Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released.

Qualys discovered the bugs in January, per its disclosure timeline. These vulnerabilities allow miscreants to perform machine-in-the-middle (MitM) attacks on the OpenSSH client and pre-authentication denial-of-service (DoS) attacks.

Patches for CVE-2025-26465 and CVE-2025-26466 were released this morning. Although their respective severity scores (6.8 and 5.9 out of 10) don't necessarily scream "patch me right away" – it certainly doesn't seem as bad as last year's regreSSHion issue – they're both likely to raise some degree of concern given the tool's prominence.

A security researchers shared a picture of the instructions that go along Apple's Security Research Device and more details about this special iPhone.

The company’s AirLink cellular routers are often used in critical infrastructure sectors, such as government and emergency services.

Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.