Red Hat News Articles

OpenSSH flaws could enable man-in-the-middle attacks, denial of service

If the VerifyHostKeyDNS option is activated, an attacker could impersonate a server to hijack SSH sessions.

2 days ago

Proof-of-Concept Exploits Published for 2 New OpenSSH Bugs

Millions of servers are at risk from vulnerabilities in OpenSSH, a widely used, open source remote server management and file transfer tool. The flaws pose

3 days ago

Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks

2 critical OpenSSH vulnerabilities found! Qualys TRU finds client and server flaws (CVE-2025-26465 & CVE-2025-26466) enabling MITM and DoS.

3 days ago

New OpenSSH flaws expose SSH servers to MiTM and DoS attacks

OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago.

3 days ago

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

Two OpenSSH vulnerabilities (CVE-2025-26465, CVE-2025-26466) allow MitM and DoS attacks.

3 days ago

OpenSSH bugs threaten enterprise security, uptime

Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released. Qualys discovered the bugs in January, per its disclosure timeline. These vulnerabilities allow...

3 days ago

Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 | Qualys Security Blog

The Qualys Threat Research Unit (TRU) has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the…

3 days ago

Severe Rsync vulnerabilities — CVSS 9.8 — risk RCE, data leaks

The critical and high severity flaws were discovered by Google Cloud researchers.

1 month ago

PoC Exploit Released For OpenSSH Arbitrary Code Execution Vulnerability

A proof-of-concept (PoC) exploit for the critical OpenSSH vulnerability CVE-2024-6387, also known as "regreSSHion," has been released, raising alarms across the cybersecurity community.

File sync tool rsync is vulnerable, 660,000 servers exposed

rsync is safe if provided with the latest patch. In fact, the old tool contains six vulnerabilities in an earlier version.

Severe Rsync vulnerabilities — CVSS 9.8 — risk RCE, data leaks

The critical and high severity flaws were discovered by Google Cloud researchers.

Over 660,000 Rsync servers exposed to code execution attacks

Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers.

Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool

Patches for six Rsync flaws, including critical CVE-2024-12084 (CVSS 9.8), released in v3.4.0. Update now.

Rsync package in Ubuntu distros updated to fix remote code execution bugs, download now

Canonical has pushed a patch for rsync after researchers uncovered serious vulnerabilities that enable remote code execution attacks.

Релиз утилиты для синхронизации файлов Rsync 3.4.0

15 января 2025 года состоялся релиз открытой утилиты для синхронизации файлов Rsync 3.4.0 . Исходный код проекта написан на C. Решение распространяется под лицензией GNU General Public License ....

PoC Exploit Released for Critical OpenSSH Vulnerability (CVE-2024-6387)

An alarming new development emerged in the cybersecurity landscape with the release of a proof-of-concept (PoC) exploit targeting the critical vulnerability identified as CVE-2024-6387. This vulnerability, discovered by researchers at Qualys, allows remote unauthenticated attackers to execute arbitr...

CVE-2024-6387 aka regreSSHion – root cause, risks, mitigation

Which systems are vulnerable to the OpenSSH CVE-2024-6387 flaw, and how can its exploitation be prevented?

FreeBSD releases new patch for regreSSHion-related RCE flaw

The OpenSSH vulnerability in the operating system could enable remote code execution with root privileges.

WARNING: HIGH VULNERABILITY IN KEYCLOAK COULD LEAD TO PRIVILEGE ESCALATION AND IMPERSONATION. PATCH IMMEDIATELY!

CVE-2024-8698 is a privilege escalation and impersonation vulnerability located in the SAML signature validation method within the Keycloak XMLSignatureUtil

The Windows Security Updates of August 2024 are now available - BitLocker Recovery issue fixed - gHacks Tech News

Here is an overview of the August 2024 security updates that Microsoft released for its Windows operating systems.

FreeBSD releases new patch for regreSSHion-related RCE flaw

The OpenSSH vulnerability in the operating system could enable remote code execution with root privileges.

CVE-2024-6387 - regreSSHion Remote Code Execution vulnerability seen in OpenSSH - Check Point Blog

On Monday, July 1st, a security regression ( CVE-2024-6387was discovered in  OpenSSH’s server (sshd), that was previously patched in 2006. According to

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We take a look at the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We take a look at the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We take a look at the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We take a look at the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We take a look at the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We take a look at the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

Another regreSSHion-like bug identified in OpenSSH

Despite being both remote code execution and race condition flaws, CVE-2024-6409 poses a "lower" immediate impact due to the issues being present in the privsep child process with fewer privileges.

