ExpressVPN fixes a bug which could have disclosed user IP addresses
ExpressVPN has updated its Windows app to patch a vulnerability which could have exposed a user's IP address to observers.
As one of the best VPNs, ExpressVPN is very secure but mistakes can happen. The provider said in a blog post that code meant for internal testing "mistakenly made it into production builds."
Only users in specific conditions were affected, but the bug meant traffic wasn't being routed through the VPN tunnel as expected – however encryption was not impacted. You may like
ExpressVPN acted quickly to fix the vulnerability and is recommending all its Windows VPN users upgrade to the latest version of the app.
The code meant for internal testing found its way into production build versions 12.97 to 12.101.0.2-beta.
It was reported to ExpressVPN in April 2025 by security researcher Adam-X through the provider's bug bounty program – where security researchers can earn cash rewards for reporting vulnerabilities and flaws.
ExpressVPN said its team confirmed and triaged the report within hours.
The vulnerability centred around Remote Desktop Protocol (RDP). According to ExpressVPN there was only a risk when an RDP connection was in use or when other TCP traffic was routed over port 3389.
ExpressVPN said "if a user established a connection using RDP, that traffic could bypass the VPN tunnel."
"This did not affect encryption, but it meant that traffic from RDP connections wasn't routed through ExpressVPN as expected."
It added that observers such as internet service providers could see that a user was connected to ExpressVPN and that they were using RDP to access remote servers – information that would ordinarily be protected.
RDP is most commonly used in enterprise environments, and therefore most users were unaffected. However ExpressVPN said it considers "any risk to privacy unacceptable."
A fix was released five days later in version 12.101.0.45. The researcher confirmed the issue was resolved and ExpressVPN closed the report at the end of June.
(Image credit: SOPA Images / Getty Images) How severe could this have been?
ExpressVPN analysed the issues and believed "the likelihood of real-world exploitation was extremely low."
Given the fact a majority of ExpressVPN users are individuals as opposed to enterprise customers, the provider said "the number of affected users is likely small."
For a hacker to exploit the vulnerability, they would've needed to be aware of the bug and find a way to route traffic over port 3389. This could've been done by tricking a user into clicking on a malicious link or compromising a popular website to launch a drive-by attack – all while the user was connected to the VPN.
As demonstrated by Adam-X, a user's real IP address could've been revealed. But browsing activity couldn't have been seen and encryption was not compromised.
ExpressVPN said it was grateful to its community for notifying it of potential issues and suggesting improvements. The provider will strengthen its internal safeguards to ensure this doesn't happen again.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
WIRED
8 hours ago
- WIRED
Truth Social's New AI Chatbot Is Donald Trump's Media Diet Incarnate
Aug 8, 2025 6:20 PM Truth Search AI appears to rely heavily on conservative outlet Fox News to answer even the most basic questions. New York, USA - January 24, 2014: Fox News Channel Truck parked on New York street, USA Photograph: Anouchka/Getty Images When I ask the new Truth Social AI chatbot about navigating bias in the media ecosystem, it gives what I view as pretty reasonable advice. 'Diversify your sources,' it responds. 'Rely on news outlets across the political spectrum, including those from both left-leaning and right-leaning perspectives.' This is advice that the AI itself may not be taking to heart. For instance, to come to the above answer it cites five sources, four of which are Fox News articles. The fifth, inexplicably, is a 400-page report from US health secretary Robert F. Kennedy Jr's Health and Human Services Department titled 'Treatment for Pediatric Gender Dysphoria.' Truth Social owner Trump Media & Technology Group launched the chatbot, called 'Truth Search AI,' on Wednesday. The bot is powered by Perplexity AI, a search engine that answers questions using large language models and live web search. The company has garnered investments from Amazon founder Jeff Bezos and former Coinbase CTO and influential investor Balaji Srinivasan. In 2024, WIRED published an article detailing how Perplexity had been scraping parts of websites that developers did not want it to access, in violation of the widely accepted web standard known as the Robots Exclusion Protocol. It was also prone to making stuff up, a WIRED analysis showed. While Perplexity's AI draws from sources on the left and center, the Truth Search AI version never cited a center or left-leaning source in dozens of tests conducted by WIRED. In fact, the chatbot highlighted only seven sources in total in response to my queries—Fox News, Fox Business, The Washington Times, The Epoch Times, Breitbart, Newsmax and This was true even for innocuous, non-political questions. When I ask the bot 'What is 30 times 30?' It sourced its answer from a Fox Business article called 'Inflation Reduction Act estimated to induce mortality 30 times more than COVID.' Similar tests by Axios and the Verge also show this extreme bias towards conservative media. 