{"vulnerability": "CVE-2026-47729", "sightings": [{"uuid": "bbd94e1f-98f3-42c8-bf68-e5435ac91758", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mo3rm3en6x2v", "content": "Squid CVE-2026-47729 and CVE-2026-50012", "creation_timestamp": "2026-06-12T12:48:18.898740Z"}, {"uuid": "e0e2cbce-02b0-4996-9409-6306a617500b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3modi3vazfl2z", "content": "Re: Squid CVE-2026-47729 and CVE-2026-50012", "creation_timestamp": "2026-06-15T14:19:29.860131Z"}, {"uuid": "1830a109-dd87-4778-956d-9688fa0396b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3moeii64hu42s", "content": "Squid 7.6 fixes CVE-2026-47729, an OOB read in the FTP gateway that a hostile upstream FTP server can trigger, plus CVE-2026-50012, a heap overflow in cache digests when built with --enable-cache-digests. Two memory bugs at the proxy edge. Do you still need FTP gatewaying enabled at all?\n#security", "creation_timestamp": "2026-06-15T23:59:01.793449Z"}, {"uuid": "f0d28637-8bd5-42f1-8387-24a3e157a13f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mohbcixrys25", "content": "\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u30fcSquid \u304cFTP\u30b2\u30fc\u30c8\u30a6\u30a7\u30a4\u306e\u5883\u754c\u5916\u8aad\u307f\u53d6\u308a\uff08CVE-2026-47729\uff09\u3068cache_digest\u306e\u30d2\u30fc\u30d7\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\uff08CVE-2026-50012\uff09\u306e\u8106\u5f31\u6027\u3092\u4fee\u6b63\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews", "creation_timestamp": "2026-06-17T02:28:38.496165Z"}, {"uuid": "8df243a3-6ed0-49b9-b7da-9a8fd6f1c7ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-47729", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3moltaqqmko2s", "content": "\ud83d\udce2 Squidbleed (CVE-2026-47729) : fuite m\u00e9moire de type Heartbleed dans Squid Proxy depuis 1997\n\ud83d\udcdd ## \ud83d\udd0d Contexte\n\nPubli\u00e9 le 18 juin 2026 par Cal\u2026\nhttps://cyberveille.ch/posts/2026-06-18-squidbleed-cve-2026-47729-fuite-memoire-de-type-heartbleed-dans-squid-proxy-depuis-1997/ #CVE_2026_47729 #Cyberveille", "creation_timestamp": "2026-06-18T22:00:24.580763Z"}, {"uuid": "24357803-7a22-4af2-9571-611c28ea062c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mom6yzwqbv2l", "content": "Re: Squid CVE-2026-47729 and CVE-2026-50012", "creation_timestamp": "2026-06-19T01:30:47.940704Z"}, {"uuid": "97d0141a-6a01-4148-8c30-c21cd56a5bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3momarskqah27", "content": "\ud83d\udd12 Squidbleed (CVE-2026-47729)\n\nA critical vulnerability dubbed Squidbleed (CVE-2026-47729) has been found in Squid Proxy, affecting all versions since 1997 in their default configur...\n\nhttps://tinyurl.com/2bcslopz #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-06-19T02:02:33.273131Z"}, {"uuid": "1f500115-4711-4c9b-a6c4-afb6d775bd16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/r-netsec-bot.bsky.social/post/3mon4zwmzh42o", "content": "Squidbleed (CVE-2026-47729) - Heartbleed-style vulnerability that leaks internal memory from every version of Squid Proxy, in its default configuration", "creation_timestamp": "2026-06-19T10:28:11.353095Z"}, {"uuid": "40f3d94e-dcce-416c-a0d2-0af9abe375ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3mon5obgu5z2s", "content": "Squidbleed (CVE-2026-47729) - Heartbleed-style vulnerability that leaks internal memory from every version of Squid Proxy, in its default configuration", "creation_timestamp": "2026-06-19T10:39:40.087538Z"}, {"uuid": "d194c150-27ec-4868-beeb-856d2326aa94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116776381674232979", "content": "Some increased actor activities are shown targeting squid-cache Squid (CVE-2026-47729) https://vuldb.com/vuln/370669/cti", "creation_timestamp": "2026-06-19T10:49:35.948598Z"}, {"uuid": "346e923e-261c-4f51-8290-8468d334f191", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3moostal2o52d", "content": "Top 3 CVE for last 7 days:\nCVE-2026-50656: 26 interactions\nCVE-2026-54420: 26 interactions\nCVE-2026-20262: 20 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-20253: 6 interactions\nCVE-2026-47729: 5 interactions\nCVE-2026-8713: 4 interactions\n", "creation_timestamp": "2026-06-20T02:30:48.678078Z"}, {"uuid": "203f5d8c-c19e-4a5d-8187-063c1522c6e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mopqnnblgt2z", "content": "Squidbleed (CVE-2026-47729)", "creation_timestamp": "2026-06-20T11:24:36.537820Z"}, {"uuid": "2458a504-f918-44f6-aa9b-c97b98f26124", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mouihvhsbc2y", "content": "Re: Squid CVE-2026-47729 and CVE-2026-50012", "creation_timestamp": "2026-06-22T08:41:28.409392Z"}, {"uuid": "2d54e48d-c273-4e38-b02c-8f4f7a3956fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mov5gjbcjm2v", "content": "Squidbleed (CVE-2026-47729) lets a permitted proxy user leak another user\u2019s cleartext HTTP request data via an FTP parser over-read.\n", "creation_timestamp": "2026-06-22T14:56:30.847702Z"}, {"uuid": "8a6b2dd6-8a72-4986-a2d4-cd78f3842848", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/argusflow.bsky.social/post/3mov5qycgcc2u", "content": "A critical flaw from 1997, 'Squidbleed' (CVE-2026-47729), has been found in Squid Proxy. It can leak user credentials and session tokens on shared networks. #Squidbleed #CyberSecurity #Pro...