AyySSHush
-
New Linux PamDOORa backdoor sold on cybercrime forum, researchers say
Researchers disclosed PamDOORa, a Linux backdoor sold on a Russian cybercrime forum for up to $1,600. The PAM-based tool can provide persistent SSH access, harvest credentials and tamper with logs, though no real-world use has been seen.
-
New Linux botnet SSHStalker uses IRC C2 and scanned nearly 7,000 hosts
SSHStalker is a Linux botnet that uses IRC for command and control and performed nearly 7,000 SSH scans in January. It compiles C bots on infected hosts and persists via one minute cron jobs. Operators should monitor compilers and block IRC outbound traffic.
-
Unpatched Gogs vulnerability being actively exploited; hundreds of instances compromised
Wiz researchers say a high-severity unpatched flaw in Gogs (CVE-2025-8110) is being actively exploited, with more than 700 compromised instances; the issue allows file overwrites via symbolic links and can lead to remote code execution. Researchers recommend disabling open registration, limiting internet exposure and scanning for random repositories while a fix is developed.
-
ASUS issues firmware to fix critical authentication bypass in DSL routers
ASUS released firmware version 1.1.2.3_1010 to fix a critical authentication bypass (CVE-2025-59367) impacting DSL-AC51, DSL-N16 and DSL-AC750 routers and urged users to install the update or follow mitigation steps to block internet-accessible services.
