OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

SecurityWeek

Overview

A significant vulnerability in OpenSSH has been discovered, allowing attackers to gain full root shell access to affected systems. This flaw, which has been present for 15 years, stems from a coding issue that misinterprets comma characters in certificate principals as list separators. As a result, unauthorized users could exploit this vulnerability to escalate privileges and take control of systems. OpenSSH is widely used for secure remote access, making this a serious concern for organizations relying on it for security. Users and administrators are urged to review their systems and apply any available patches to mitigate this risk.

Key Takeaways

  • Affected Systems: OpenSSH versions with the flaw, affecting both client and server implementations.
  • Action Required: Apply patches or updates as they become available from OpenSSH maintainers; review configurations to ensure proper handling of certificate principals.
  • Timeline: Disclosed on [date]

Original Article Summary

A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators. The post OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years appeared first on SecurityWeek.

Impact

OpenSSH versions with the flaw, affecting both client and server implementations.

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Disclosed on [date]

Remediation

Apply patches or updates as they become available from OpenSSH maintainers; review configurations to ensure proper handling of certificate principals.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Exploit, Vulnerability.

Related Coverage

23andMe to pay $18 million in new genetics data breach settlement

BleepingComputer

23andMe, the genetic testing company, has agreed to pay $18 million to settle a lawsuit filed by a coalition of 43 attorneys general. The lawsuit claimed that 23andMe failed to adequately protect its customers' genetic data, putting sensitive information at risk. This settlement comes as part of a broader push for companies to prioritize data security, especially when handling personal genetic information. Customers who used 23andMe's services are particularly affected, as their genetic data could have been exposed. The situation raises significant concerns about privacy and the responsibilities of companies in safeguarding sensitive health information.

Jul 16, 2026

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

The Hacker News

Cybersecurity experts have identified a new malware named TELEPUZ that has been spreading since late April 2026 through compromised websites using ClickFix lures. This modular malware is designed to steal data and execute commands on infected systems. Researchers from Elastic Security Labs note that while the number of command-and-control domains associated with TELEPUZ is currently limited, its capabilities raise significant concerns for users and organizations. The lightweight nature of the malware makes it particularly dangerous, as it can easily evade detection. Users visiting infected sites are at risk, making it crucial for individuals and companies to remain vigilant about their online activities and security practices.

Jul 16, 2026

New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

The Hacker News

A new piece of malware known as ClickLock Stealer is targeting macOS users by forcing them to input their login passwords. This infostealer operates by running a command in the Terminal that creates a fake system dialog asking for the password. If the victim cancels this request, the malware repeatedly kills various applications—including Finder and Terminal—every 210 milliseconds until the password is provided. Once the victim logs in again, the malware installs two LaunchAgents, allowing it to operate silently in the background. This type of attack is particularly concerning as it manipulates user behavior to extract sensitive information, highlighting the need for users to be cautious about unexpected prompts and commands.

Jul 16, 2026

20+ Hijacked Government Websites Became
an Attack Channel

The Hacker News

Over 20 Brazilian government websites have been hijacked as part of a campaign by a group known as PhantomEnigma. These sites were repurposed to deliver malware, which poses a significant risk to users who visit them. Researchers from ANY.RUN discovered previously unknown backdoor tactics and complex relationships within the cybercriminal infrastructure involved. This incident not only affects the integrity of government websites but also puts the data and security of users at risk, highlighting the ongoing challenges in protecting public digital resources. It serves as a reminder for both users and government agencies to remain vigilant against such attacks.

Jul 16, 2026

Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

The Hacker News

Daxin, an advanced malware linked to a Chinese threat actor, has been detected again after a four-year gap, this time within a manufacturing firm in Taiwan. This kernel-mode rootkit, identified as 'srt64.sys', was first reported by Symantec in March 2022. Alongside Daxin, researchers have also discovered a new backdoor called Stupig, which has not been previously documented. The resurgence of Daxin raises concerns about targeted attacks on critical infrastructure, particularly in sectors like manufacturing that are vital to the economy. Organizations in Taiwan and similar industries need to be vigilant and reassess their cybersecurity measures to protect against these sophisticated threats.

Jul 16, 2026

CISA orders feds to patch actively exploited Oracle flaw by Saturday

BleepingComputer

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies address a serious vulnerability in the Oracle E-Business Suite by Saturday. This flaw is being actively exploited in the wild, posing risks to financial operations managed through the software. Agencies are urged to take immediate action to protect their systems from potential attacks that could compromise sensitive financial data. The urgency of this directive reflects the critical nature of the vulnerability and the potential impact on government operations if left unaddressed.

Jul 16, 2026