‼️🚨 Critical remote code execution in libssh2, the SSH client library embedded in countless tools: CVE-2026-55200, rated CVSS 9.2 by VulnCheck. Every version up to and including 1.11.1 is affected.
It's an out-of-bounds heap write in ssh2_transport_read(), which fails to bound-check the SSH packet_length field. A malicious or MITM'd SSH server can send oversized packets to corrupt memory and run code on the connecting client.
No known exploitation yet and it's not in CISA's KEV. Fix: move to a build that includes commit 7acf3df (PR #2052), and inventory anything that links libssh2 for SSH, SCP, or SFTP.
1 June 1943
Finnish Waffen-SS volunteers who have just returned from the Eastern Front on the German freighter "Warthe" in Hanko, Finland.
The Finnish Volunteer Battalion of the Waffen-SS (German: Finnisches Freiwilligen-Bataillon der Waffen-SS) was a motorized infantry battalion of the German Waffen-SS during World War II. It was formed from Finnish volunteers and fought on the Eastern Front as part of the SS Division Wiking. The unit was disbanded in mid-1943 as the two-year commitment of the volunteers had expired and the Finnish Government was unwilling to allow more men to volunteer. About 1,400 men served in the battalion during its existence.
(Photo source: SA-Kuva)
Color by Julius Jääskeläinen
https://t.co/i1HRhTszYF
Today in 1987, an 18-year-old from West Germany named Mathias Rust penetrates Soviet air defences and lands a Cessna 172 in Moscow's Red Square. The stunt, an epic humiliation for the Soviet military, earns the teen worldwide fame, as well as a 14-month stay in a Russian prison.
DO NOT use Telegram in sensitive applications. Telegram does not need to have its message encryption broken for users to be tracked at the network layer. Telegram sends MTProto over unencrypted TCP, exposing auth_key_id - a long-lived identifier tied to the client’s authorisation key. An ISP, hotel WiFi operator, mobile carrier, transit provider, or surveillance system on the network path can see that identifier if they can observe the traffic. It can remain stable across app restarts, IP changes, VPN use, network switches, and location changes. Secret Chats protect message content, but this leak is below that layer. That makes the attack passive. The risk is in retroactive correlation. Think a journalist using Telegram from different networks for months, then joining hotel or corporate WiFi under a real name. That one identity anchor could make old logs searchable for the same auth_key_id. The fix is simple - mandatory transport encryption for all MTProto connections, with no unencrypted fallback. Telegram chose not to do this. Source: @kaepora https://t.co/TJALYAwaOs
Italy: Counterfeit 2-euro coins, indistinguishable from genuine coins even to the European Central Bank, were produced in clandestine mints in Prato and Quarrata by a group linked to Chinese organized crime.
The operation involved importing nickel and nickel-brass alloy from China, clearing them through customs in Germany and Belgium, and minting coins that replicated designs from all EU countries, including commemorative editions.
Over 20,000 fake coins and one ton of raw materials have been seized, but this is considered only a small portion of the total forged. The coins matched originals in weight and magnetism, successfully deceiving machines and slots.
Five suspects, all Chinese nationals, were detained for criminal association. Authorities suspect the group received inside information from law enforcement to evade investigations.
Some of the earliest combat salvoes from 15cm Nebelwerfer 41 batteries launched towards Soviet positions during the opening weeks of Operation Barbarossa circa July 1941