Security News

Week in review: MITRE ATT&CK v17.0 released, PoC for Erlang/OTP SSH bug is public
2025-04-27 08:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs MITRE has released the latest version of...

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)
2025-04-22 12:06

There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server...

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
2025-04-19 15:11

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities....

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
2025-04-19 14:05

Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now
2025-04-17 21:34

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. [...]

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
2025-04-17 10:32

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication...

Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers
2025-04-02 10:43

Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a...

Cloudflare open sources OPKSSH to bring Single Sign-On to SSH
2025-03-28 11:29

OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OpenID Connect (OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based...

Windows 10 KB5053606 update fixes broken SSH connections
2025-03-11 18:31

Microsoft has released the KB5053606 cumulative update for Windows 10 22H2 and Windows 10 21H2, which fixes numerous bugs, including one preventing SSH connections. [...]

Windows 10 KB5052077 update fixes broken SSH connections
2025-02-25 19:24

​​Microsoft has released the optional KB5052077 preview cumulative update for Windows 10 22H2 with nine bug fixes and changes, including a fix for a longstanding known issue that breaks SSH...