#ssh

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rrjw-j4m2-mf34. This link is maintained to preserve external references. ### Original Description The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) that is more difficult to exploit.

Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks.

Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems. The vulnerability, tracked as CVE-2025-37103, carries a CVSS score of 9.8 out of a maximum of 10.0. "Hard-coded login credentials were found in HPE

Former US Army soldier Cameron Wagenius pleads guilty to hacking telecom companies and extorting $1 million+ using cybercrime forums like BreachForums and XSS.

The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements.

Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed masquerading as the cross‑platform SSH client and server‑management tool Termius in late May 2025. "ZuRu malware

### Impact Any user with a Juju account on a controller can upload a charm to the /charms endpoint. No specific permissions are required - it's just sufficient for the user to exist in the controller user database. A charm which exploits the zip slip vulnerability may be used to allow such a user to get access to a machine running a unit using the affected charm. ### Details A controller exposes three charm-related HTTP API endpoints, as follows: - PUT/GET https://<controller-ip>:17070/model-<model-uuid>/charms/<nameofcharm>-<hashofcharm> - POST/GET https://<controller-ip>:17070/model-<model-uuid>/charms - GET https://<controller-ip>:17070/charms These endpoints require Basic HTTP authentication credentials and will accept any valid user within the context of the controller. A user that has no specific permission or access granted can call all of these APIs. To reproduce: ``` juju bootstrap juju add-user testuser juju change-user-password testuser ``` Download the ZIP file of an...

Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts. "The attacker used a modified version of XMRig with a hard-"coded configuration, allowing them to avoid suspicious command-line arguments that are often flagged by defenders," Wiz researchers Yaara Shriki and Gili

### Summary eKuiper /config/uploads API supports accessing remote web URLs and saving files in the local upload directory, but there are no security restrictions, resulting in arbitrary file writing through ../. If run with root privileges, RCE can be achieved by writing crontab files or ssh keys. ### Details ```go func fileUploadHandler(w http.ResponseWriter, r *http.Request) { switch r.Method { // Upload or overwrite a file case http.MethodPost: switch r.Header.Get("Content-Type") { case "application/json": fc := &fileContent{} defer r.Body.Close() err := json.NewDecoder(r.Body).Decode(fc) if err != nil { handleError(w, err, "Invalid body: Error decoding file json", logger) return } err = fc.Validate() if err != nil { handleError(w, err, "Invalid body: missing necessary field", logger) return } filePath := filepath.Join(uploadDir, fc.Name) err = upload(fc) ``` - The fc.Name parameter do not safely filtered. ### PoC ``` POST /co...

What happens in the privacy of your own home stays there. Or does it?