\n\nhttps://verisizintisi.com/en/blog/2026-06-22-decades-old-squid-proxy-flaw-squidbleed-exposes-user-data", "creation_timestamp": "2026-06-22T15:02:22.170234Z"}, {"uuid": "f2a78e06-060f-4949-9b56-19c43b1465ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3movf6xxgna26", "content": "Squidbleed (CVE-2026-47729) in Squid can leak other users' cleartext HTTP requests, including credentials or tokens, through a long-standing FTP parser bug. Fix with a parser guard or disable FTP. #Squid #Squidbleed #CVE202647729", "creation_timestamp": "2026-06-22T17:15:27.917833Z"}, {"uuid": "7e98bde4-7ba0-4a82-b3b6-5efa8f0683a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3movfzqjqjr2x", "content": "Squidbleed, a Squid Proxy memory leak tracked as CVE-2026-47729, has existed since 1997 and can expose uncleared HTTP data, including credentials and session tokens, in shared proxy setups. #SquidProxy #Squidbleed #CVE202647729", "creation_timestamp": "2026-06-22T17:30:26.119100Z"}, {"uuid": "f60ef421-6fd8-40b8-ab04-856bece67ee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-47729", "type": "seen", "source": "https://bsky.app/profile/etairos-ai.bsky.social/post/3movlaf3lt32m", "content": "Squidbleed (CVE-2026-47729): a 1997 Squid proxy bug still leaks other users' cleartext HTTP requests via heap over-read. Proxies front many ICS networks. Patch now. #ThreatIntel #ICS\nhttps://threat-intelligence.redeyesecurity.com/blog/squidbleed-squid-proxy-heap-overread-cve-2026-47729-2026", "creation_timestamp": "2026-06-22T19:03:38.605724Z"}, {"uuid": "9eebd71a-0904-479b-ad82-9246ca806cd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mowu7czs222r", "content": "\ud83e\uddf5Un bug introdu\u00eft al codi de Squid el 1997 s'ha descobert el 2026, i, un cop m\u00e9s, l'ha ca\u00e7at una IA. Permet que un usuari d'una xarxa compartida llegeixi la petici\u00f3 HTTP d'un altre, credencials i tokens de sessi\u00f3 inclosos. Es diu Squidbleed (CVE-2026-47729).", "creation_timestamp": "2026-06-23T07:16:47.508011Z"}, {"uuid": "7da4543e-1b95-4591-ba55-e95b607f390a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mowu7d2aos2r", "content": "\ud83e\uddf5Un bug introdu\u00eft al codi de Squid el 1997 s'ha descobert el 2026, i, un cop m\u00e9s, l'ha ca\u00e7at una IA. Permet que un usuari d'una xarxa compartida llegeixi la petici\u00f3 HTTP d'un altre, credencials i tokens de sessi\u00f3 inclosos. Es diu Squidbleed (CVE-2026-47729).", "creation_timestamp": "2026-06-23T07:16:48.046529Z"}, {"uuid": "ffedf082-2882-47d1-91eb-84a2b2b8b2bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mowu7d2cnc2r", "content": "\ud83e\uddf5Un bug introdu\u00eft al codi de Squid el 1997 s'ha descobert el 2026, i, un cop m\u00e9s, l'ha ca\u00e7at una IA. Permet que un usuari d'una xarxa compartida llegeixi la petici\u00f3 HTTP d'un altre, credencials i tokens de sessi\u00f3 inclosos. Es diu Squidbleed (CVE-2026-47729).", "creation_timestamp": "2026-06-23T07:16:48.608987Z"}, {"uuid": "5e1fe67e-4a86-45cc-a19b-c4413ff362ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mowu7d2dmk2r", "content": "\ud83e\uddf5Un bug introdu\u00eft al codi de Squid el 1997 s'ha descobert el 2026, i, un cop m\u00e9s, l'ha ca\u00e7at una IA. Permet que un usuari d'una xarxa compartida llegeixi la petici\u00f3 HTTP d'un altre, credencials i tokens de sessi\u00f3 inclosos. Es diu Squidbleed (CVE-2026-47729).", "creation_timestamp": "2026-06-23T07:16:49.170199Z"}, {"uuid": "334ee505-264a-41b9-b00f-43befe0aedc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mowu7d2gkc2r", "content": "\ud83e\uddf5Un bug introdu\u00eft al codi de Squid el 1997 s'ha descobert el 2026, i, un cop m\u00e9s, l'ha ca\u00e7at una IA. Permet que un usuari d'una xarxa compartida llegeixi la petici\u00f3 HTTP d'un altre, credencials i tokens de sessi\u00f3 inclosos. Es diu Squidbleed (CVE-2026-47729).", "creation_timestamp": "2026-06-23T07:16:49.670886Z"}, {"uuid": "dd1ad409-fe45-4cf8-9f99-fa69d3b0092e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mowwtk74ps2u", "content": "A heap over-read vulnerability in the Squid web proxy, named Squidbleed (CVE-2026-47729), can leak cleartext HTTP requests, including credentials, to other users on the same proxy. Disclosed by Calif.io in June, the bug stems from a 1997 FTP-parsing change.", "creation_timestamp": "2026-06-23T08:03:51.769874Z"}, {"uuid": "0b628084-18ff-47ca-86d0-09b80b6c4075", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/mm-ilsoftware-bot.bsky.social/post/3mox5edkuk22m", "content": "Squidbleed: falla di sicurezza rimasta nascosta in Squid Proxy per quasi 30 anni\nCVE-2026-47729, nota come Squidbleed, interessa Squid Proxy da quasi 29 anni:...\nhttps://www.ilsoftware.it/squidbleed-falla-sicurezza-nascosta-in-squid-proxy-per-29-anni/", "creation_timestamp": "2026-06-23T10:00:36.881392Z"}, {"uuid": "189f5f52-c3ff-44ff-ac5c-910c7a3a8282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3moxdr42ned2t", "content": "\ud83d\udd17 CVE : CVE-2026-47729, CVE-2026-50012", "creation_timestamp": "2026-06-23T11:55:07.769277Z"}, {"uuid": "60d88c5c-026f-4586-9e06-3cf1fde2b625", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://gist.github.com/muhamedfazalps/df83f4ac0958456ee903e56fa62cf93e", "content": "# \u26a0\ufe0f SECURITY ALERT: CVE-2026-47729 \u2014 Squidbleed (Heartbleed-style Memory Leak)\n\n## TL;DR\nIf your project uses Squid Proxy, update to the latest version immediately.\nEvery Squid version is affected by this Heartbleed-style memory leak that\ncan extract session tokens and passwords from memory.\n\n## What is Squidbleed?