Hosted on MSN

An Apache HTTP server flaw lets attackers crash — or take over — millions of web servers with a single HTTP/2 request

A single malformed web request is all it takes. On May 4, 2026, the Apache Software Foundation quietly filed a vulnerability report with the National Vulnerability Database disclosing a critical flaw ...
Bleeping Computer

New HTTP/2 DoS attack can crash web servers with a single connection

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.
TechRepublic

New DDoS Attack is Record Breaking: HTTP/2 Rapid Reset Zero-Day Reported by Google, AWS & Cloudflare

A vulnerability in the HTTP/2 network protocol is currently being exploited, resulting in the largest DDoS attack in history. Find out what security teams should do now, and hear what Cloudflare’s CEO ...
VentureBeat

Google adds full HTTP/2 support to latest Chrome build

Google today added HTTP/2 support to the latest Chrome Canary release. This is the final draft (referred to as “h2”). HTTP is an application protocol that forms the foundation of data communication ...
Bleeping Computer

New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS records

A new DDoS (distributed denial of service) technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since August, breaking all previous records in magnitude. News of the zero-day ...
CSOonline

Built-in weakness in HTTP/2 protocol exploited for massive DDoS attacks

HTTP/2-enabled DDoS attacks are the largest Cloudflare and Google have seen and were launched from a relatively small botnet. Over the past two months attackers have been abusing a feature of the HTTP ...