Bleeping Computer

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by ...
CSOonline

OpenSSH fixes flaws that enable man-in-the-middle, DoS attacks

Researchers from Qualys found two vulnerabilities that can be combined to bypass the server key verification in OpenSSH clients when the VerifyHostKeyDNS is used, allowing man-in-the-middle attackers ...