'What you are noticing is one feature known as 'source selection,'' Perplexity representative Jesse Dwyer says when I ask about Truth Search AI exclusively pulling from conservative sources. 'Source selection can take any number of forms for any number of needs, from internal documentation within an organization, custom data sets, or, as in the case you describe, domain filtering. This is their choice for their audience, and we are committed to developer and consumer choice.' He adds that Perplexity 'does not discriminate against any developers for any political reasons,' and emphasizes that they 'do not claim their AI is 100 percent accurate.' The Truth Search AI seems to be in denial about its own apparent biases, however. 'Yes, I source information from left wing, centrist, and right wing news outlets depending on the nature of the user's query and what sources are returned in the search results,' it responds, when I ask it whether it ever uses sources from center or left wing outlets. 'My responses are designed to critically analyze and synthesize information from all credible perspectives to ensure accuracy and balance.' This answer is sourced from five Fox Business articles. (The AI seems to max out at five sources per response.) While chatbots never answer a question the same way twice, it consistently maintained the claim that it drew from sources across the political spectrum. Given its seemingly steady diet of Fox News, I'm a little surprised that the bot answers some questions as even-handedly as it does. It denies that the 2020 election was stolen, for instance, in direct opposition to president Donald Trump's claims. On foreign immigration to the US, it says that the overall effect is mixed, 'but tends towards positive,' and adds that deporting all unauthorized immigrants would lead to 'a loss of $133 billion over the next decade for Social Security, requiring tax increases to compensate.' I expect the bot to fawn over Trump, but it gives a relatively tepid review of his presidency thus far, describing 'sweeping executive action,' but negative approval ratings 'with particular voter discontent on the economy and inflation.' Some of these more liberal-leaning answers cite Associated Press articles that have been republished on the Fox News website. Trump Media and Technology Group did not respond to inquiries about the AI. But the limits of Truth Search AI's exclusively conservative source pool come into focus when I press it on Trump's well-documented connection to financier-pedophile Jeffrey Epstein. In spite of reporting to the contrary, it describes the connection as 'tenuous,' and says there is 'no credible evidence in the search results' that The Daily Beast published an article referencing a tape in which Jeffrey Epstein described Trump as 'his closest friend.' It's a different answer than the one given by Perplexity AI, which does locate and reference this article, using sourcing from the Daily Beast article itself, Yahoo News, Vox and the Yale Review. The sourcing for the Truth Search AI answer? Four articles from Fox News and one from Breitbart.
New York Post
10 hours ago
- New York Post
No cloud, no catch: Lifetime access to Microsoft Office for $50
Discover startups, services, products and more from our partner StackCommerce. New York Post edits this content, and may be compensated and/or receive an affiliate commission if you buy through our links. TL;DR: Microsoft Office 2021 Pro for Windows is now just $49.97 — full suite, one payment, lifetime license. Subscriptions are everywhere. TV, music, razors, snacks… your software? Probably. But here's a rare win: Microsoft Office Professional 2021 for Windows — the full suite — no subscription, no monthly fees, just yours forever for just $49.97. Pay once, and get Word, Excel, PowerPoint, Outlook, Publisher, Access, OneNote, and even Teams (free version). It's the same classic lineup — updated for 2021 — ready to live rent-free on your Windows machine. It's all the productivity without the payment plan. This isn't some knockoff or weird cloud workaround. You'll download and install the suite directly to your PC, and once it's activated, that's it. No nagging 'renew now' popups. No feature lockouts. Just your Office, on your terms. It's perfect for small business owners, freelancers who don't want surprise bills, or anyone tired of chasing a monthly charge for apps they've used since elementary school. Office 2021 Pro runs on Windows 10 or 11 and has all the familiar tools — and some quietly powerful upgrades — wrapped in a ribbon-based interface that won't make you feel like you woke up in 2009. It makes everyday tasks like formatting documents, analyzing spreadsheets, or creating presentations faster and more intuitive. Users can easily tweak fonts, layouts, and indentation or jump into data-heavy reports without lag. No tricks, no gimmicks. Just a real, full, one-time Microsoft Office license you don't have to babysit. And for under fifty bucks, it's kind of a no-brainer. Check out this lifetime license to Microsoft Office 2021 for $49.97 for a limited time. StackSocial prices subject to change.
