CVE-2014-0160 (Heartbleed) was a critical vulnerability in OpenSSL’s TLS/DTLS heartbeat extension, introduced in OpenSSL 1.0.1 (released March 2012) and present in all versions through 1.0.1f. The vulnerability was independently discovered and reported to OpenSSL by Neel Mehta of Google Security and researchers at Codenomicon, and disclosed on 7 April 2014. At the time of disclosure, approximately 17% of all HTTPS web servers — estimated at 500,000 sites — used vulnerable versions of OpenSSL, making it one of the most widespread vulnerabilities in internet history. The bug allowed attackers to read up to 64KB of server memory per heartbeat request, enabling extraction of private SSL/TLS keys (which could enable retroactive decryption of captured traffic), session cookies, passwords, and other sensitive data — with no trace left in server logs. Notable confirmed breaches: Canada Revenue Agency (CRA) — 900 SINs stolen; Mumsnet — user accounts compromised; Comsec estimated at least 9% of the top 1 million websites were affected at disclosure. The NSA was reportedly aware of Heartbleed for approximately two years before disclosure and had been exploiting it — allegations the NSA denied. Over 200,000 devices remained unpatched a year after disclosure. The scale and duration of potential exploitation (2 years before patching) made Heartbleed one of the most significant vulnerability disclosures in internet history and drove major changes to OpenSSL funding and governance, leading to the OpenSSL Foundation receiving substantially increased funding.