Bleeping Computer

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by ...
Bleeping Computer

Exploit released for critical VMware SSH auth bypass vulnerability

Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool (formerly known as vRealize Network ...

Hot on the Heels of Copy Fail, New Linux Bugs Grant Root Privileges

Additional Linux privilege escalation exploits related to long-existing bugs have been disclosed, so patch ASAP.
CSOonline

Hackers exploit unpatched Erlang/OTP to crack OT firewalls

A max-severity RCE vulnerability in Erlang’s OTP SSH daemon, CVE-2025-32433, was actively exploited in OT networks across six countries, targeting firewalls in critical infrastructure sectors. A ...

The 4th Linux kernel flaw this month can lead to stolen SSH host keys

The 4th Linux kernel flaw this month can lead to stolen SSH host keys ...
Ars Technica

Damnit Apple, Patch SSH

It has been almost a week since the SSH exploit/patch came out. This is getting a little ridiculous. I can't completely tell how serious this hole is, but I don't feel too safe leaving SSH enabled on ...
TechSpot

Researchers found a new way to steal SSH encryption keys

Bottom line: Security researchers have devised a new way to steal cryptographic keys in Secure Shell (SSH) computer-to-server communication. Compromised SSH connections could allow bad actors to ...