A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2.
libssh2 is a client-side SSH library, not a server.
from The Hacker News https://ift.tt/dvpZ3Ah
via Cyber Security
The Hacker News
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
A Russian advanced persistent threat (APT) group has continued to evolve and expand it…