15-Year OpenSSH Root Bug Exposes Servers Everywhere & ADT Confirms 10M-Record Breach 🔑🚨

Two stories today demand your attention: a hidden flaw sitting quietly inside one of the internet's most-trusted tools for fifteen years, and a household name in home security learning the hard way that one phone call can unravel ten million customer records. Here's what happened and why it matters.

🔑 A 15-Year-Old OpenSSH Bug Hands Attackers Root — Silently

OpenSSH is the software countless servers, cloud services, and developers rely on to log in remotely and run the internet's plumbing. Researchers just disclosed CVE-2026-35414, a flaw that has been hiding in OpenSSH for roughly 15 years. The bug is shockingly simple: a stray comma in an SSH certificate's "principal" field gets misread as a separator, so a certificate listing "deploy,root" can be parsed as granting full root access — total control of the machine. Worse, the attack leaves no failed-login traces in the logs, and researchers built a working exploit in just twenty minutes. If you run servers, manage cloud infrastructure, or rely on a vendor that does (which is essentially every business), upgrading to OpenSSH 10.3 should jump to the top of your to-do list this week.

Read more

🚨 ADT Confirms Breach: 10 Million Customer Records, One Phone Call

ADT — the home security company watching over millions of houses — has confirmed a major data breach after the cybercriminal group ShinyHunters claimed to have stolen 10 million records and threatened to leak them. Most of the exposed data is names, phone numbers, and home addresses, but a smaller subset also includes dates of birth and Social Security or tax ID numbers. The really uncomfortable part: attackers didn't crack any fancy system. They called an ADT employee, tricked them over the phone (a tactic called "vishing"), and used the stolen Okta credentials to walk straight into the company's Salesforce. It's a sharp reminder that humans — not firewalls — remain the most attacked surface, and that strong identity controls and employee training matter as much as any security tool.

Read more

Stay ahead of threats with GOCO Security at gocosecurity.com.