Microsoft Says Windows Not Impacted by regreSSHion as Second OpenSSH Bug Is Found

A second remote code execution vulnerability, tracked as CVE-2024-6409, was found in OpenSSH during an analysis of the regreSSHion flaw.

OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable

The founder of Openwall has discovered a new signal handler race condition in the core sshd daemon used in RHEL 9.x and its various offshoots. The new flaw, tagged as CVE-2024-6409, was found by Openwall's...

Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability

This threat brief details CVE-2024-6387, called RegreSSHion, an RCE vulnerability affecting connectivity tool OpenSSH servers on glibc-based Linux systems.

Cyber Security Archives

Adobe Security Update for Premiere Pro, InDesign & Bridge Adobe has released crucial security updates for its widely-used software products: Premiere Pro, InDesign, and Bridge. The...

New OpenSSH CVE-2024-6409 Flaw Emerges

A week after the disclosure of the regreSSHion CVE-2024-6387 flaw in OpenSSH, researchers have found a related flaw (CVE-2024-6409) in some recent versions of the library.

New OpenSSH Vulnerability (CVE-2024-6409) Requires Patching

New OpenSSH vulnerability CVE-2024-6409 targets 8.7p1 and 8.8p1 of OpenSSH, specifically those shipped with Red Hat Enterprise Linux 9.

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

OpenSSH vulnerability CVE-2024-6409 found in Red Hat Linux 9 may enable remote code execution. Discover more.

New OpenSSH Vulnerability CVE-2024-6409 Exposes Systems to RCE Attack

Security researchers have discovered a new vulnerability in OpenSSH, identified as CVE-2024-6409, which could potentially allow remote code execution attacks on affected systems.

OpenSSH exploit is malicious: Beware CVE-2024-6387 POCs

OpenSSH exploit is malicious: Beware bogus CVE-2024-6387 POCs say Kaspersky as Cisco, others move to patch against regreSSHion vulnerability.

Beware of Fake regreSSHion Exploit Attacking Security Researchers

An archive containing malicious code is being distributed on the social network X(formerly known as Twitter), masquerading.

Cisco'dan Kritik Güvenlik Uyarısı: OpenSSH Açığı (CVE-2024-6387) Birçok Ürünü Etkiliyor - ÇözümPark

Cisco'dan Kritik Güvenlik Uyarısı: OpenSSH Açığı (CVE-2024-6387) Birçok Ürünü Etkiliyor

regreSSHion gap: New SSH feature offers protection, proof of concept is none

A Qualys researcher explained the severity of the problem in an interview with heise security. A major new OpenSSH function additionally secures the service.

‘RegreSSHion’ bug raises alarms but experts question chances of widespread exploitation

If exploited, the vulnerability affecting OpenSSH’s server on Linux systems would allow for a full system takeover where an attacker could install malware, manipulate data and create backdoors for persistent access.

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux

Full system compromise possible by peppering servers with thousands of connection requests.

OpenSSH vulnerability regresshion (CVE-2024-6387) - Oderland

A critical vulnerability has been discovered in OpenSSH server (sshd), "regreSSHion" (CVE-2024-6387), risking remote code execution.

TeamViewer says hack did not affect its product environment or customer data.

Juniper Networks fixes critical flaw. Interpol disrupts international scam networks. OpenSSH RCE flaw affects glibc-based Linux systems.

Critical OpenSSH vulnerability 'regreSSHion' (CVE-2024-6387) discovered, affects almost all Linux systems

The news blog specialized in Japanese culture, odd news, gadgets and all other funny stuffs. Updated everyday.

OpenSSHに重大な脅威となる脆弱性「regreSSHion」(CVE-2024-6387)が発覚、ほぼすべてのLinuxシステムに影響

セキュリティ企業・Qualysの脅威調査ユニット(TRU)の研究者たちが、GNU Cライブラリ(glibc)に依存するLinuxにおけるOpenSSHサーバーの重大なセキュリティ脆弱(ぜいじゃく)性を発見しました。この脆弱性は「regreSSHion」と名付けられ、認証なしのリモートからroot権限で任意コード実行が可能となる重大な脅威です。