TRU Achieves Top Recognition for OpenSSH Vulnerability Research at Pwnie Awards

The Qualys Threat Research Unit (TRU) has been honoured with two prestigious awards at the Pwnie Awards, recognising its significant contributions to threat research related to vulnerabilities in OpenSSH and FreeBSD. The TRU received the titles of ‘Epic Achievement’ and ‘Best Remote Code Execution (RCE)’ for its outstanding work in discovering and responsibly disclosing critical cybersecurity vulnerabilities. The Pwnie Awards are esteemed within the cybersecurity research community, serving as a benchmark for excellence in identifying and addressing security flaws. This dual recognition highlights the importance of the TRU’s recent findings and their impact on the broader industry.

The Epic Achievement award was conferred for the discovery of two critical vulnerabilities in OpenSSH: CVE-2024-6387, informally known as ‘regreSSHion’, which marks the first pre-authentication RCE vulnerability in OpenSSH in nearly two decades, and CVE-2025-26465, a machine-in-the-middle vulnerability affecting OpenSSH’s client that left FreeBSD systems vulnerable by default for almost ten years. Additionally, the TRU was acknowledged in the Best RCE category for CVE-2024-6387, a rare vulnerability involving a signal handler race condition in the OpenSSH server’s default configuration, potentially leading to exploitable heap corruption. The identification of these vulnerabilities is particularly significant given OpenSSH’s widespread use in secure communications. 

Categories: Awards Recognition, Cybersecurity Vulnerabilities, Responsible Disclosure 

Tags: Qualys, Threat Research Unit, Pwnie Awards, Cybersecurity, Vulnerabilities, OpenSSH, FreeBSD, Remote Code Execution, Responsible Disclosure, Security Flaws