\n- **CVE ID:** CVE-2026-47729\n- **Type:** Heartbleed-style memory leak in Squid Proxy\n- **Impact:** Session tokens, passwords, and sensitive data can be extracted from memory\n- **Affected:** Every Squid version\n- **Disclosed:** June 19, 2026\n\n## How to Check If You're Affected\n1. Check your Squid version: `squid -v`\n2. If you're running ANY version of Squid, you're affected\n3. Check Docker images: `docker exec  squid -v`\n\n## What to Do\n1. **Update Squid** to the latest version immediately\n2. **Rotate credentials** that may have been exposed through the leak\n3. **Review logs** for suspicious access patterns\n4. **Consider alternatives** if Squid update is not immediately available\n\n## Affected Docker Images\n- `yegor256/squid-proxy` (96\u2605)\n- `zeebote/webmin-on-container` (8\u2605)\n- `babim/docker-squid` (6\u2605)\n- `chrootlogin/docker-squid` (6\u2605)\n- `ymmt2005/squid-container` (6\u2605)\n- `alexellis/squid-docker` (4\u2605)\n- Any Docker image running Squid Proxy\n\n## References\n- Issue: https://github.com/uyuni-project/uyuni/issues/12148\n- CVE: CVE-2026-47729\n\n---\n*If this alert helped you: https://buymeacoffee.com/muhamedfazalps*\n", "creation_timestamp": "2026-06-23T13:29:05.000000Z"}, {"uuid": "1d72b88e-ecd0-4f18-aa51-494bf18543d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/it-connect.bsky.social/post/3moxjwjy6gw2c", "content": "Squidbleed (CVE-2026-47729) : un bug d'une ligne planqu\u00e9 depuis 1997 dans le proxy Squid.\n\nRep\u00e9r\u00e9 par une IA \ud83d\udc47\nwww.it-connect.fr/squidbleed-f...\n\n#cybersecurite", "creation_timestamp": "2026-06-23T13:45:33.095378Z"}, {"uuid": "f5577376-6f95-4fab-9d03-abdec54c2349", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3moxnj6h6pk2l", "content": "5/ \ud83e\udd91 Squidbleed (CVE-2026-47729): 29-year-old flaw in Squid proxy leaks another user's cleartext HTTP traffic \u2014 including credentials and session tokens. Still live in default configs. Check your proxy version now. (SecurityWeek/Cybernews)", "creation_timestamp": "2026-06-23T14:49:39.853824Z"}, {"uuid": "09ce18ce-5d95-41c9-a032-9c949c0b83b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3moxnj6hii22l", "content": "5/ \ud83e\udd91 Squidbleed (CVE-2026-47729): 29-year-old flaw in Squid proxy leaks another user's cleartext HTTP traffic \u2014 including credentials and session tokens. Still live in default configs. Check your proxy version now. (SecurityWeek/Cybernews)", "creation_timestamp": "2026-06-23T14:49:40.717948Z"}, {"uuid": "419949e9-1923-4e7d-b213-ccb4c093422b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3moxnj6hkgk2l", "content": "5/ \ud83e\udd91 Squidbleed (CVE-2026-47729): 29-year-old flaw in Squid proxy leaks another user's cleartext HTTP traffic \u2014 including credentials and session tokens. Still live in default configs. Check your proxy version now. (SecurityWeek/Cybernews)", "creation_timestamp": "2026-06-23T14:49:41.543596Z"}, {"uuid": "3fd67f38-4c59-4336-854d-3f942ce221ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3moxnj6hlfs2l", "content": "5/ \ud83e\udd91 Squidbleed (CVE-2026-47729): 29-year-old flaw in Squid proxy leaks another user's cleartext HTTP traffic \u2014 including credentials and session tokens. Still live in default configs. Check your proxy version now. (SecurityWeek/Cybernews)", "creation_timestamp": "2026-06-23T14:49:42.454569Z"}, {"uuid": "c7e04eac-dc6b-4c93-a201-21d38e5c0877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3moxnj6hlft2l", "content": "5/ \ud83e\udd91 Squidbleed (CVE-2026-47729): 29-year-old flaw in Squid proxy leaks another user's cleartext HTTP traffic \u2014 including credentials and session tokens. Still live in default configs. Check your proxy version now. (SecurityWeek/Cybernews)", "creation_timestamp": "2026-06-23T14:49:43.267729Z"}, {"uuid": "959a0713-1600-4c4d-9163-5afcb7613d7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3moxnj6hmf32l", "content": "5/ \ud83e\udd91 Squidbleed (CVE-2026-47729): 29-year-old flaw in Squid proxy leaks another user's cleartext HTTP traffic \u2014 including credentials and session tokens. Still live in default configs. Check your proxy version now. (SecurityWeek/Cybernews)", "creation_timestamp": "2026-06-23T14:49:44.108832Z"}, {"uuid": "25f4c614-dd5b-4240-84e3-436f497239e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3moxnj6hned2l", "content": "5/ \ud83e\udd91 Squidbleed (CVE-2026-47729): 29-year-old flaw in Squid proxy leaks another user's cleartext HTTP traffic \u2014 including credentials and session tokens. Still live in default configs. Check your proxy version now. (SecurityWeek/Cybernews)", "creation_timestamp": "2026-06-23T14:49:44.955931Z"}, {"uuid": "87bf408c-2d1b-4b25-8a6e-e5131055d0bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3moxnj6hnee2l", "content": "5/ \ud83e\udd91 Squidbleed (CVE-2026-47729): 29-year-old flaw in Squid proxy leaks another user's cleartext HTTP traffic \u2014 including credentials and session tokens. Still live in default configs. Check your proxy version now. (SecurityWeek/Cybernews)", "creation_timestamp": "2026-06-23T14:49:45.795490Z"}, {"uuid": "12cb28b3-0ed7-4896-a6f8-a4ef0446c044", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3moxnj6hnef2l", "content": "5/ \ud83e\udd91 Squidbleed (CVE-2026-47729): 29-year-old flaw in Squid proxy leaks another user's cleartext HTTP traffic \u2014 including credentials and session tokens. Still live in default configs. Check your proxy version now. (SecurityWeek/Cybernews)", "creation_timestamp": "2026-06-23T14:49:46.612684Z"}, {"uuid": "f4776525-d8ee-4564-8b12-12fdfa3a09fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116801246652270712", "content": "A