network

Public PoC Released for Critical Libssh2 CVE-2026-55200 Client-Side SSH Flaw

A critical vulnerability (CVE-2026-55200) in the libssh2 client-side SSH library allows a malicious SSH server to trigger memory corruption and potentially execute code on the client without user interaction or credentials. The flaw, present in all versions up to 1.11.1, arises from improper bounds checking on packet length during the SSH handshake, leading to an out-of-bounds heap write. While a patch has been merged but not yet officially released, security advisories urge organizations to inventory affected software linking libssh2 and apply vendor or distribution backports, restrict SSH connections to trusted servers, and monitor for anomalous behavior.

https://thehackernews.com/2026/06/public-poc-released-for-critical.html

What Do Ports Hear When Nobody’s Listening? An Assessment of Automated Cybercrime

An analysis of honeypot data reveals that the background noise of automated scans on public-facing ports is a complex multi-tiered ecosystem of botnets and malware campaigns, ranging from rudimentary IoT exploits to sophisticated fileless attacks targeting both consumer devices and enterprise infrastructure. Operators like Terrabot and r00ts3c demonstrate flawed but persistent automation exploiting known vulnerabilities, while advanced campaigns like RondoDox utilize decentralized residential bots to conduct coordinated, evolving attacks with techniques such as Log4Shell evasion and targeted command injection. This ongoing shadow economy uses high-volume automation and imperfection in defenses to maintain persistence and adaptation, highlighting the importance of monitoring structural patterns in network noise for effective threat detection.

https://isc.sans.edu/diary/33104?n

I Left Port 22 Open on the Internet for 54 Days. Here’s Who Showed Up.

In a 54-day experiment, a honeypot mimicking an Ubuntu SSH server was left open on port 22, recording over 269,000 connection attempts from 7,556 unique IPs. The study revealed a constant flood of mostly automated attacks scanning for weak passwords, with a small fraction of sophisticated attackers deploying advanced techniques, including targeted crypto node intrusions; the findings underscore the relentless and noisy nature of internet scanning and the importance of robust SSH security practices.

https://arman-bd.hashnode.dev/i-left-port-22-open-on-the-internet-for-54-days-here-s-who-showed-up

A Dozen Allied Agencies Say China Is Building Covert Hacker Networks Out of Everyday Routers

A coalition of U.S. and international government agencies has issued a warning about a significant shift in Chinese hacker tactics, highlighting the use of large-scale covert networks composed of compromised everyday routers and Internet of Things devices to conduct cyberattacks. These networks enable malicious activities such as reconnaissance, malware delivery, and espionage while disguising attackers' origins, prompting recommendations for organizations, especially large and critical infrastructure entities, to adopt enhanced cybersecurity measures and active threat hunting.

https://cyberscoop.com/china-nexus-covert-networks-advisory/

Residential Proxies Evaded IP Reputation Checks in 78% of 4B Sessions

Researchers from GreyNoise analyzed 4 billion malicious sessions and found that residential proxies evaded IP reputation checks in 78% of cases, challenging the assumption that attackers can be distinguished from legitimate users based on IP origin. These proxies are short-lived, rapidly rotated, and primarily used for scanning and reconnaissance, making IP reputation less effective and suggesting a shift toward behavior-based detection methods.

https://www.bleepingcomputer.com/news/security/residential-proxies-evaded-ip-reputation-checks-in-78-percent-of-4b-sessions/

FCC Bans New Routers Made Outside the USA Over Security Risks

The FCC has updated its Covered List under the Secure and Trusted Communications Networks Act of 2019 to ban the sale of all new consumer routers made outside the USA, citing national security risks related to foreign-manufactured devices potentially disrupting critical infrastructure. Exceptions exist for some government-used routers and manufacturers can seek U.S. approval by disclosing supply chain details and moving critical manufacturing to the U.S., but the rule may limit model availability and increase costs for consumers.

https://www.bleepingcomputer.com/news/security/fcc-bans-new-routers-made-outside-the-usa-over-security-risks/

New AirSnitch Attack Bypasses Wi-Fi Encryption in Homes, Offices, and Enterprises

New research reveals a series of attacks, named AirSnitch, that bypass Wi-Fi encryption and client isolation, allowing attackers to intercept and manipulate data between connected clients. The attacks exploit vulnerabilities in the lowest levels of the network stack, specifically targeting the interaction between Layers 1 and 2. AirSnitch enables bidirectional man-in-the-middle attacks, potentially compromising sensitive data and enabling advanced cyberattacks.

https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/

2026-01-14: The Day the Telnet Died

On January 14, 2026, global telnet traffic dropped 59% abruptly due to potential port 23 filtering by U.S. internet providers, coinciding with the discovery of CVE-2026-24061, a critical telnet vulnerability. Eighteen ASNs lost all telnet sessions, and five countries dropped from data completely. The post suggests the drop was a response to an exploitable vulnerability, emphasizing the importance of patching or disabling GNU Inetutils telnetd. The sustained reduction in telnet traffic indicates a shift away from insecure protocols among ISPs.

https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/

Cloudflare Defies Italy’s Piracy Shield, Won’t Block Websites on 1.1.1.1 DNS

Cloudflare faces a €14.2 million fine from Italy for not blocking pirate sites on its 1.1.1.1 DNS service under the country's Piracy Shield law. The law requires rapid blocking of alleged piracy sites, but Cloudflare argues it could harm legitimate sites and plans to contest the fine, possibly withdrawing services in Italy. The Piracy Shield has faced criticism for overblocking legitimate sites and lacking due process.

https://arstechnica.com/tech-policy/2026/01/cloudflare-may-pull-servers-out-of-italy-over-order-that-it-block-pirate-sites/

Scroll to Top