New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Updated on June 3, 2026

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora.

The vulnerability has been codenamed HTTP/2 Bomb by Calif.

“The vulnerable behavior exists in each server’s default HTTP/2 configuration,” the company said, adding it was discovered by OpenAI Codex by chaining…

Read the rest of the story at Read More

Source: The Hacker News

April 22, 2025 Uncategorized

Docker Malware Exploits Teneo Web3 Node ...

March 18, 2025 Uncategorized

New Ad Fraud Campaign Exploits 331 Apps ...

November 4, 2025 Uncategorized

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Related posts

Docker Malware Exploits Teneo Web3 Node ...

New Ad Fraud Campaign Exploits 331 Apps ...

Operation SkyCloak Deploys Tor-Enabled O...

Leave a Comment Cancel reply

Recent News

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content