decades-old memory leak vulnerability in Squid Proxy, dubbed Squidbleed (CVE-2026-47729), allows attackers to capture sensitive cleartext HTTP data from shared network environments. Security researchers identified this flaw using AI, and users can secure their systems by applying the official patch or disabling FTP support.https://www.securityweek.com/decades-old-squid-proxy-flaw-squidbleed-can-expose-user-data/", "creation_timestamp": "2026-06-23T20:13:08.248594Z"}, {"uuid": "898795ad-b0b8-4d7d-a147-ed7bad03ef35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/e-kiledjian.bsky.social/post/3moy7m74gbk2k", "content": "A decades-old memory leak vulnerability in Squid Proxy, dubbed Squidbleed (CVE-2026-47729), allows attackers to capture sensitive cleartext HTTP data from shared network environments.\n\nwww.securityweek.com/decades-old-...", "creation_timestamp": "2026-06-23T20:13:29.317383Z"}, {"uuid": "f3c94d5a-37ba-4a98-b4da-d9041171f57d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://threatintel.cc/2026/06/23/decadesold-squid-proxy-flaw-squidbleed.html", "content": "Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data - SecurityWeek\n\nA decades-old memory leak vulnerability in Squid Proxy, dubbed Squidbleed (CVE-2026-47729), allows attackers to capture sensitive cleartext HTTP data from shared network environments. Security researchers identified this flaw using AI, and users can secure their systems by applying the official patch or disabling FTP support.", "creation_timestamp": "2026-06-23T18:13:11.000000Z"}, {"uuid": "6cbd37f5-6197-4a4a-adc7-edf6b0580adb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/feed.igeek.gamer-geek-news.com.ap.brid.gy/post/3moyjg4ycv4n2", "content": "\ud83d\udcf0 **29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests**\n\nA 29-year-old bug in the Squid web proxy, dubbed Squidbleed and tracked as CVE-2026-47729, can let an authorized proxy user retrieve fragments of another user's cleartext HTTP requests, including c...\n\n\ud83d\udcf0 Source [\u2026]", "creation_timestamp": "2026-06-23T23:10:25.964515Z"}, {"uuid": "ed0aa3ff-8075-4172-a540-d351224af640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3moyp65qcz227", "content": "Squidbleed: 29-Year-Old Squid Bug Leaks User Credentials\n\nSquidbleed is a 29-year-old Squid Proxy flaw that can leak credentials, tokens, and other users\u2019 HTTP data through a memory overread. Researchers at Calif.io have disclosed CVE-2026-47729, a memory leak vulnerability in Squ\u2026\n#hackernews #news", "creation_timestamp": "2026-06-24T00:51:56.819475Z"}, {"uuid": "79db8069-1426-45ab-a385-b0f7f3477cf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mozebhypd22b", "content": "If your network routes web traffic through a Squid proxy, credentials may be leaking. A new flaw, Squidbleed (CVE-2026-47729), lets attackers read other users' cleartext HTTP requests, including auth headers and session tokens. The bug sat in Squid's default code since 1997. A patch is out.", "creation_timestamp": "2026-06-24T07:09:37.388711Z"}, {"uuid": "6da0e740-241a-4491-a33a-87a1c75c6aa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116804930613951549", "content": "Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel AttacksSource URL: https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/Researchers disclosed a high-severity use-after-free (UAF) race condition flaw (CVE-2026-20971, CVSS 7.8) affecting Samsung Galaxy S9 through S25 devices. The bug resides in the interaction between the kernel's process authenticator (PROCA) and its integrity subsystem (FIVE), leaving a tiny preemption window open during child process spawning that attackers can exploit to compromise the kernel.Mythos Discovers 'Squidbleed,' a Memory Leak That's Gone Undetected Since Clinton EraSource URL: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/A 29-year-old vulnerability dubbed \"Squidbleed\" (CVE-2026-47729) was discovered in the popular open-source caching proxy server Squid using Anthropic's Claude Mythos Preview AI. The flaw silently leaks users' plaintext HTTP requests, credentials, and session tokens, posing significant data exposure risks across enterprise networks and older legacy environments. It was resolved in version 7.6.FortiBleed-kyberhy\u00f6kk\u00e4yskampanjan vaikutukset n\u00e4kyv\u00e4t my\u00f6s SuomessaSource URL: https://www.kyberturvallisuuskeskus.fi/fi/uutiset/fortibleed-kyberhyokkayskampanjan-vaikutukset-nakyvat-myos-suomessaThe global FortiBleed cyberattack campaign heavily impacts Fortinet FortiGate firewalls and SSL-VPN appliances using previously leaked or stolen credentials. The Finnish National Cyber Security Centre (Kyberturvallisuuskeskus) has begun mapping targeted organizations across Finland and releasing remediation guidelines to counter ongoing unauthorized access attempts.CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.Source URL: https://isc.sans.edu/diary/rss/33094Despite a 2024 patch for an improper access control flaw (CVE-2024-40766, CVSS 9.3) impacting SonicWall Gen 5, 6, and 7 firewalls, ransomware operators continue to successfully compromise networks due to unmanaged configurations. The vulnerability targets the management interface and SSLVPN services, allowing threat actors to drop entire networks or gain complete device control.New macOS ClickFix Attack Silently Mounts DMGs to Push InfostealerSource URL: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/A novel macOS ClickFix social engineering campaign tricks users into running malicious Terminal commands via fake CAPTCHA verification prompts. Upon execution, the script uses the native hdiutil utility to silently download, mount, and execute a disk image (DMG) bundle containing the Atomic macOS Stealer (AMOS), harvesting browser credentials, system Keychains, and crypto wallet data.'