Claude Mythos Catches 29 Year Old Bug That Can Leak Passwords



A newly discovered security vulnerability in the Squid web proxy, named “Squidbleed” (CVE-2026-47729), has raised concerns after reportedly remaining undetected for nearly 30 years.

The flaw affects Squid’s FTP feature and could allow an attacker with access to the same proxy environment to extract fragments of another user’s previous web traffic. This may include sensitive data such as login sessions, passwords, authentication tokens, and API keys depending on how the traffic is handled.

Squid is widely used in organizations such as schools, offices, and institutions to manage and filter internet traffic, making the risk more relevant in shared network environments.

Security experts note that the vulnerability cannot be exploited remotely by random attackers, but requires existing access to the same proxy system along with a specially configured FTP server.

Encrypted HTTPS traffic is generally protected, but unencrypted or decrypted traffic passing through proxy inspection could still be exposed under certain configurations.

The issue has been rated moderate severity, but researchers emphasize that data leakage can occur without user interaction.

Administrators are advised to ensure their systems are patched and to disable FTP support if it is not required, reducing the potential attack surface.

#CyberSecurity #Hacking #DataSecurity #Technology

Hacking