Explore the latest in secure shell (SSH) protocols, best practices, and news. Stay informed about SSH advancements and cybersecurity with our updates.
Search across headline titles and summaries.
Background for this topic.
SSH, or Secure Shell, is a network protocol that provides administrators with a secure way to access a remote computer. In the context of information security, SSH is pivotal because it offers a means to establish a secure channel over an insecure network, providing strong authentication and encrypted data communications between two computers connecting over an open network such as the internet.
SSH is widely used by system administrators for managing systems and applications remotely, allowing them to log into another computer over a network, execute commands in a remote machine, and move files from one machine to another. It encrypts the session, making it difficult for hackers to eavesdrop on the communications. SSH also provides a variety of authentication methods, and the private keys used for SSH authentication are often kept secret through careful security practices.
Within information security, SSH keys themselves must be managed and protected, as unauthorized access to these keys could lead to a compromise of the server. SSH's role in information security is therefore both as a tool for secure communication and as an asset that requires vigilant protection and management.
Weekly headline count for the current query.
Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally
Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is
Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and memory-fragment handling components including esp4, esp6, and rxrpc. The vulnerability enables reliable escalation from an unprivileged user to root and may be leveraged after initial compromise through SSH access, web shells, containers, or low-privileged accounts. Microsoft Defender is actively monitoring limited in-the-wild activity and provides detection coverage for exploitation attempts. The post Active attack: Dirty Frag Linux vulnerability expands post-compromise risk appeared first on Microsoft Security Blog.
Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP port combination.
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. [...]
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale
Litellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets. Learn impact and urgent mitigation steps.
A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets.
The BoryptGrab campaign uses fake SEO‑optimized GitHub repositories and deceptive download pages to distribute a data‑stealing malware family that delivers multiple payloads, including a reverse SSH backdoor, to Windows users.
Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe
ShadowSyndicate cluster expands with new SSH fingerprints connecting servers to other ransomware ops
Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator
Majority of Attacks Target Operational Technology NetworksExploitation attempts against a severe vulnerability in a runtime system widely deployed in operational technology environments spiked globally in the days after open-source maintainers of the Erlang/OTP project published a patch. Attackers could take full control of systems.
A critical RCE vulnerability in Erlang’s OTP SSH daemon has been identified that allows unauthenticated command execution
Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks
A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. [...]
Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year
Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software
Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts