PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)
There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All …
Cloudflare open sources OPKSSH to bring Single Sign-On to SSH
OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OpenID Connect (OIDC), allowing developers to ditch manually configured SSH keys in favor of …
SSHamble: Open-source security testing of SSH services
runZero published new research on Secure Shell (SSH) exposures and unveiled a corresponding open-source tool, SSHamble. This tool helps security teams validate SSH …
PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)
A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” …
Using AI to reduce false positives in secrets scanners
As development environments grow more complex, applications increasingly communicate with many external services. When a software development project communicates with an …
SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)
Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the …
Vulnerabilities in cryptographic libraries found through modern fuzzing
Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential …
36% of orgs expose insecure FTP protocol to the internet, and some still use Telnet
A significant percentage of organizations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet, the ExtraHop Benchmarking …
Malicious actors targeting the cloud for cryptocurrency-mining activities
Trend Micro announced a report revealing a fierce, hour-by-hour battle for resources among malicious cryptocurrency mining groups. “Just a few hours of compromise could …
Enterprises average one root access orphan key on every enterprise server
SSH machine identities are critical to digital transformation strategies, as they authenticate privileged access between machines and are ubiquitous across enterprise …
Linux malware backdoors supercomputers
ESET researchers discovered Kobalos, a malware that has been attacking supercomputers – high performance computer (HPC) clusters – as well as other targets such as a …
Fileless worm builds cryptomining, backdoor-planting P2P botnet
A fileless worm dubbed FritzFrog has been found roping Linux-based devices – corporate servers, routers and IoT devices – with SSH servers into a P2P botnet whose …