> TritonInfoSec News
Home / Jun 23, 2026 / Story
0
#6 The Hacker News general June 22, 2026 at 14:29 UTC

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

By [email protected] (The Hacker News)

AI Summary

Researchers at Calif.io disclosed 'Squidbleed,' a heap over-read vulnerability in Squid proxy that traces to a 1997 FTP-parsing code change and remains present in Squid's default configuration today. The flaw can leak a user's cleartext HTTP request — including credentials and session tokens — to other users sending traffic through the same proxy, drawing direct comparisons to Heartbleed in its potential for credential exposure. Squid deployments in enterprise and ISP environments should be patched or mitigated immediately given the widespread use of the software.

Read full article → https://thehackernews.com/2026/06/29-year-old-squi…

Relevance score: 81.0/100

# More from June 23

  1. 1
    FortiBleed campaign used custom FortiGate sniffer to steal credentials BleepingComputer
  2. 2
    New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones SecurityWeek
  3. 3
    Fortinet Responds to FortiBleed Campaign SecurityWeek
  4. 4
    Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices The Hacker News
  5. 5
    ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack The Hacker News
  6. 7
    AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network The Hacker News
  7. 8
    North Korean Hackers Blamed for Mastra NPM Supply Chain Attack SecurityWeek
  8. 9
    Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants The Hacker News
  9. 10
    More Cybersecurity Firms Disclose Impact From Klue Hack SecurityWeek