techbot (@techbot@social.raytec.co)
Malicious Go 'crypto' Module Steals Passwords and Deploys Rekoobe Backdoor
A malicious Go module impersonating the legitimate golang.org/x/crypto has been discovered, containing a backdoor in ssh/terminal/terminal.go. This module captures passwords, exfiltrates them, and executes remote commands. The attack chain includes a Linux stager that installs an SSH key for persistence, weakens firewall settings, and deploys a Rekoobe backdoor. The campaign targets high-trust cryptography libraries and likely aims at cloud environments. The threat actor uses GitHub for staging and disguises payloads as media files. This sophisticated supply chain attack highlights the need for careful scrutiny of Go module changes and implementation of robust security measures in development workflows.
Pulse ID: 69a1276fbef301b2eb97cd94
Pulse Link: https://otx.alienvault.com/pulse/69a1276fbef301b2eb97cd94
Pulse Author: AlienVault
Created: 2026-02-27 05:11:11
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Cloud #CyberSecurity #GitHub #Golang #InfoSec #Linux #OTX #OpenThreatExchange #Password #Passwords #RAT #Rust #SSH #SupplyChain #Word #bot #AlienVault
Show Original Post
kkarhan (@kkarhan@infosec.space)
@iron_bug @torproject @ooni @limping Okay, I've looked into this...
I guess the only working option is to basically look like Russian Cybercrime [hacking foreign corpos for ransom] and setup your own custom #SSH tunnels and #TorBridges…
- I guess there needs to be something like #Toosheh but as a global service with resources for Russians.
https://en.wikipedia.org/wiki/Toosheh
https://www.netfreedompioneers.org/toosheh-datacasting-technology/
https://www.netfreedompioneers.org/knapsack-content-station/
Show Original Post
forumuu (@forumuu@nerdculture.de)
Serverdienste und Dateifreigaben im Netzwerk
Nextcloud Client
https://forum.ubuntuusers.de/topic/nextcloud-client-3/
26.02.2026 um 23:06 Uhr
#ubuntuusers #forumuu #linux #opensource #fragenistmenschlich #netzwerk #network #server #webserver #ssh #mysql #nfs #samba #vnc #vpn
Show Original Post
jbz (@jbz@indieweb.social)
snakes.run: rendering 100M pixels a second over ssh · eieio.games
https://eieio.games/blog/secure-massively-multiplayer-snake/
Show Original Post
brunobord (@brunobord@dice.camp)
oh my god this is so cool
$ ssh snakes.run
Show Original Post
royalapps (@royalapps@dotnet.social)
Tired of Managing Multiple Remote Sessions manually? Here’s the Fix 💡 Read more under: https://royalapps.com/go/help-ts-win-v7-ref-terminalservices
#devops #itadmin #terminalservices #RDP #remotedesktop #ssh
Show Original Post
Karcsesz (@Karcsesz@equestria.social)
Today on "How is this the state of the art!?": ssh-agent
I just learned that you may get locked out of your server due to too many authentication requests because the ssh-agent protocol has zero provisions for prefiltering keys and just blindly tries everything in your database until one of them goes through.
Is there a security reason why ssh can't send the host's hash to the agent to tell it what server it should return the key for?
Show Original Post
greve (@greve@floss.social)
#Veritasium did a video on how #SSH almost became compromised by #XZ, and along the way in a really easy to understand yet precise way explains so many things about the software freedom community that I am truly impressed.
Deserves to be shared widely:
https://www.youtube.com/watch?v=aoag03mSuXQ
Show Original Post
pitrh (@pitrh@mastodon.social)
Friends,
It feels like it was in a different century, but at the beginning of the #russia-#ukraine full scale war I speculated that you could predict development in conflict based on the intensity of attempted #cyberattacks, see https://nxdomain.no/~peter/Predicting_developments_in_real_world_conflict_from_patterns_of_failed_logins.html. The data now covers four years.
I ponder whether it's worth using the data (linked in the article) to see how these things correlate.
I'd love to hear your thoughts.
#ssh #passwordguessing #cybercrime #passwordgropers #hailmarycloud
Show Original Post
Radio_Azureus (@Radio_Azureus@ioc.exchange)
Thirty years of curl
Curl is for me part of the critical tools in any POSIX OS. Even in closed source OS like win64 curl is vital.
My gratitude is infinite
curl --verbose wttr.in/palmentuin|lolcat
...gets me such nice formatted output to (ba cs k z)sh
100% pure shell output, no browser needs to be spawned for that!
Curl usage
curl is used in command lines or scripts to transfer data. curl is also libcurl, used in cars, television sets, routers, printers, audio equipment, mobile phones, tablets, medical devices, settop boxes, computer games, media players and is the Internet transfer engine for countless software applications in over twenty billion installations.
curl is used daily by virtually every Internet-using human on the globe!
sources:
https://curl.se/
https://ioc.exchange/@bagder@mastodon.social/116130454645581888
#curl #critical #program #birthday #congratulations #30years #fun #jokes #OpenSource #POSIX #programming #networking #protocols #TCP #SSH
Show Original Post
ricci (@ricci@discuss.systems)
My student Ghazal gave a talk at the PRISM workshop (attached to #NDSS) yesterday! She has done some really nice work on classifying #ssh brute-force attackers using clustering techniques. The full paper and slides are up at: https://www.flux.utah.edu/paper/abdollahi-prism26
Show Original Post
kkarhan (@kkarhan@infosec.space)
@iuvi this seems like a good way to do it at first glance.
- Granted I've not used #sshuttle myself, but I found a decently written #howto for #SSHtunneling.
- Also @nixCraft made a good post explaining #SSHtunnels and also some even more condensed writeup to get you started.
- Obviously you need a #Server on the "outside" of the #IronFirewall of #Roskomnadzor's realm, but any #VPS with decent bandwith should work.
I'd still recommend to use @torproject / #TorBrowser through that #SSHtunnel for added #privacy.
- OFC for applications that need #UDP and/or don't like #Tor you'd still be able to use them regardless, but for #Messaging like #XMPP+#OMEMO (@monocles / #monoclesChat, @gajim), #IRC & #PGP/MIME (i.e. @delta & @thunderbird) tor just works.
- I wished @tails_live / @tails / #Tails would've support for #SSHtunnels built-in for extra-hard cases when even private #Bridges ain't an option.
Still #Russia fighting against #VPN useage whilst also being reliant on #CyberCrime & #CyberWarfare from russian soil makes it basically impossible to ban #SSH.
- After all, this would also prevent their agents from communicating since #Gonets¹ and Gazprom Space Systems either don't have global coverage or are too slow to be used for any decent communication resembling realtime beyond narrowband communication.
Show Original Post