Cloudflare, alongside major web browsers, introduced a protocol using Private Access Control Tokens to enhance web privacy. AISLE reported six vulnerabilities in curl, the oldest dating back to 2001, while a critical security flaw in Hoppscotch allows unauthenticated attackers to compromise API instances.
Cloudflare announced a collaboration with Google Chrome, Microsoft Edge, and Mozilla Firefox to introduce a new privacy-preserving protocol. This protocol, called Private Access Control Tokens (PACT), aims to differentiate between legitimate and undesirable web traffic, enhancing user privacy and reducing reliance on captchas. PACT allows websites to issue anonymous tokens that confirm human browser access without tracking users' history.
AISLE reported the discovery of six vulnerabilities in the curl library, including memory-lifetime issues and logic bugs. Notably, CVE-2026-8932, an older flaw, enables connection reuse despite invalid mTLS configurations. These vulnerabilities have existed since curl version 7.7, and a fix has been released in version 8.21.0.
A serious vulnerability (CVE-2026-50160) in self-hosted versions of the Hoppscotch API platform allows complete system takeovers. Discovered by Offgrid Security's AI agent, Kiro, the flaw enables unauthenticated attackers to inject sensitive keys into the database. This issue has a maximum CVSS score of 10.0, indicating its severity.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Cloudflare, alongside major web browsers, introduced a protocol using Private Access Control Tokens to enhance web privacy. AISLE reported six vulnerabilities in curl, the oldest dating back to 2001, while a critical security flaw in Hoppscotch allows unauthenticated attackers to compromise API instances.