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer WorkflowsSource URL: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflowsDubbed \"Cordyceps,\" a newly identified architectural weakness within automated CI/CD pipelines allows malicious pull requests to compromise software supply chains. By exploiting overly permissive access controls in automated pre-merge testing workflows, attackers can execute command injection to hijack highly privileged signing keys and access tokens.The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data ExfiltrationSource URL: https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/Palo Alto Networks Unit 42 uncovered a structural flaw across AWS, Google Cloud, and Microsoft Azure involving global namespace collision. Attackers can silently hijack an organization's active cloud data streams by anticipating, deleting, and immediately recreating targeted storage buckets under their own control, leaving minimal detection signatures during data exfiltration.LastPass Confirms Data Breach in Klue Supply Chain AttackSource URL: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/LastPass suffered a security breach impacting its corporate Salesforce environment after threat actors stole OAuth tokens from Klue, a third-party market intelligence platform. While customer password vaults and internal core infrastructure remain fully isolated and untouched, the attackers successfully extracted internal corporate CRM data, customer names, and support log information.Tata Electronics Confirms Cyberattack After Alleged Apple, Tesla Documents Appear OnlineSource URL: https://therecord.media/tata-electronics-confirms-cyberattackIndian manufacturing giant Tata Electronics confirmed a recent network breach following claims by extortion group \"World Leaks,\" who published stolen documents allegedly detailing proprietary client data from Apple and Tesla. Tata maintains that the incident was isolated, successfully contained, and has caused zero operational downtime.Payouts King Ransomware Initial Access Broker Deploys New Edgecution MalwareSource URL: https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecutionZscaler ThreatLabz isolated a stealthy delivery mechanism dubbed \"Edgecution,\" deployed by initial access brokers linked to the Payouts King ransomware family. The attack abuses a malicious Microsoft Edge browser extension that manipulates the Chrome native messaging protocol to bypass browser sandboxing entirely, triggering arbitrary local file system modification and execution.AI Models Capable of Launching Major Cyberattacks Months Away, Five Eyes Alliance WarnsSource URL: https://www.cybersecuritydive.com/news/ai-cyberattacks-five-eyes-frontier-models-warning/An international intelligence coalition comprising the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint advisory warning that advanced frontier AI models are rapidly collapsing offensive cyber timelines. The group cautioned corporate boards and infrastructure operators that AI-driven exploitation capabilities will outpace standard enterprise defenses in a matter of months rather than years, vastly lowering technical barriers for automated network intrusions.14 Million Email Accounts Exposed in Cyberattack on Japanese Telecom Giant KDDISource URL: https://www.nippon.com/en/news/yjj2026062301023/Japanese telecommunications provider KDDI Corp. disclosed a massive data breach targeting its email infrastructure utilized by several domestic internet service providers. The cyberattack, which exploited zero-day vulnerabilities in a third-party software component embedded in the email system, has potentially exposed up to 14.22 million user email addresses and encrypted passwords across major partner networks including JCOM, Biglobe, and Nifty.Active Exploitation of Cisco Unified Communications Manager Flaw Triggers Root-Level RiskSource URL: https://thehackernews.com/2026/06/23/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release/Threat intelligence teams detected active, in-the-wild exploitation of a critical server-side request forgery (SSRF) flaw in Cisco's Unified Communications Manager and Session Management Edition. Tracked as CVE-2026-20230 (CVSS 8.6), the bug allows unauthenticated, remote attackers to send crafted HTTP requests to the WebDialer service, enabling them to write arbitrary files directly to the underlying operating system and escalate privileges to root.", "creation_timestamp": "2026-06-24T11:49:58.294754Z"}, {"uuid": "b4073377-fad5-4e6a-9526-df1102dbfa61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://threatintel.cc/2026/06/24/morning-cyber-summary.html", "content": "Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks\n\nSource URL: https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/\nResearchers disclosed a high-severity use-after-free (UAF) race condition flaw (CVE-2026-20971, CVSS 7.8) affecting Samsung Galaxy S9 through S25 devices. The bug resides in the interaction between the kernel’s process authenticator (PROCA) and its integrity subsystem (FIVE), leaving a tiny preemption window open during child process spawning that attackers can exploit to compromise the kernel.