HTTP/2 Bomb Remote DoS Exploit Impacts nginx, Apache, IIS, Envoy, and Cloudflare Pingora
A newly disclosed “HTTP/2 Bomb” attack is raising serious concerns across the web infrastructure ecosystem, enabling remote denial-of-service (DoS) condition...
Vulnerability Disclosure
20 articles
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, En...
MazeBolt brings AI-generated attack simulation to DDoS security testing
MazeBolt has announced the launch of RADAR VectorAI, a new MazeBolt module that creates AI-generated DDoS attacks. As AI outpaces human response, enterprises...
1-Click GitHub Vulnerability Enables OAuth Token Theft
A newly disclosed vulnerability in GitHub’s browser-based editor, GitHub.dev, allows attackers to steal powerful OAuth tokens with just a single click, givin...
Microsoft MSRC Allegedly Declines Action on Dependency Confusion Vulnerability
Microsoft is facing scrutiny after reportedly declining to treat a critical dependency confusion vulnerability affecting Azure Portal assets as a security is...
Known vulnerabilities behind most application security incidents
Eight in ten organizations took an application security hit during the past year tied to a vulnerability their team had already cataloged, according to a sur...
Anthropic grants Project Glasswing access to 150 more companies, with a focus on critical infrastructure
Anthropic on Tuesday announced that it was adding 150 more companies to its Project Glasswing AI-based vulnerability hunting initiative, with a particular fo...
Russian hackers exploit WinRAR vulnerability for data theft
The exploitation chain begins with a weaponized HTML Application payload called GammaPhish, which retrieves intermediate Visual Basic Script (VBScript) downl...
SideCopy group targets Afghanistan's Ministry of Finance with Xeno RAT
The campaign commences with a spear-phishing email containing a ZIP archive with a malicious LNK file written in Pashto, designed to exploit the familiarity ...
Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin
On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installat...
Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis
As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate...
CISA flags two-year-old Oracle flaw as actively exploited in attacks
CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and ...
Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches
A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enable...
AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.
AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weapo...
Claude Code GitHub Actions Flaw Exposes Repositories to Full Compromise
A critical supply chain vulnerability in Anthropic’s Claude Code GitHub Actions workflow has been disclosed, exposing thousands of repositories to potential ...
Attackers exploit Palo Alto GlobalProtect flaw days after disclosure
A Palo Alto Networks vulnerability that allows attackers to establish unauthorized VPN access into corporate networks is being actively exploited in the wild...
Meta’s AI Bot Misused by Hackers to Take Over Instagram Accounts
Attackers have exploited a critical vulnerability in Meta’s AI-powered Instagram support chatbot to hijack user accounts without needing passwords, phishing,...
Pretalx vulnerability allows account takeover and admin demotion
The vulnerability, with a CVSS score of 8.7, can be exploited with low privileges and complexity.
Critical vulnerability in WP Maps Pro allows rogue administrator account creation
The vulnerability stems from a temporary access feature intended for vendor support.
New CIFSwitch vulnerability allows Linux privilege escalation
The CIFSwitch vulnerability, which was discovered by SpaceX Security Engineer Asim Viladi Oglu Manizada, impacts multiple Linux distributions that use vulner...