avoid Secure Boot entirely, which opens up an entirely new can of worms.

Via Tom's Hardware

• Dior fashion brand hit by cyberattack and customer data leaked - here's what we know
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

• Microsoft reveals new Surface Laptop 5G
• Business customers targeted with reliable connectivity on the move
• Three editions are available, with orders open now

Microsoft has unveiled a new edition of its Surface Laptop designed specifically with business users in mind as it looks for a stronger foothold in the enterprise hardware market.

The new Surface Laptop 5G features AI-powered processing with a 40+ TOPS Neural Processing Unit (NPU) and Intel Core Ultra (Series 2) processors, day-long battery life, and an integrated 5G modem to stay connected to collaboration tools such as Microsoft 365.

There will be three distinct business laptop models available, with a flagship 5G-enabled edition sporting a 13.8in display available from August 26, joined by 13in and 12in editions, which are available now.

Microsoft says the releases come as adding 5G to the Surface Laptop has become "one of the most requested features from our business customers".

The addition should mean greater support and more reliable connections for video conferencing calls when out and about, or for workers out in the field needing to contact the rest of their team.

To ensure consistent connectivity, Microsoft says the new Surface Laptop 5G features a "dynamic antenna system" which continuously adjusts to its environment, using six antennas to automatically adjust signal paths and power based on how the device is being held or used.

The company says these antennas are placed higher than usually situated in other laptop devices, reducing interference and allowing for a stronger connection through an entirely newly-designed, multi-layered laminate for the device.

It can also switch between Wi-Fi and 5G networks depending on location, making sure the user stays connected, and can act as a mobile hotspot wherever Wi-Fi is unavailable, with NanoSIM and eSIM options also available.

Microsoft says it tested the devices with over 100 mobile operators across 50 countries, along with real-world enterprise environments, meaning IT admins can deploy and deliver updates and enforce company policies - wherever their users are.

This is also aided by the Surface Management Portal within the Intune Admin Center, which can provide visibility into device health, compliance, and usage - and thanks to Security Copilot, admins can use AI-powered tools to act fast to detect issues, assess risk, and respond accurately.

"Surface Laptop 5G represents Microsoft’s end-to-end innovation in action," Microsoft's Nancie Gaskill wrote in a blog post announcing the release.

"Hardware, software, and cloud services come together to deliver intelligent, secure, and connected experiences for today’s mobile workforce. The Surface for Business portfolio offers a complete solution for every user scenario, from tablet-first flexibility to high-performance laptops, all supported by Microsoft’s modern management and industry-leading security.

• We've also rounded up the best mini PC options around
• And these are the best mobile workstations on offer right now
• Microsoft's new Surface for Business PCs have AI firmly at the core