The Hacker News

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.

OpenAI Codex helps identify HTTP/2 vulnerability affecting major web servers

The DoS attack can strike down a web server in just a few seconds ...
SecurityWeek

‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds

The HTTP/2 Bomb exploit chains two known denial-of-service (DoS) attack techniques to knock major web servers offline.
CSOonline

HTTP/2’s speed abused to slow webserver performance in DoS attack

Security researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in ...
Hosted on MSN

Apache HTTP/2 flaw with exploit code prompts urgent patching

Exploit code confirmed: Researchers have proof-of-concept code for CVE-2026-23918, enabling denial-of-service or remote code execution on Apache HTTP Server. Widespread server exposure: Apache serves ...
ZDNet

Severe vulnerabilities discovered in HTTP/2 protocol

Researchers have discovered a number of security issues related to the new HTTP/2 protocol which could place millions of websites at risk of attack. On Wednesday at Black Hat USA, cybersecurity firm ...
Searchenginejournal.com

What Is HTTP/2? Everything You Need to Know for SEO

What is HTTP/2 and how can you use it to support your SEO goals? Learn about how HTTP/2 works, its pros and cons, and why it matters in SEO. You may see HTTP/2 come up in your Google Lighthouse audit ...
InfoQ

Will WebSocket survive HTTP/2?

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Birgitta Böckeler, Distinguished Engineer at ...