Skip to content
cybersecurityTechnology

"Pwnie Awards 2025 honors Qualys with two prizes for exceptional OpenSSH study" or "Qualys receives recognition with two awards at the Pwnie Awards 2025 for impressive OpenSSH research"

Qualsys Inc. honored with 'Epic Achievement' and 'Best RCE' awards at Pwnie Awards for its outstanding research on critical OpenSSH vulnerabilities, solidifying its position as a frontrunner in global cybersecurity innovation.

 and  Administrator
2 min read
Qualys successively honored with two Pwnie Awards in 2025 for commendable OpenSSH investigations
Qualys successively honored with two Pwnie Awards in 2025 for commendable OpenSSH investigations

"Pwnie Awards 2025 honors Qualys with two prizes for exceptional OpenSSH study" or "Qualys receives recognition with two awards at the Pwnie Awards 2025 for impressive OpenSSH research"

Qualys' Threat Research Unit Wins Top Awards at Pwnie Awards

At DefCon 2025, Qualys Inc.'s Threat Research Unit (TRU) was honoured with two top awards at the prestigious Pwnie Awards. The team won in the categories of "Epic Achievement" and "Best Remote Code Execution (RCE)".

The "Epic Achievement" award was given for discovering two unique OpenSSH security vulnerabilities: CVE-2024-6387 (regreSSHion) and CVE-2025-26465.

CVE-2024-6387, a pre-authentication Remote Code Execution (RCE) in OpenSSH, is the first of its kind in nearly 20 years. This rare race condition in the signal handler of the OpenSSH server (default configuration) leads to exploitable heap corruption. The vulnerability affects millions of devices worldwide.

On the other hand, CVE-2025-26465 is a man-in-the-middle attack on the OpenSSH client that made FreeBSD vulnerable for nearly a decade.

Bharat Jogi, Senior Director of Vulnerability and Threat Research at Qualys TRU, emphasized the importance of thorough research and responsible disclosure regarding the OpenSSH vulnerabilities. He also highlighted the significance of collaboration with open-source maintainers and the security community for quick patches and stronger security foundations.

Sumedh Thakar, President and CEO of Qualys, stated that the wins highlight the TRU team's exceptional expertise and strategic focus on protecting businesses worldwide. Bharat Jogi thanked the organizers and jurors of the Pwnie Awards for the recognition.

In the past five years, Qualys' TRU has been nominated for a Pwnie Award 14 times and won four. Their last Pwnie Award was in the category "Best RCE" in 2016, which was also for CVE-2024-6387 (regreSSHion). The Pwnie Awards recognition not only honours the work of Qualys TRU but also a shared commitment to a safer internet.

The Qualys Threat Research Unit values the recognition from the Pwnie Awards, as it highlights their shared commitment to a safer internet with organizations like Qualys TRU.

Read also:

Related

Latest