Shadowserver report
Nearly 11 million SSH servers vulnerable to Terrapin attacks

Around 11 million SSH servers are at risk from the Terrapin attack, which can compromise the security of certain SSH connections. This constitutes roughly 52% of all scanned samples in the IPv4 and IPv6 space monitored by Shadoserver.

The Terrapin attack, created by researchers from Ruhr University Bochum in Germany, affects both clients and servers using the SSH protocol.

• Alert

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

By infosecbulletin / Wednesday , June 4 2025

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...

Read More

• Alert
• Cyber Attack

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

By infosecbulletin / Wednesday , June 4 2025

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...

Read More

• Alert
• Hot Topic

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

By infosecbulletin / Tuesday , June 3 2025

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....

Read More

• Alert
• Vulnerabilities

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

By infosecbulletin / Tuesday , June 3 2025

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...

Read More

• Alert
• Vulnerabilities

Critical RCE Flaw Patched in Roundcube Webmail

By infosecbulletin / Monday , June 2 2025

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...

Read More

• Cyber Attack
• Data Breach

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

By infosecbulletin / Sunday , June 1 2025

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...

Read More

• International

CISA Issued Guidance for SIEM and SOAR Implementation

By infosecbulletin / Sunday , June 1 2025

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...

Read More

• Vulnerabilities

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

By infosecbulletin / Saturday , May 31 2025

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....

Read More

• International

Australia enacts mandatory ransomware payment reporting

By infosecbulletin / Saturday , May 31 2025

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...

Read More

• Hot Topic

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

By infosecbulletin / Saturday , May 31 2025

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...

Read More

SSH channel integrity can be compromised by manipulating sequence numbers during the handshake process. This is especially true when encryption modes like ChaCha20-Poly1305 or CBC with Encrypt-then-MAC are used.

An attacker can lower the security of OpenSSH 9.5 by downgrading public key algorithms and disabling defenses against timing attacks.

Terrapin attack requires attackers to be in a middle position to intercept and modify the handshake exchange. Threat actors often infiltrate important networks and wait for the right time to launch their attack.

A report by Shadowserver warns that there are around 11 million SSH servers on the internet that can be targeted by Terrapin attacks.

The United States had 3.3 million vulnerable systems, followed by China with 1.3 million, Germany with 1 million, Russia with 700,000, Singapore with 390,000, and Japan with 380,000.

Shadowserver’s report is important because it shows that Terrapin attacks can affect many people.

Adversaries have a large pool of 11 million instances to choose from, even though not all of them are at immediate risk of being attacked. To check if an SSH client or server is vulnerable to Terrapin, the Ruhr University Bochum team offers a vulnerability scanner.