\n\nMythos Discovers ‘Squidbleed,’ a Memory Leak That’s Gone Undetected Since Clinton Era\n\nSource URL: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/\nA 29-year-old vulnerability dubbed “Squidbleed” (CVE-2026-47729) was discovered in the popular open-source caching proxy server Squid using Anthropic’s Claude Mythos Preview AI. The flaw silently leaks users' plaintext HTTP requests, credentials, and session tokens, posing significant data exposure risks across enterprise networks and older legacy environments. It was resolved in version 7.6.\n\nFortiBleed-kyberhy\u00f6kk\u00e4yskampanjan vaikutukset n\u00e4kyv\u00e4t my\u00f6s Suomessa\n\nSource URL: https://www.kyberturvallisuuskeskus.fi/fi/uutiset/fortibleed-kyberhyokkayskampanjan-vaikutukset-nakyvat-myos-suomessa\nThe global FortiBleed cyberattack campaign heavily impacts Fortinet FortiGate firewalls and SSL-VPN appliances using previously leaked or stolen credentials. The Finnish National Cyber Security Centre (Kyberturvallisuuskeskus) has begun mapping targeted organizations across Finland and releasing remediation guidelines to counter ongoing unauthorized access attempts.\n\nCVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.\n\nSource URL: https://isc.sans.edu/diary/rss/33094\nDespite a 2024 patch for an improper access control flaw (CVE-2024-40766, CVSS 9.3) impacting SonicWall Gen 5, 6, and 7 firewalls, ransomware operators continue to successfully compromise networks due to unmanaged configurations. The vulnerability targets the management interface and SSLVPN services, allowing threat actors to drop entire networks or gain complete device control.\n\nNew macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer\n\nSource URL: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/\nA novel macOS ClickFix social engineering campaign tricks users into running malicious Terminal commands via fake CAPTCHA verification prompts. Upon execution, the script uses the native hdiutil utility to silently download, mount, and execute a disk image (DMG) bundle containing the Atomic macOS Stealer (AMOS), harvesting browser credentials, system Keychains, and crypto wallet data.\n\n‘Cordyceps’: Mushrooming Malicious Pull Requests Threaten Developer Workflows\n\nSource URL: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows\nDubbed “Cordyceps,” a newly identified architectural weakness within automated CI/CD pipelines allows malicious pull requests to compromise software supply chains. By exploiting overly permissive access controls in automated pre-merge testing workflows, attackers can execute command injection to hijack highly privileged signing keys and access tokens.\n\nThe Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration\n\nSource URL: https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/\nPalo Alto Networks Unit 42 uncovered a structural flaw across AWS, Google Cloud, and Microsoft Azure involving global namespace collision. Attackers can silently hijack an organization’s active cloud data streams by anticipating, deleting, and immediately recreating targeted storage buckets under their own control, leaving minimal detection signatures during data exfiltration.\n\nLastPass Confirms Data Breach in Klue Supply Chain Attack\n\nSource URL: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/\nLastPass suffered a security breach impacting its corporate Salesforce environment after threat actors stole OAuth tokens from Klue, a third-party market intelligence platform. While customer password vaults and internal core infrastructure remain fully isolated and untouched, the attackers successfully extracted internal corporate CRM data, customer names, and support log information.\n\nTata Electronics Confirms Cyberattack After Alleged Apple, Tesla Documents Appear Online\n\nSource URL: https://therecord.media/tata-electronics-confirms-cyberattack\nIndian manufacturing giant Tata Electronics confirmed a recent network breach following claims by extortion group “World Leaks,” who published stolen documents allegedly detailing proprietary client data from Apple and Tesla. Tata maintains that the incident was isolated, successfully contained, and has caused zero operational downtime.\n\nPayouts King Ransomware Initial Access Broker Deploys New Edgecution Malware\n\nSource URL: https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution\nZscaler ThreatLabz isolated a stealthy delivery mechanism dubbed “Edgecution,” deployed by initial access brokers linked to the Payouts King ransomware family. The attack abuses a malicious Microsoft Edge browser extension that manipulates the Chrome native messaging protocol to bypass browser sandboxing entirely, triggering arbitrary local file system modification and execution.\n\nAI Models Capable of Launching Major Cyberattacks Months Away, Five Eyes Alliance Warns\n\nSource URL: https://www.cybersecuritydive.com/news/ai-cyberattacks-five-eyes-frontier-models-warning/\nAn international intelligence coalition comprising the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint advisory warning that advanced frontier AI models are rapidly collapsing offensive cyber timelines. The group cautioned corporate boards and infrastructure operators that AI-driven exploitation capabilities will outpace standard enterprise defenses in a matter of months rather than years, vastly lowering technical barriers for automated network intrusions.