Two weeks ago, officials in the private and public sectors warned that hackers working for the Russian government infected more than 500,000 consumer-grade routers in 54 countries with malware that could be used for a range of nefarious purposes.

Now, researchers say additional analysis shows that the malware is more powerful than originally thought and runs on a much broader base of models, many from previously unaffected manufacturers. The most notable new capabilities found in VPNFilter, as the malware is known, come in a newly discovered module that performs an active man-in-the-middle attack on incoming Web traffic. 

A security researcher has found a way to identify users of Hotspot Shield, a popular free virtual private network service that promises its users anonymity and privacy.

Hotspot Shield, developed by AnchorFree, has an estimated 500 million users around the world relying on its privacy service. By bouncing a user's internet and browsing traffic through its own encrypted pipes, the service makes it harder for others to identify individual users and eavesdrop on their browsing habits. But an information disclosure bug in the privacy service results in a leak of user data, such as which country the user is located, and the user's Wi-Fi network name, if connected. 

AnchorFree, the California-headquartered company behind the popular virtual private network service Hotspot Shield, has been accused of "unfair and deceptive trade practices" by a US privacy group for allegedly over-collecting user data for advertising purposes.

"Hotspot Shield engages in logging practices and uses third-party tracking libraries to facilitate targeted advertisements," read the 12-page complaint, filed by the US Centre for Democracy and Technology to the Federal Trade Commission. Hotspot Shield "monitors information about users' browsing habits while the VPN is in use," the legal filing stated.

An alarming number of Android VPNs are providing a decidedly false sense of security to users, especially those living in areas where communication is censored or technology is crucial to the privacy and physical security.

A study published recently identified a number of shortcomings common to high percentages of 238 mobile VPN apps analyzed by a handful of researchers. Users downloading and installing these apps expecting secure communication and connections to private networks are instead using apps that lack encryption, are infected with malware, intercept TLS traffic, track user activity, and manipulate HTTP traffic.

China's Ministry of Industry and Information Technology has announced a 14-month "clean up" of internet access services, which includes a crackdown on virtual private networks, or VPNs. The new regulations require VPN services to obtain government approval before operating.

Using a VPN without permission is also prohibited. VPNs use encryption to disguise internet traffic, allowing users in China to bypass the Great Firewall to access censored and restricted websites. The services typically cost around $10 a month. China's vast censorship apparatus prevents the country's 730 million internet users from accessing information on sensitive subjects.