Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: info-disclosure (3 articles)Clear

Squidbleed flaw in Squid proxy leaks other users' credentials by default

Researchers at Calif.io disclosed Squidbleed, a Heartbleed-style memory leak in the widely used Squid web proxy that exposes one user's cleartext HTTP traffic, including passwords, cookies, and session tokens, to anyone else allowed to use the same proxy. The flaw (CVE-2026-47729) is a heap over-read in Squid's decades-old FTP directory parser and is present in the default configuration of every Squid version. To exploit it, an attacker needs proxy access and must point the proxy at an FTP server they control. Only cleartext HTTP and TLS-intercepting setups are exposed; normal HTTPS tunnels are not. A proof-of-concept is public.

Check
Inventory every Squid proxy in your environment, including instances embedded in appliances or run by vendors, and check whether FTP support is enabled and whether the proxy terminates TLS for inspection.
Affected
All Squid proxy versions in their default configuration (CVE-2026-47729), especially shared proxies on corporate, campus, or public networks; cleartext HTTP and TLS-terminating inspection setups have traffic exposed.
Fix
Disable FTP support in Squid, which removes this attack surface at no cost since browsers no longer use it, and apply the upstream patch once your distribution ships a verified fix.

Hackers mass-exploit Gravity SMTP WordPress flaw to steal email API keys

Attackers are mass-exploiting a flaw in Gravity SMTP, a WordPress email plugin installed on about 100,000 sites, to harvest credentials without any login. The bug (CVE-2026-4020) leaves a REST API endpoint with a permission check that always passes, so a single unauthenticated request returns a 365 KB system report containing API keys, secrets, and OAuth tokens for connected email services like Amazon SES, Mailjet, and Zoho, plus detailed software-stack information. Wordfence has blocked more than 17 million attempts, with activity spiking around June 6 and 7. A patch shipped in version 2.1.5, but updating does not revoke keys attackers may have already grabbed.

Check
Identify WordPress sites running Gravity SMTP at version 2.1.4 or earlier, and review web server access logs for requests to the /wp-json/gravitysmtp/v1/tests/mock-data endpoint, which indicate attempted or successful data exposure.
Affected
WordPress sites running Gravity SMTP through 2.1.4 with email integrations configured (CVE-2026-4020); exposed API keys and OAuth tokens let attackers abuse connected email services and map the site for follow-on attacks.
Fix
Update Gravity SMTP to 2.1.5 or later, then assume compromise: rotate all API keys, secrets, and OAuth tokens set in the plugin's email connectors, and block the published attacker IPs.

Critical Cisco ISE flaws give attackers root and leak credentials

Cisco has patched serious flaws in Identity Services Engine (ISE), the platform many organizations use to control who and what connects to their network. The most severe is a critical remote-code-execution bug that can give an attacker root-level control of the appliance. A second flaw, CVE-2026-20190, is an unauthenticated information-disclosure issue caused by weak authorization checks, letting a remote attacker pull sensitive data, including hashed credentials, that could fuel follow-on attacks and lateral movement. All versions of ISE and ISE-PIC are affected, though which flaws apply varies by release. Cisco has not reported active exploitation, but ISE sits at the heart of network access control.

Check
Identify Cisco ISE and ISE-PIC deployments and their patch levels, restrict access to the management interface to trusted administrators, and review logs for unexpected requests or signs of credential access.
Affected
All versions of Cisco Identity Services Engine (ISE) and ISE-PIC, with applicable flaws varying by release; the unauthenticated information-disclosure bug is tracked as CVE-2026-20190, alongside a critical root-level code-execution flaw.
Fix
Upgrade to ISE 3.3 Patch 11 or 3.4 Patch 6 now; the 3.5 Patch 4 fix is expected in August. Limit management access to trusted networks until then.