• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me

openssh

Pierluigi Paganini February 19, 2025
OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions. The Qualys Threat Research Unit (TRU) has discovered two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465 (CVSS score: 6.8) can be exploited by an attacker to conduct an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The […]

Pierluigi Paganini August 12, 2024
A FreeBSD flaw could allow remote code execution, patch it now!

FreeBSD Project maintainers addressed a high-severity flaw in OpenSSH that could allow remote code execution with elevated privileges. The maintainers of the FreeBSD Project have released urgent security updates to address a high-severity flaw, tracked as CVE-2024-7589, (CVSS score of 7.4) in OpenSSH. A remote attacker could exploit the vulnerability to execute arbitrary code with elevated […]

Pierluigi Paganini July 10, 2024
A new flaw in OpenSSH can lead to remote code execution

A vulnerability affects some versions of the OpenSSH secure networking suite, it can potentially lead to remote code execution. The vulnerability CVE-2024-6409 (CVSS score: 7.0) impacts select versions of the OpenSSH secure networking suite, it can be exploited to achieve remote code execution (RCE). The issue is a possible race condition in cleanup_exit() in openssh’s […]

Pierluigi Paganini July 01, 2024
Critical unauthenticated remote code execution flaw in OpenSSH server

A critical flaw in the OpenSSH server can be exploited to achieve unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintainers addressed a critical vulnerability, tracked as CVE-2024-6387, that can lead to unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintained have addressed the vulnerability with the […]

Pierluigi Paganini July 24, 2023
A flaw in OpenSSH forwarded ssh-agent allows remote code execution

A new flaw in OpenSSH could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. Researchers from the Qualys Threat Research Unit (TRU) have discovered a remote code execution vulnerability in OpenSSH’s forwarded ssh-agent. OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted […]

Pierluigi Paganini February 07, 2023
OpenSSH addressed a new pre-auth double free vulnerability

The maintainers of OpenSSH address multiple security issues, including a memory safety bug in the OpenSSH server (sshd). The maintainers of OpenSSH have addressed a number of security vulnerabilities with the release of version 9.2. One of the issues addressed by the maintainers is a memory safety bug in the OpenSSH server (sshd) tracked as […]

Pierluigi Paganini August 29, 2018
CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

Qualys experts discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Security experts from Qualys discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. A few days ago the security expert Darek […]

Pierluigi Paganini August 24, 2018
Expert found a flaw that affects all OpenSSH versions since 1999

Security expert discovered a username enumeration vulnerability in the OpenSSH client that affects all versions of the software that was released since 1999. Security expert Darek Tytko from securitum.pl has discovered a username enumeration vulnerability in the OpenSSH client. The flaw tracked as CVE-2018-15473 affects all versions of the software that was released since 1999. The vulnerability could […]

Pierluigi Paganini July 18, 2016
OpenSSH is affected by a user enumeration bug

The popular OpenSSH is affected by a user enumeration bug that could be exploited by a remote attacker to check a list of hacked credentials. A bug (CVE-2016-6210) in the popular OpenSSH crypto library could be exploited by a remote attacker to enumerate users on systems running SSHD. An attacker can exploit the bug to check […]

Pierluigi Paganini January 17, 2016
Critical OpenSSH bug leaks private crypto keys just fixed

It has been fixed the OpenSSH vulnerability that can be exploited to steal crypto keys from vulnerable clients. Recently a critical vulnerability in OpenSSH has been fixed, the flaw can leak secret cryptographic keys. The flaw affects end users version of OpenSSH and not server side implementations. Many experts compared the effects of this flaw to the […]

  • 1
  • 2

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Uncategorized / July 11, 2025

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

    Hacking / July 10, 2025

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT