Security news aggregator

Latest coverage for SSH

SSH enables encrypted remote access and administration, but weak credentials, exposed services, and misconfiguration can permit unauthorized access.

36 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

SSH (Secure Shell) is a protocol for establishing a cryptographically protected connection to a remote computer. It supports interactive administration, command execution, file transfer, and related services such as port forwarding. SSH provides confidentiality and integrity for the session, while host keys help the client verify that it is connecting to the intended server.

Security depends on how SSH is deployed and how its credentials are managed. An internet-exposed service may attract password guessing, and vulnerable SSH implementations can provide an entry point; a stolen private key or an overly permissive authorized_keys entry may enable unauthorized access. Useful controls include timely patching, restricting network exposure, disabling password authentication where practical, protecting keys with strong passphrases or hardware-backed storage, limiting account privileges, and reviewing authentication logs. Administrators should verify host keys to reduce man-in-the-middle risk and promptly remove or rotate credentials during personnel changes or suspected compromise.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 36 Filtered view

A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP port combination.

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale

Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks

Loading more headlines...