\n\n14 Million Email Accounts Exposed in Cyberattack on Japanese Telecom Giant KDDI\n\nSource URL: https://www.nippon.com/en/news/yjj2026062301023/\nJapanese telecommunications provider KDDI Corp. disclosed a massive data breach targeting its email infrastructure utilized by several domestic internet service providers. The cyberattack, which exploited zero-day vulnerabilities in a third-party software component embedded in the email system, has potentially exposed up to 14.22 million user email addresses and encrypted passwords across major partner networks including JCOM, Biglobe, and Nifty.\n\nActive Exploitation of Cisco Unified Communications Manager Flaw Triggers Root-Level Risk\n\nSource URL: https://thehackernews.com/2026/06/23/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release/\nThreat intelligence teams detected active, in-the-wild exploitation of a critical server-side request forgery (SSRF) flaw in Cisco’s Unified Communications Manager and Session Management Edition. Tracked as CVE-2026-20230 (CVSS 8.6), the bug allows unauthenticated, remote attackers to send crafted HTTP requests to the WebDialer service, enabling them to write arbitrary files directly to the underlying operating system and escalate privileges to root.", "creation_timestamp": "2026-06-24T09:50:42.000000Z"}, {"uuid": "5bd27951-3642-4611-8b1c-1690c79e4dcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/modat-io.bsky.social/post/3mp22t4l6222l", "content": "\u26a0\ufe0f Squidbleed (CVE-2026-47729, CVSS 6.5): a flaw in Squid's FTP parser that can leak another user's cleartext HTTP request, including credentials, to someone already using the same proxy. Upgrade and verify the patch, or disable FTP. Query: technology=\"Squid Proxy\"", "creation_timestamp": "2026-06-24T13:53:18.234130Z"}, {"uuid": "96a6de23-b226-4d2c-b95e-11359b1415ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://threatintel.cc/2026/06/23/decadesold-squid-proxy-flaw-squidbleed.html", "content": "Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data - SecurityWeek\n\nA decades-old memory leak vulnerability in Squid Proxy, dubbed Squidbleed (CVE-2026-47729), allows attackers to capture sensitive cleartext HTTP data from shared network environments. Security researchers identified this flaw using AI, and users can secure their systems by applying the official patch or disabling FTP support.", "creation_timestamp": "2026-06-24T16:00:54.554965Z"}, {"uuid": "e2be4760-a141-4153-8acc-3b025a99ce8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mp2gmdwfrf2b", "content": "Re: Squid CVE-2026-47729 and CVE-2026-50012", "creation_timestamp": "2026-06-24T17:24:08.635664Z"}, {"uuid": "46ef2073-c099-483b-ae16-7e6242058093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mp2kns75ze2g", "content": "Squidbleed (CVE-2026-47729) #appsec", "creation_timestamp": "2026-06-24T18:36:32.362275Z"}, {"uuid": "cd121df1-ee34-40a1-b927-8618cfca3811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mp2kzpe7xx2t", "content": "Re: Squid CVE-2026-47729 and CVE-2026-50012", "creation_timestamp": "2026-06-24T18:43:11.836279Z"}, {"uuid": "a19f82c3-8461-497b-adb8-7eb35e379c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://threatintel.cc/2026/06/24/morning-cyber-summary.html", "content": "Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks\n\nSource URL: https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/\nResearchers disclosed a high-severity use-after-free (UAF) race condition flaw (CVE-2026-20971, CVSS 7.8) affecting Samsung Galaxy S9 through S25 devices. The bug resides in the interaction between the kernel’s process authenticator (PROCA) and its integrity subsystem (FIVE), leaving a tiny preemption window open during child process spawning that attackers can exploit to compromise the kernel.\n\nMythos Discovers ‘Squidbleed,’ a Memory Leak That’s Gone Undetected Since Clinton Era\n\nSource URL: https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/\nA 29-year-old vulnerability dubbed “Squidbleed” (CVE-2026-47729) was discovered in the popular open-source caching proxy server Squid using Anthropic’s Claude Mythos Preview AI. The flaw silently leaks users' plaintext HTTP requests, credentials, and session tokens, posing significant data exposure risks across enterprise networks and older legacy environments. It was resolved in version 7.6.\n\nFortiBleed-kyberhy\u00f6kk\u00e4yskampanjan vaikutukset n\u00e4kyv\u00e4t my\u00f6s Suomessa\n\nSource URL: https://www.kyberturvallisuuskeskus.fi/fi/uutiset/fortibleed-kyberhyokkayskampanjan-vaikutukset-nakyvat-myos-suomessa\nThe global FortiBleed cyberattack campaign heavily impacts Fortinet FortiGate firewalls and SSL-VPN appliances using previously leaked or stolen credentials. The Finnish National Cyber Security Centre (Kyberturvallisuuskeskus) has begun mapping targeted organizations across Finland and releasing remediation guidelines to counter ongoing unauthorized access attempts.\n\nCVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.\n\nSource URL: https://isc.sans.edu/diary/rss/33094\nDespite a 2024 patch for an improper access control flaw (CVE-2024-40766, CVSS 9.3) impacting SonicWall Gen 5, 6, and 7 firewalls, ransomware operators continue to successfully compromise networks due to unmanaged configurations. The vulnerability targets the management interface and SSLVPN services, allowing threat actors to drop entire networks or gain complete device control.