A long-running intrusion allegedly reached into PAM and OpenSSH itself, showing how a compromise of trusted authentication code can outlast ordinary cleanup.
When attackers tamper with the software that authenticates admins, the breach can sit inside the trust boundary itself.
A reported long-running intrusion tied to Velvet Ant shows why defenders now have to verify authentication integrity, not just patch software and hope the login stack is still honest.
A long-running campaign tied to Velvet Ant highlights a brutal lesson for defenders: once attackers tamper with authentication software, the trust model itself starts to collapse.
A prolonged Linux intrusion highlights a brutal reality for defenders: if attackers tamper with authentication itself, ordinary cleanup can miss the place where trust was broken.
A long-lived kernel flaw linked to CVE-2026-46333 shows how a local bug can reach root-owned secrets, and sometimes root itself, without needing a remote exploit.
A subtle flaw in OpenSSH’s authentication process quietly handed attackers the keys to the kingdom-undetected for over a decade.
A newly uncovered vulnerability in OpenSSH exposes millions of servers to potential cyberattacks, reigniting fears over the safety of the internet’s backbone.
OpenSSH 10.3 delivers urgent fixes for severe shell injection and authentication vulnerabilities threatening global infrastructure.
A newly released OpenSSH update tackles a dangerous shell injection vulnerability and tightens security for millions of servers worldwide.
A newly uncovered bug in OpenSSH’s GSSAPI authentication exposes thousands of servers to silent, unauthenticated denial-of-service attacks.
A single, unauthenticated packet can reliably crash SSH child processes and leak sensitive data on vulnerable Linux systems.