TECH NEWS

The 4th Linux kernel flaw this month can lead to stolen SSH host keys

https://www.zdnet.com/a/img/resize/daae2e29fd2405bce66c279ac3c98551ff81e2bd/2026/05/15/0f5c1cfe-7b77-4999-989a-a20d093dcee0/gettyimages-2251821528.jpg?auto=webp&fit=crop&height=675&width=1200

Follow ZDNET: Add us as a preferred source on Google.

ZDNET's key takeaways

  • Another day, another Linux bug.
  • There is a patch out now.
  • However, it's not available yet in most distros.

Linux's latest kernel flaw doesn't have a fancy name; it's just called "ssh‑keysign‑pwn." It's the fourth high‑profile local security hole to hit Linux in just a few weeks. This one enables ordinary users to quietly read some of the most sensitive files on a system, including Secure Shell (SSH) host private keys and the shadow password file.

The vulnerability gets its "ssh‑keysign‑pwn" nickname from one of the main exploitation paths: abusing OpenSSH's ssh-keysign helper binary. Keysign -keysign is used for host‑based authentication and typically runs setuid root, opening the system's SSH host keys before dropping privileges to complete its work.

Also: The third major Linux kernel flaw in two weeks has been found - thanks to...

Copyright of this story solely belongs to zdnet.com. To see the full text click HERE

Read more

https://images.sifted.eu/wp-content/uploads/2026/05/19150033/Gab_Rooftop2-scaled.jpg?w=2048&h=1366&q=75&fit=crop&auto=compress,format

London-based Primer, which helps e-commerce merchants connect and manage multiple payment providers, raised a $100M Series C led by Sofina

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. App Spotlight: Quo for Zoho CRM — App Spotlight brings you hand-picked solutions that enhance your