We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Latest News

In a series of coordinated cyberattacks, state-backed hackers have been exploiting critical zero-day vulnerabilities in Ivanti Connect Secure, a widely used VPN appliance. The vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have put numerous organizations at

Keira Waddell Published on 16th January 2024

Researchers have uncovered critical vulnerabilities in the POST SMTP Mailer WordPress plugin, which potentially puts over 150,000 websites at risk of takeover by malicious actors. The vulnerabilities were first reported by cybersecurity researchers Ulyses Saicha and Sean Murphy as part of

Zane Kennedy Published on 14th January 2024

In a recent and startling development, loanDepot, a leading US lender, has confirmed that it fell victim to a ransomware attack, leading to substantial data encryption and operational disruptions. This disclosure comes amidst a growing series of cyberattacks targeting the financial sectors. On

Zane Kennedy Published on 12th January 2024

In a significant development, Chinese state-backed experts claim to have cracked the encryption of Apple's AirDrop feature. This breakthrough, as reported by Bloomberg, enables the identification of phone numbers and email addresses of users, potentially allowing the Chinese government to monitor

Husain Parvez Published on 11th January 2024

The MyEstatePoint Property Search app (developed by NJ Technologies) has exposed the sensitive information of nearly half a million users. The popular Android real estate app left user data, including names, passwords, email addresses, and phone numbers, unprotected on a public-facing MongoDB

Keira Waddell Published on 9th January 2024

HealthEC LLC, a leading provider of population health management services, has announced a substantial data breach. The incident, which occurred between July 14 and July 23, 2023, exposed the personal and medical information of an estimated 4.5 million individuals. Further deepening the impact, the

Zane Kennedy Published on 7th January 2024

In response to the implementation of new age verification laws in Montana and North Carolina, adult entertainment giant Pornhub has decided to block users in these two states from accessing the platform. The move is part of an ongoing battle against state-level regulations that require online adult

Keira Waddell Published on 5th January 2024

In a striking revelation by Amnesty International (in partnership with The Washington Post), the use of Pegasus spyware, developed by Israeli firm NSO Group, has been found targeting high-profile journalists in India. This alarming development was highlighted in a forensic investigation conducted

Husain Parvez Published on 4th January 2024

In a troubling development in cybersecurity, multiple information-stealing malware families have been found exploiting an undocumented Google OAuth endpoint, identified as "MultiLogin," to regenerate expired authentication cookies. This discovery, initially made by a developer named PRISMA in

Zane Kennedy Published on 3rd January 2024