29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests

A heap over-read in the Squid web proxy can leak another user’s cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy.

The bug traces to a 1997 FTP-parsing change and is still live in Squid’s default configuration. Researchers at Calif.io disclosed it in June and named it Squidbleed (

Source: The Hacker News

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Attack Update: Top 5 Attack-IPs auf doode.info – 22.06.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. 203.175.125.179 — 362 requests (recent log) 89.167.35.212 — 168 requests (recent log) 216.73.216.150 — 61 requests (recent

Read More

Attack Update: Top 5 Attack-IPs auf doode.info – 21.06.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. Keine relevanten IPs erfasst (ruhig oder stark gefiltert). Mehr Live-Daten und die komplette Historie im /attacks/ Watchtower-Bereich

Read More

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader,

Read More