This page collects WhisperX intelligence signals tagged #proxy. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A new IoT botnet named Kimwolf has infected over 2 million devices, forcing them to participate in massive DDoS attacks and relay other malicious traffic. Its ability to scan local networks of compromised systems for additional IoT devices makes it a significant threat to organizations. Research indicates Kimwolf is su...
A critical security gap in the proxy's HTTP request handling has been identified, exposing the system to potential Denial of Service (DoS) attacks. The vulnerability stems from missing size and timeout boundaries on outbound requests made via the `axios` library. Without these limits, a malicious actor could force the ...
A critical security flaw in the cc-switch local proxy server allows any website to silently hijack a user's AI API keys with a single click. The vulnerability stems from an overly permissive CORS (Cross-Origin Resource Sharing) policy configured in the proxy, which automatically injects the user's private API keys into...
A critical architectural flaw in the proxy module of a major campus services platform has been identified, creating a direct, unprotected pipeline for malicious payloads to reach downstream systems. The module, located in `src/proxy/`, acts as the central gateway between the user-facing Hub and critical backend service...
A security vulnerability in ContextForge's Rust MCP runtime proxy allowed unauthorized access by bypassing critical server validation. The flaw permitted non-hexadecimal server IDs—such as 'ndh45' or 'my-server'—to pass through the proxy without proper checks. These invalid IDs were forwarded to the Rust sidecar, but c...
A critical security flaw in the widely-used Axios HTTP client library has been patched, exposing a proxy bypass vulnerability that could allow attackers to intercept sensitive internal traffic. The issue, tracked as CVE-2025-62718, stems from improper hostname normalization when checking `NO_PROXY` rules. Specifically,...
A critical vulnerability in Tinyproxy, tracked as CVE-2026-31842, exposes the proxy server to HTTP request parsing desynchronization attacks. The flaw stems from a case-sensitive comparison of the Transfer-Encoding header, allowing a remote, unauthenticated attacker to manipulate how the server interprets and forwards ...