ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
This week's ThreatsDay roundup covers a 24-year-old curl vulnerability, smart TVs turned into proxyware, AI-powered crime forums, and 13 other security stories.
This week's ThreatsDay bulletin from The Hacker News covers a wide range of security stories, including a 24-year-old vulnerability in curl, smart TVs being used as proxyware without user consent, and the rise of AI-powered crime forums that lower the barrier for entry-level cybercriminals.
The most notable vulnerability disclosed is CVE-2026-8932 in curl, which affects all versions since curl 7.7, released on March 22, 2001. This bug allows attackers to bypass TLS certificate checks by reusing previously created connections even when mTLS configuration options have changed. AISLE discovered six vulnerabilities in total, ranging from memory-lifetime issues to logic bugs in how libcurl decides whether a connection, credential, or host identity is still valid. The flaws have been addressed in curl version 8.21.0.
A new report from Spur Intelligence reveals that more than one-third of LG and Samsung smart TV apps contain proxyware that can relay third-party traffic through the TV owner's internet connection. Spur scanned 6,038 apps across LG webOS and Samsung Tizen, finding 2,058 that contain residential proxy software. On LG webOS, 42.5% of apps carried such code, while on Samsung Tizen the rate was 26.9%. Bright Data, Massive, and Oxylabs are the top three SDK providers for these platforms. Spur notes that smart TVs are ideal proxy hosts because they sit on home networks but are rarely audited like computers, and users may not realize what it means to sell access to their residential IP address.
AI-powered crime forums are leveraging large language models to automate phishing and malware creation, lowering the barrier for entry-level cybercriminals. These forums provide tools that can generate convincing phishing emails, create malware variants, and even automate social engineering attacks, making sophisticated cybercrime accessible to individuals with minimal technical skills.
Other stories in the bulletin include a critical unauthenticated takeover vulnerability in Hoppscotch (CVE-2026-50160, CVSS 10.0), an open-source API platform. The bug allows an attacker to inject arbitrary InfraConfig keys via the POST /v1/onboarding/config endpoint, leading to full server compromise. The issue has been fixed in hoppscotch-backend version 2026.5.0.
Additionally, an initial access broker affiliated with Payouts King ransomware has been observed masquerading as IT personnel in social engineering attacks via Microsoft Teams to deliver a malicious Microsoft Edge browser extension called Edgecution. The extension exploits the Chrome native messaging protocol to interact with host-native applications beyond the browser sandbox, enabling attackers to manipulate the local filesystem, launch processes, and execute arbitrary code.
Cloudflare has partnered with Google Chrome, Microsoft Edge, and Mozilla Firefox to create a privacy-preserving protocol called Private Access Control Tokens (PACT). This protocol allows websites to issue anonymous tokens that assert a browsing session is being run by a human, reducing the need for captchas or invasive tracking.
This bulletin highlights the diverse and evolving nature of cybersecurity threats, from decades-old vulnerabilities in widely used tools to new attack vectors leveraging smart home devices and AI. The breadth of stories underscores the importance of staying informed and maintaining robust security practices across all aspects of technology.