On May 6, 2025, CyberGhost VPN published a regular transparency report charting key security and operational indicators for the period January – March. The report includes, among other things, the number of DMCA requests received, police requests, an evaluation of the bug bounty program and a description of the cyber context. This analysis breaks down the published data in detail while placing it in the broader context of IT infrastructure management, compliance and data protection.
Incidents and operational metrics: the DMCA and challenges from law enforcement
For Q1/2025 CyberGhost recorded the following numbers:
- DMCA complaints: 105,332 (January: 39,030, February: 37,138, March: 29,164)
- Police requests: 3 (average 1 per month)
CyberGhost declares zero logging and RAM-only operation, which technically makes it impossible to identify any user traffic back. These systems are automatically reset each time the server restarts, and are not subject to any legal data retention framework in Romania, where CyberGhost operates.
The infrastructure designed in this way complies with the privacy requirements of the European GDPR and international compliance standards such as ISO/IEC 27001.
Vulnerability disclosure program: bug bounty statistics
CyberGhost maintains an active partnership with the ethical hacker community through its bug bounty program. In Q1/2025, the company received a total of 75 reports, including:
- 51 were classified as unique reports
- 8 have been confirmed as relevant vulnerabilities
- 43 cases were assessed as false, duplicate or computerised
Validated vulnerabilities were included in the internal prioritization and patching process. These numbers reflect the ability to respond quickly and openness to external testing, which is still a unique feature in the VPN services environment.
Cyber threats in Q1/2025: contextual analysis
The report highlights the escalation of several key cyber-attack incidents, some of which impacted hundreds of thousands of users and dozens of organisations across the EU:
- Exploitation of zero-day vulnerabilities in Cleo MFT systems that led to ransomware attacks by the Clop group. Companies such as WK Kellogg (employee personal limbs) and Hertz (sensitive customer limbs) were affected.
- Hybrid operations on EU territory have included coordinated cyber-attacks, infrastructure sabotage and disinformation campaigns attributed to Russian state structures.
- Orange Group incident: in February, internal documentation of a telecommunications infrastructure operator was leaked by the HellCat group after a failed extortion attempt.
These events highlight the growing need for a proactive approach to digital security, especially for VPN service providers, which often become deliberate points of surveillance.
Technological Advances and Product Innovations 2025 CyberGhost VPN
CyberGhost implemented several advanced changes during the first quarter:
- Transition to 10Gbps infrastructure across data centres, eliminating bottlenecks in streaming, gaming and P2P traffic
- Increased number of sites to 11,690 servers in 100 countries, with new nodes in Africa, Southeast Asia and Latin America
- Enabling Split Tunneling, Leak Protection and automatic kill-switch in client applications
- Full OS support: Android 15, iOS 18, macOS Sequoia, Windows 11 and Linux distributions including CLI clients + all older versions
In addition to desktop and mobile clients, CyberGhost continues to support OpenVPN and WireGuard installations on routers, allowing protection of the entire home network with a single access.
Conclusion: Audited protection and long-term transparency
CyberGhost has long maintained a standard of zero data logging. This has been repeatedly confirmed by an independent audit by Deloitte, which evaluated both the server mode settings and the systems for detection, encryption and automatic integrity monitoring.
The combination of a strong technical architecture, a wide distribution network and a transparent approach to security incidents makes CyberGhost one of the most trusted VPN providers of 2025, not only for end-users but also for enterprises and technically oriented organizations.
