Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
OpenSSH Security Scare: Two Major Flaws Squashed in Latest Update
OpenSSH, the favorite open source SSH protocol, just patched two major vulnerabilities. One lets attackers impersonate servers without user interaction, and the other causes denial-of-service chaos without breaking a sweat. If your server is feeling the heat, update to version 9.9p2 ASAP.
Hot Take:
In the latest episode of “Wow, We Definitely Didn’t See That Coming,” OpenSSH surprises us with vulnerabilities old enough to be in middle school! Who knew your secure shell was more like a cracked egg? If you’re using OpenSSH, it’s time to patch faster than a cat on a laser pointer! Trust us; you don’t want your server to be the next unwitting star in a MiTM attacker’s reality show.
Key Points:
- OpenSSH patched two vulnerabilities, one exploitable without user interaction and another without authentication.
- CVE-2025-26465 allows MiTM attackers to impersonate servers via the VerifyHostKeyDNS option.
- CVE-2025-26466 causes denial-of-service by hogging memory and CPU resources.
- The patches were included in OpenSSH version 9.9p2, released on Tuesday.
- Users are urged to update their OpenSSH instances immediately to avoid disruptions.
Already a member? Log in here