Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
SSH
Non-interactive SSH attacks dominate after login

Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. A steady stream of automated scanners tries to log in, hour after hour, from …

OpenSSH
OpenSSH 10.3 patches five security bugs and drops legacy rekeying support

OpenSSH 10.3 shipped carrying five security fixes alongside feature additions and a set of behavior changes that will break compatibility with older SSH implementations that …

GitHub
GitHub adds post-quantum protection for SSH access

GitHub is adding post-quantum cryptography to secure SSH connections, a move that signals the company’s preparation for a time when current encryption may no longer be safe. …

SSH
PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)

There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All …

open source
Cloudflare open sources OPKSSH to bring Single Sign-On to SSH

OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OpenID Connect (OIDC), allowing developers to ditch manually configured SSH keys in favor of …

SSHamble
SSHamble: Open-source security testing of SSH services

runZero published new research on Secure Shell (SSH) exposures and unveiled a corresponding open-source tool, SSHamble. This tool helps security teams validate SSH …

key
PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” …

scanning
Using AI to reduce false positives in secrets scanners

As development environments grow more complex, applications increasingly communicate with many external services. When a software development project communicates with an …

SSH
SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the …

fuzzing
Vulnerabilities in cryptographic libraries found through modern fuzzing

Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential …

abstract
36% of orgs expose insecure FTP protocol to the internet, and some still use Telnet

A significant percentage of organizations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet, the ExtraHop Benchmarking …

Malicious actors targeting the cloud for cryptocurrency-mining activities

Trend Micro announced a report revealing a fierce, hour-by-hour battle for resources among malicious cryptocurrency mining groups. “Just a few hours of compromise could …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools