Update your “secure” file transfer software
To ruin your day, a new vulnerability has been discovered in various file transfer software that allows someone to recover your private keys simply by checking your 60 public signatures. These signatures can be obtained from a compromised machine or simply by reading signed Git commits. The latter does not require any special access rights, just patience and time.
The vulnerability applies to a variety of programs, including PuTTY, Filezilla, WinSCP, TortoiseGit, and TortoiseSVN, and other programs may also be vulnerable. You can check the exact version as well as the official CVE on Bleeping Computer, or just update as you most likely don’t have the latest version. The flaw comes from the way these programs generate temporary unique encryption numbers during the connection process, which can be off enough to reveal your private key with enough examples.
This is a very bad program considering that these programs are used not by regular users but by system administrators and people who transfer sensitive data. Hope nothing worse happens tomorrow!