Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Major web servers HTTP/2 Bomb remote DoS denial-of-service flaw

Vulnerability
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

Researchers disclosed HTTP/2 Bomb, a remote denial-of-service vulnerability in default HTTP/2 configurations that can make NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora inaccessible. The flaw enables memory exhaustion by chaining a compression bomb with a Slowloris-style hold.

Related Happenings

NGINX and Apache HTTPD HTTP/2 Bomb mitigations

Advisory/Mitigation
First: 03.06.2026 11:33 Last: 03.06.2026 11:33 Sources 1

How related: To counter the vulnerability, it's advised to apply the following mitigations -

About this happening: Calif issued mitigation guidance for **NGINX** and **Apache HTTPD** operators after **HTTP/2 Bomb** was found to enable a **remote denial-of-service** against default HTTP/2 confi...

Open Happening

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

Open Happening

React2Shell (CVE-2025-55182) mass scanning and exploitation wave

Exploitation Wave
First: 20.02.2026 23:07 Last: 20.02.2026 23:07 Sources 1

About this happening: **CVE-2025-55182 (React2Shell)** is being **actively exploited** across **React Server Components (RSC)** and **Next.js** environments, with reports now adding a **ransomware gang...

Open Happening

AISURU/Kimwolf hyper-volumetric DDoS botnet activity

Malware Activity
First: 05.02.2026 19:25 Last: 05.02.2026 19:25 Sources 1

About this happening: The **AISURU/Kimwolf** botnet is a **malware activity** cluster tied to **hyper-volumetric DDoS attacks** and large-scale device conscription. On **2025-12-04**, Cloudflare said i...

Latest development: 20.03.2026 08:25

The U.S. Department of Justice disrupted command-and-control infrastructure used by AISURU, Kimwolf, JackSkid, and Mossad in a court-authorized law-enforcement operation, with support from Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, Lumen, Nokia, Okta, Oracle, PayPal, SpyCloud, Synthient, Team Cymru, Unit 221B, and QiAnXin XLab.

Open Happening

PhantomCaptcha WebSocket RAT PowerShell delivery chain

Malware Activity
First: 24.10.2025 15:15 Last: 24.10.2025 15:15 Sources 1

About this happening: **PhantomCaptcha** delivered a **WebSocket RAT** on **October 8** through a **multi-stage PowerShell** chain that let operators run commands, exfiltrate data, and load more malwar...

Open Happening

Timeline

  1. 03.06.2026 11:33 2 articles · 10h ago

    Researchers disclose HTTP/2 Bomb remote denial-of-service flaw

    Initial Disclosure

    Researchers disclosed HTTP/2 Bomb, a remote denial-of-service flaw affecting default HTTP/2 configurations in NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Calif said the issue was discovered by OpenAI Codex by chaining a compression bomb with a Slowloris-style hold against HPACK, letting a client force repeated header allocations and keep server memory pinned.

    Show sources
    Open in new tab