\n\nNew macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer\n\nSource URL: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/\nA novel macOS ClickFix social engineering campaign tricks users into running malicious Terminal commands via fake CAPTCHA verification prompts. Upon execution, the script uses the native hdiutil utility to silently download, mount, and execute a disk image (DMG) bundle containing the Atomic macOS Stealer (AMOS), harvesting browser credentials, system Keychains, and crypto wallet data.\n\n‘Cordyceps’: Mushrooming Malicious Pull Requests Threaten Developer Workflows\n\nSource URL: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows\nDubbed “Cordyceps,” a newly identified architectural weakness within automated CI/CD pipelines allows malicious pull requests to compromise software supply chains. By exploiting overly permissive access controls in automated pre-merge testing workflows, attackers can execute command injection to hijack highly privileged signing keys and access tokens.\n\nThe Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration\n\nSource URL: https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/\nPalo Alto Networks Unit 42 uncovered a structural flaw across AWS, Google Cloud, and Microsoft Azure involving global namespace collision. Attackers can silently hijack an organization’s active cloud data streams by anticipating, deleting, and immediately recreating targeted storage buckets under their own control, leaving minimal detection signatures during data exfiltration.\n\nLastPass Confirms Data Breach in Klue Supply Chain Attack\n\nSource URL: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/\nLastPass suffered a security breach impacting its corporate Salesforce environment after threat actors stole OAuth tokens from Klue, a third-party market intelligence platform. While customer password vaults and internal core infrastructure remain fully isolated and untouched, the attackers successfully extracted internal corporate CRM data, customer names, and support log information.\n\nTata Electronics Confirms Cyberattack After Alleged Apple, Tesla Documents Appear Online\n\nSource URL: https://therecord.media/tata-electronics-confirms-cyberattack\nIndian manufacturing giant Tata Electronics confirmed a recent network breach following claims by extortion group “World Leaks,” who published stolen documents allegedly detailing proprietary client data from Apple and Tesla. Tata maintains that the incident was isolated, successfully contained, and has caused zero operational downtime.\n\nPayouts King Ransomware Initial Access Broker Deploys New Edgecution Malware\n\nSource URL: https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution\nZscaler ThreatLabz isolated a stealthy delivery mechanism dubbed “Edgecution,” deployed by initial access brokers linked to the Payouts King ransomware family. The attack abuses a malicious Microsoft Edge browser extension that manipulates the Chrome native messaging protocol to bypass browser sandboxing entirely, triggering arbitrary local file system modification and execution.\n\nAI Models Capable of Launching Major Cyberattacks Months Away, Five Eyes Alliance Warns\n\nSource URL: https://www.cybersecuritydive.com/news/ai-cyberattacks-five-eyes-frontier-models-warning/\nAn international intelligence coalition comprising the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint advisory warning that advanced frontier AI models are rapidly collapsing offensive cyber timelines. The group cautioned corporate boards and infrastructure operators that AI-driven exploitation capabilities will outpace standard enterprise defenses in a matter of months rather than years, vastly lowering technical barriers for automated network intrusions.\n\n14 Million Email Accounts Exposed in Cyberattack on Japanese Telecom Giant KDDI\n\nSource URL: https://www.nippon.com/en/news/yjj2026062301023/\nJapanese telecommunications provider KDDI Corp. disclosed a massive data breach targeting its email infrastructure utilized by several domestic internet service providers. The cyberattack, which exploited zero-day vulnerabilities in a third-party software component embedded in the email system, has potentially exposed up to 14.22 million user email addresses and encrypted passwords across major partner networks including JCOM, Biglobe, and Nifty.\n\nActive Exploitation of Cisco Unified Communications Manager Flaw Triggers Root-Level Risk\n\nSource URL: https://thehackernews.com/2026/06/23/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release/\nThreat intelligence teams detected active, in-the-wild exploitation of a critical server-side request forgery (SSRF) flaw in Cisco’s Unified Communications Manager and Session Management Edition. Tracked as CVE-2026-20230 (CVSS 8.6), the bug allows unauthenticated, remote attackers to send crafted HTTP requests to the WebDialer service, enabling them to write arbitrary files directly to the underlying operating system and escalate privileges to root.", "creation_timestamp": "2026-06-25T01:00:41.027623Z"}, {"uuid": "d7579f14-4a73-4e2b-ac19-bee92a7e4a2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47729", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mp3f5lq7nf2t", "content": "Top 3 CVE for last 7 days:\nCVE-2026-55200: 44 interactions\nCVE-2026-47729: 18 interactions\nCVE-2026-50656: 17 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-55200: 35 interactions\nCVE-2026-20230: 8 interactions\nCVE-2026-20245: 7 interactions\n", "creation_timestamp": "2026-06-25T02:30:39.376264Z"}]}