Tag: OpenSSH
-
OpenSSH & Tor: ‘Operation SkyCloak’ Targets Defense Agencies with Stealthy Multi-Stage Backdoor
In mid-autumn 2025, researchers at Cyble and Seqrite Labs observed a new wave of targeted malicious activity dubbed Operation SkyCloak. According to their findings, an unidentified threat actor has been conducting a phishing campaign aimed at defence organizations in Russia and Belarus, with the objective of clandestinely installing a multi-stage backdoor that leverages OpenSSH and…
-
OpenSSH ProxyCommand Flaw CVE-2025-61984 Bypasses Filters, Allowing RCE via Crafted Usernames
A new vulnerability has been discovered in OpenSSH — CVE-2025-61984 — which permits remote code execution (RCE) by abusing the ProxyCommand parameter and peculiarities in shell character handling. Exploitation is possible even in the presence of protections against conventional shell metacharacters by leveraging control characters and syntactic errors that, in some shells, do not halt…
-
OpenSSH 10.1 Released: Security Fixes and Post-Quantum Warnings
The OpenSSH development team has announced the release of OpenSSH 10.1, marking a new stable version of the widely used secure communication suite. Build archives will soon be available on the project’s official mirrors. The release introduces security fixes, a redesigned network traffic prioritization mechanism, and warnings for weak cryptographic algorithms. OpenSSH is a full…
-
Terrapin’s Threat: 11 Million SSH Servers at Risk of Data Manipulation
Researchers have calculated that nearly 11 million SSH servers on the internet are vulnerable to Terrapin attacks, which allow data manipulation during the handshake process, ultimately compromising the integrity of the SSH channel when using certain widely used encryption modes. In December last year, experts from the Ruhr University in Bochum discussed the Terrapin issues.…
-
CVE-2023-51385: OpenSSH OS command injection vulnerability
Details have emerged about a now-patched security vulnerability in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. The vulnerability is tracked under the CVE identifier CVE-2023-51385 (CVSS score: 9.8). It impacts all versions of OpenSSH before 9.6p1. Also, with the same conditions, libssh before 0.10.6 or…
-
Windows Server 2019 officially supports OpenSSH
OpenSSH is a client-side and server-side software tool that supports remote login, remote file transfer, and public/private key management. OpenSSH was originally part of the OpenBSD project and has been used for many years on BSD, Linux, MacOS, and Unix. The Open SSH client is currently available as an add-on feature in Windows Server 2019 and…