TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service (DoS) vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, ...

Security researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in ...

The HTTP/2 Bomb exploit chains two known denial-of-service (DoS) attack techniques to knock major web servers offline.

HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.

A high-severity double-free vulnerability in Apache HTTP Server 2.4.66 allows low-privileged attackers to remotely crash vulnerable servers through a crafted HTTP/2 request sequence, with a ...

In Apache HTTP Server 2.4.67, developers are patching several security vulnerabilities, some of which allow the injection of malicious code. Several security vulnerabilities have been discovered in ...

Microsoft has released out-of-band (OOB) updates to fix issues affecting Windows Server systems after installing the April 2026 security updates. As Microsoft confirmed last week, some admins may ...

Pilots who fly Apache helicopters for the Army are fiercely dedicated to their mission of watching over and defending forces below on the ground. But in the heart of every Apache pilot is a secret ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...

Razer Synapse Web is finally a reality, letting you set up your Razer gaming gear without needing to download software that constantly runs in the background while you game. It's still only in beta, ...

IT admins have been told to follow guidance related to deployments handled via the Windows Deployment Services (WDS). There are only a few months left before a Windows Server feature is disabled.