What is a Trusted Root CA, what could go wrong if a VPN company installs its own, and why we won’t ever do so.
We discuss our preference for YubiKey as a form of 2FA and look at how to use YubiKey for signature verification for GitHub code commits.
ExpressVPN’s mitigation technique against Log4Shell and what you can do to protect yourself against the Log4j vulnerability.
ExpressVPN's Security Team investigated a bug that could have been exploited by signing up on Mailgun and hijacking an email subdomain.
How a highly privileged process interacting with a lower-privilege user space can lead to attackers elevating their access or a DoS attack.
Our cybersecurity experts discuss the PATH environment variable and the security implications of having it misconfigured.
Our cybersecurity team worked with Zendesk, a support software provider, to fix a flaw in its file-upload system. Here's a play-by-play of how we did it.