If you use encryption (and I certainly hope you do!), you should be aware that a team of academics has revealed a new cryptographic attack this week that can break encrypted TLS traffic, allowing attackers to intercept and steal data previously considered safe and secure. This includes the encryption used by many, but not all, VPNs.
This new downgrade attack works even against the latest version of the TLS protocol, TLS 1.3, released last spring and considered to be secure.
You can find an article by Catalin Cimpanu describing the newly-discovered weakness in the ZDnet web site at: https://zd.net/2N2RPRS.
Comments: While this new obviously does pose a security risk for thousands of individuals and organizations that use encryption, I don’t think there is any need for immediate panic. First of all, there is no indication that the low-life hackers and government spies are already using the weakness. I am sure these miscreants will start exploiting the weakness as soon as they can read about the inner workings of the hack required, but that will take a few weeks. In the meantime, all the companies that create encryption software using TLS 1.3 should be updating their software.