The Hacker News

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.
CSO Online

HTTP/2’s speed abused to slow webserver performance in DoS attack

Researchers disclose an HTTP/2 denial-of-service technique affecting web servers including nginx and Apache after AI-assisted ...
SecurityWeek

‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds

The HTTP/2 Bomb exploit chains two known denial-of-service (DoS) attack techniques to knock major web servers offline.

OpenAI Codex helps identify HTTP/2 vulnerability affecting major web servers

The DoS attack can strike down a web server in just a few seconds ...
Morning Overview on MSN

The Fortinet hole, rated 9.1, lets an unauthenticated attacker run commands through a single crafted request, and a full patch is still pending

Organizations running Fortinet FortiWeb, the company’s web application firewall, face an immediate threat: a single crafted ...
TribLIVE.com

Plum Advance Leader

Flea market on tap The Oakmont American Legion Auxiliary is hosting a flea market at 8 a.m. May 16 at Railroad Park, 736 E. Railroad Ave., in Verona. Spots can be reserved for $15. Spots with a table ...
winbuzzer.com

OpenAI Codex Helps Expose Decades Old HTTP/2 Bomb Server Attack

OpenAI Codex helped Calif, an AI red-teaming security group, expose HTTP/2 Bomb, a denial-of-service attack that combines old HTTP/2 compression and connection-holding techniques against current ...