Apparently a bug in the Bluetooth hardware of older iPhones, iPads and Macs has been discovered that allows a hacker to get onto your device by impersonating a Bluetooth device to which you were previously connected. This is a short range attack, the bad guy has to be close range to your device. This article explains more about how it works and also contains a link with more detail. I am not sure a VPN or other security can fix this. It probably has to be fixed by Apple if it can be.