SSH

OpenSSH 10.3 patches five security bugs and drops legacy rekeying support

Encryption, News, open source, OpenSSH, software, SSH /

OpenSSH 10.3 patches five security bugs and drops legacy rekeying support 2026-04-02 at 18:58 By Anamarija Pogorelec OpenSSH 10.3 shipped carrying five security fixes alongside feature additions and a set of behavior changes that will break compatibility with older SSH implementations that do not support rekeying. Rekeying compatibility removed SSH clients and servers that lack […]

OpenSSH 10.3 patches five security bugs and drops legacy rekeying support Read More »

GitHub adds post-quantum protection for SSH access

access control, Don't miss, Encryption, GitHub, News, NIST, OpenSSH, quantum computing, SSH /

GitHub adds post-quantum protection for SSH access 2025-09-16 at 12:05 By Sinisa Markovic GitHub is adding post-quantum cryptography to secure SSH connections, a move that signals the company’s preparation for a time when current encryption may no longer be safe. What GitHub is changing GitHub has introduced a new type of SSH key that combines

GitHub adds post-quantum protection for SSH access Read More »

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)

Arctic Wolf Networks, Don't miss, exploit, Horizon3.ai, Hot stuff, News, Platform Security, PoC, ProDefense, Ruhr University Bochum, SSH, vulnerability /

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) 2025-04-22 at 15:48 By Zeljka Zorz There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server based on the Erlang/OTP SSH library are likely to be affected by

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) Read More »

Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking

Erlang OTP, SSH, Vulnerabilities, vulnerability /

Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking 2025-04-17 at 15:19 By Eduard Kovacs Servers exposed to complete takeover due to CVE-2025-32433, an unauthenticated remote code execution flaw in Erlang/OTP SSH. The post Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking appeared first on SecurityWeek. This article is an excerpt from

Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking Read More »

Cloudflare open sources OPKSSH to bring Single Sign-On to SSH

authentication, Cloudflare, GitHub, News, open source, SSH /

Cloudflare open sources OPKSSH to bring Single Sign-On to SSH 2025-03-28 at 13:31 By Help Net Security OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OpenID Connect (OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access. By tightly integrating with identity providers (IdPs) and

Cloudflare open sources OPKSSH to bring Single Sign-On to SSH Read More »

SSHamble: Open-source security testing of SSH services

Don't miss, GitHub, Hot stuff, News, open source, software, SSH /

SSHamble: Open-source security testing of SSH services 2024-08-08 at 09:33 By Help Net Security runZero published new research on Secure Shell (SSH) exposures and unveiled a corresponding open-source tool, SSHamble. This tool helps security teams validate SSH implementations by testing for uncommon but dangerous misconfigurations and software bugs. Discovered weaknesses During their presentation at Black

SSHamble: Open-source security testing of SSH services Read More »

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

Don't miss, Hot stuff, News, public-key cryptography, SSH, vulnerability /

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) 2024-04-16 at 19:46 By Zeljka Zorz A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To be more precise, the

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) Read More »

Using AI to reduce false positives in secrets scanners

API security, Artificial Intelligence, authentication, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Features, Hot stuff, Legit Security, News, opinion, SSH /

Using AI to reduce false positives in secrets scanners 2024-02-27 at 08:02 By Help Net Security As development environments grow more complex, applications increasingly communicate with many external services. When a software development project communicates with an external service, it utilizes a token or “secret” for authentication. These tokens are the glue that keeps any

Using AI to reduce false positives in secrets scanners Read More »

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

cryptographic attack, Don't miss, Hot stuff, News, OpenSSH, research, SSH, SUSE, vulnerability /

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) 19/12/2023 at 13:18 By Zeljka Zorz Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The Terrapin attack Terrapin is a prefix truncation attack targeting the SSH protocol.

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) Read More »

Scroll to Top