Oh no! „Squidbleed“ found by Mythos! When using http:// urls via a squid proxy, an attacker might see the data!😱

Maybe we should all be using https: on the internet or expect our traffic to be public. Wait…we already do that since Lets Encrypt started a decade ago!

This vulnerability could have been a bug report.💁🏻‍♂️

https://www.theregister.com/security/2026/06/23/mythos-discovers-squidbleed-a-memory-leak-thats-gone-undetected-since-clinton-era/5260367

Mythos discovers 'Squidbleed,' a memory leak that's gone undetected since Clinton era

Plus more blasts from the past: NetWare, FTP, and HTTP

theregister
@icing this is such a ridiculously niche configuration lol. still, I'm gonna try and exploit our Sooper Dooper Enterprise Web Filtering Vendor at work tomorrow, who just so happen to have based their product on a 10 year old version of squid (and the hostname of the squid instance is 'TEST' so you know it's extra good)