Your browser is a tcp/ip relay. Thoroughly nasty new(ish) attack that breaks the same-domain policy and allows intranet content to be stolen by a malicious site. Using virtual hosts (hence requiring the Host: header) is the best known protection.
Recent articles
- V&A East Storehouse and Operation Mincemeat in London - 27th August 2025
- The Summer of Johann: prompt injections as far as the eye can see - 15th August 2025
- Open weight LLMs exhibit inconsistent performance across providers - 15th August 2025