OpenBSD News Articles
Recent news articles refferecing the vendors vulnerabilities.
Security AffairsOpenSSH bugs allows Man-in-the-Middle and DoS Attacks
Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions.
OpenSSH flaws could enable man-in-the-middle attacks, denial of service
If the VerifyHostKeyDNS option is activated, an attacker could impersonate a server to hijack SSH sessions.
BankInfoSecurityProof-of-Concept Exploits Published for 2 New OpenSSH Bugs
Millions of servers are at risk from vulnerabilities in OpenSSH, a widely used, open source remote server management and file transfer tool. The flaws pose
HackreadCritical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks
2 critical OpenSSH vulnerabilities found! Qualys TRU finds client and server flaws (CVE-2025-26465 & CVE-2025-26466) enabling MITM and DoS.
New OpenSSH flaws expose SSH servers to MiTM and DoS attacks
OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago.
The Hacker NewsNew OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
Two OpenSSH vulnerabilities (CVE-2025-26465, CVE-2025-26466) allow MitM and DoS attacks.
The RegisterOpenSSH bugs threaten enterprise security, uptime
Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released. Qualys discovered the bugs in January, per its disclosure timeline. These vulnerabilities allow...
Qualys Security BlogCVE-2025-26465Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 | Qualys Security Blog
The Qualys Threat Research Unit (TRU) has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the…
Cyber Security NewsCVE-2023-38408OpenSSH Agent RCE Flaw Let Attackers Execute Arbitrary Commands
The flaw exists in OpenSSH's forward ssh-agent. This flaw allows an attacker to execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent.
10 Steps to Root Out the Terrapin Vulnerability
You don't have to stop using SSH keys to stay safe. This Tech Tip explains how to protect your system against CVE-2023-48795.
SpiceworksCVE-2023-48795SSH Vulnerable to Terrapin Attack - Spiceworks
Security researchers have discovered a new vulnerability in the Secure Shell (SSH) network protocol. Find out more.
Critical OpenSSH Flaw Could Allow Remote Code Execution - Cyber Kendra
Critical OpenSSH Flaw Could Allow Remote Code Execution
Cyber Security NewsOver 11M SSH Servers are Vulnerable to new Terrapin Attacks
It was reported that SSH servers were vulnerable to the new Terrapin Attack in which threat actors can downgrade an SSH protocol version.
BNN BreakingOpenSSH Vulnerabilities - An Urgent Call for Continuous Security Updates
Several security vulnerabilities identified in OpenSSH could potentially allow attackers to escalate their privileges and execute command injection. The Terrapin attack further exploits the protocol's weaknesses, emphasizing the need for continuous security monitoring and updates.
The Hacker NewsCVE-2023-48795New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security
Researchers uncover a critical SSH protocol vulnerability, "Terrapin" (CVE-2023-48795), allowing attackers to compromise secure connections.
Security BoulevardCVE-2023-51385OpenSSH Command Injection Vulnerability (CVE-2023-51385) Alert
Overview Recently, NSFOCUS CERT detected that OpenSSH released a security update and fixed a command injection vulnerability caused by malicious shell characters (CVE-2023-51385), with a CVSS score of 9.8; Since there is no security filtering of username and hostname input represented by %h,%u in Op...
Week in review: Terrapin SSH attack, Mr. Cooper breach - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Creating a formula for effective vulnerability
OpenSSH connections could be cracked by this all-new cyberattack
Terrapin is able to break SSH channel integrity, researchers claim
Help Net SecurityCVE-2023-48795SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) - Help Net Security
A vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol could allow an attacker to downgrade the connection's security.
Terrapin attacks can downgrade security of OpenSSH connections
Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used.