The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
diginomica

Risky business? AI agents are asking for your SSH keys. 21,000 exposed instances tell their own cautionary tale...

Security researchers found more than 21,000 exposed OpenClaw deployments, highlighting why enterprise adoption of AI agents needs to pay more than lip service to "guardrails".
GitHub

SSH3: faster and rich secure shell using HTTP/3

SSH3 is a complete revisit of the SSH protocol, mapping its semantics on top of the HTTP mechanisms. It comes from our research work and we (researchers) recently proposed it as an Internet-Draft ...
GitHub

Windows Fail2Ban: SSH Brute-Force protection

Just like the original Fail2Ban, this configurable and easy to use solution works by scanning logs, in this case the Windows event log from the Win32-OpenSSH service and bans IPs with too many failed ...