In a first, cryptographic keys protecting SSH connections stolen in new attack

Research analyzing active SSH scan data found multiple vendor SSH implementations producing faulty RSA signatures that leak private keys. These faults—observed across thousands of signatures for vendors such as Zyxel and others—allow passive observers to recover keys and perform man-in-the-middle impersonation to steal credentials; the root causes are unclear (possible crypto accelerator bugs, memory/storage corruption, or transient bit-flips), and some devices show transient faults while others remain consistently vulnerable.