GitHub adds post-quantum protection for SSH access 2025-09-16 at 12:05 By Sinisa Markovic GitHub is adding post-quantum cryptography to secure SSH connections, a move that signals the company’s preparation for a time when current encryption may no longer be safe. What GitHub is changing GitHub has introduced a new type of SSH key that combines […]
React to this headline:
GitHub adds post-quantum protection for SSH access Read More »
PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) 2025-04-22 at 15:48 By Zeljka Zorz There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server based on the Erlang/OTP SSH library are likely to be affected by
React to this headline:
PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) Read More »
Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking 2025-04-17 at 15:19 By Eduard Kovacs Servers exposed to complete takeover due to CVE-2025-32433, an unauthenticated remote code execution flaw in Erlang/OTP SSH. The post Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking appeared first on SecurityWeek. This article is an excerpt from
React to this headline:
Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking Read More »
Cloudflare open sources OPKSSH to bring Single Sign-On to SSH 2025-03-28 at 13:31 By Help Net Security OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OpenID Connect (OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access. By tightly integrating with identity providers (IdPs) and
React to this headline:
Cloudflare open sources OPKSSH to bring Single Sign-On to SSH Read More »
SSHamble: Open-source security testing of SSH services 2024-08-08 at 09:33 By Help Net Security runZero published new research on Secure Shell (SSH) exposures and unveiled a corresponding open-source tool, SSHamble. This tool helps security teams validate SSH implementations by testing for uncommon but dangerous misconfigurations and software bugs. Discovered weaknesses During their presentation at Black
React to this headline:
SSHamble: Open-source security testing of SSH services Read More »
PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) 2024-04-16 at 19:46 By Zeljka Zorz A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To be more precise, the
React to this headline:
PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) Read More »
Using AI to reduce false positives in secrets scanners 2024-02-27 at 08:02 By Help Net Security As development environments grow more complex, applications increasingly communicate with many external services. When a software development project communicates with an external service, it utilizes a token or “secret” for authentication. These tokens are the glue that keeps any
React to this headline:
Using AI to reduce false positives in secrets scanners Read More »
SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) 19/12/2023 at 13:18 By Zeljka Zorz Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The Terrapin attack Terrapin is a prefix truncation attack targeting the SSH protocol.
React to this headline:
SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) Read More »