InfoSecBulletin Cybersecurity for mankind
Around 11 million SSH servers are at risk from the Terrapin attack, which can compromise the security of certain SSH connections. This constitutes roughly 52% of all scanned samples in the IPv4 and IPv6 space monitored by Shadoserver.
The Terrapin attack, created by researchers from Ruhr University Bochum in Germany, affects both clients and servers using the SSH protocol.
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
SSH channel integrity can be compromised by manipulating sequence numbers during the handshake process. This is especially true when encryption modes like ChaCha20-Poly1305 or CBC with Encrypt-then-MAC are used.
An attacker can lower the security of OpenSSH 9.5 by downgrading public key algorithms and disabling defenses against timing attacks.
Terrapin attack requires attackers to be in a middle position to intercept and modify the handshake exchange. Threat actors often infiltrate important networks and wait for the right time to launch their attack.
A report by Shadowserver warns that there are around 11 million SSH servers on the internet that can be targeted by Terrapin attacks.
The United States had 3.3 million vulnerable systems, followed by China with 1.3 million, Germany with 1 million, Russia with 700,000, Singapore with 390,000, and Japan with 380,000.
Shadowserver’s report is important because it shows that Terrapin attacks can affect many people.
Adversaries have a large pool of 11 million instances to choose from, even though not all of them are at immediate risk of being attacked. To check if an SSH client or server is vulnerable to Terrapin, the Ruhr University Bochum team offers a vulnerability scanner.