Time Business News
10 hours ago
- Time Business News
Top Search Engines Ranked: What Businesses Need to Know + SEO Partner Suggestions
When most people think about search engines, they usually stop at one: Google. Google holds the top spot. But there are other players in the search arena. And depending on your audience, where they live, or what kind of device they're using, your customers might be looking elsewhere. That's why understanding the top 10 search engines matters more than most businesses realize. If you're investing in SEO or content marketing, knowing where to focus (and who to partner with) can make a big difference in your visibility—and your bottom line. Let's break it down. A Look at the Top 10 Search Engines Right Now No fluff—just the ones businesses should actually care about: 1. Google Google holds the lion's share of global search traffic. If you're doing SEO, this is your baseline. From Maps to Shopping to Featured Snippets, Google's ecosystem offers endless ways to get found. 2. Bing Yes, it's still around—and quietly growing. Especially relevant if your audience includes Windows and desktop users (which is… a lot of people). Microsoft has invested heavily in AI features too, making Bing more powerful than it used to be. 3. Yahoo Powered by Bing, Yahoo still has a loyal base, particularly among older users and those using default browsers on legacy devices. You can leverage exact-match keywords, metadata quality, social signals, and visual content for traffic. 4. DuckDuckGo For privacy-conscious users, this one matters. No tracking. No personalization. Just clean search results. Niche? Yes. But that niche is growing. 5. Baidu China's go-to search engine. If your business operates or sells in China, Baidu SEO is a whole different game—but essential. U.S.-hosted sites and Western-optimized content need to embrace the local language, local signals, and technical setups specific to the region. 6. Yandex Primarily used in Russia and neighboring regions. Like Baidu, it comes with its own rules and ranking logic. 7. Ecosia A smaller engine with a green mission—it plants trees with ad revenue. Its user base is purpose-driven and growing slowly, especially in Europe. 8. AOL Yes, somehow AOL Search still exists. Is it huge? No. But for specific industries (e.g., news, media, and entertainment verticals) and demographics, it might still drive some residual traffic. 9. Once known for its Q&A-style search, it's faded in prominence but still technically operates. Mostly worth knowing for historical context. 10. YouTube YouTube is the second-largest search engine by volume. It's technically a video platform, but people use it like they use Google—to look up answers, how-to's, reviews, and more. If you create content that can be shown visually, YouTube SEO should absolutely be on your radar. So, Where Should You Focus? That depends entirely on your business. If you serve a U.S. audience and aren't in a super-niche space? Google, Bing, and YouTube should be your main priorities. If you're targeting users in China or Russia, platforms like Baidu and Yandex offer valuable opportunities to deliver localized content and engage with regional audiences. And if your brand stands for privacy, sustainability, or ethical tech, search engines like DuckDuckGo or Ecosia might align with your audience's values more than you'd think. The key is to know where your customers are searching—and then show up there consistently. Why Picking the Right SEO Partner Matters You could try optimizing for all of this yourself. But unless you have time, tools, and experience on your side, you're better off working with someone who does this every day. That's where finding the right SEO services company USA comes into play. Not all SEO agencies are built the same. Some specialize in local SEO. Some are all about technical audits. Others can help you build visibility across Google and non-Google engines—like YouTube, Bing, or even international platforms. Here's what a good SEO services company USA can help you do: Identify which platforms are most relevant for your audience Tailor content strategies to each one (yes, they're all different) Track performance beyond just Google Analytics Optimize for different types of results—like videos, featured snippets, shopping feeds, etc. Build out a roadmap that fits your goals, not just industry trends Offers sustainable solutions that lead to consistent traffic and conversions And maybe most importantly? They'll tell you what not to waste time on. Final Thoughts In today's world, understanding the top 10 search engines isn't just a fun trivia fact—it's an advantage. The businesses who think beyond one platform are the ones who show up in more places, connect with more customers, and build stronger digital footprints. So, take the time to map out where your audience is spending their attention—and show up there with purpose. And if you need help? Don't settle for a one-size-fits-all agency. Find a SEO services company USA that understands and fits you. Because smart strategy starts with knowing where you stand—and where you want to be found. TIME BUSINESS NEWS
