HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.

The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold. Known denial-of-service (DoS) techniques can be chained ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

Web applications rely on multiple layers of infrastructure to process user requests efficiently. Load balancers, reverse proxies, caching servers, and application servers all work together to improve ...

Just two weeks after a massive supply chain compromise, Axios, a widely used JavaScript library for making web requests, is experiencing another critical threat. It contains a bug that allows ...

Pixnapping could be used to steal private data, including 2FA codes. Side-channel attack abuses Google Android APIs to steal data on display. Flaw is partially patched, although a more complete fix is ...

Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. KerioControl is a ...

Plattformen: SUSE Manager Proxy 4.3, SUSE Manager Server 4.3, SUSE Manager Retail Branch Server 4.3, SUSE Linux Enterprise High Performance Computing 15 SP4, SUSE Linux Enterprise Server 15 SP4, SUSE ...

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...

A study by Crystal Blockchain and Cointelegraph revealed that from 2011 to 2020, the total amount of funds stolen in crypto exchange hacks exceeded $15.6 billion. Over 50 exchanges fell victim to ...