Threat Post

WPAD Flaws Leak HTTPS URLs

Sniffing HTTPS URLs with malicious PAC files gets easier with a new technique that exploits flaws in the Web Proxy AutoDiscovery protocol. LAS VEGAS — Researchers have found flaws in the Web Proxy ...
TWCN Tech News

Risks of using Proxy Auto-Config (PAC) File – Avoid malicious redirection, Identity Theft

Any URL is basically an IP address that you can remember easily. In other words, every working URL on the Internet is actually an IP address. The concept of IP addresses goes beyond URLs and extends ...
Network World

Disable WPAD now or have your accounts and private data compromised

The Web Proxy Auto-Discovery Protocol (WPAD), enabled by default on Windows and supported by other operating systems, can expose computer users’ online accounts, web searches, and other private data, ...
Ars Technica

NPM package with 3 million weekly downloads had a severe vulnerability

Popular NPM package “pac-resolver” has fixed a severe remote code execution (RCE) flaw. The pac-resolver package receives over 3 million weekly downloads, extending this vulnerability to Node.js ...