Security researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in ...

Researchers have discovered a number of security issues related to the new HTTP/2 protocol which could place millions of websites at risk of attack. On Wednesday at Black Hat USA, cybersecurity firm ...

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service (DoS) vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, ...

The Internet Engineering Task Force (IETF) completed work on the Hypertext Transfer Protocol 2 (HTTP/2) standard earlier this week. This new protocol will replace current versions of HTTP (1.0 and 1.1 ...

Recent revelations in cybersecurity unveil a new menace lurking in the depths of the internet infrastructure. Dubbed "CONTINUATION Flood," these vulnerabilities within the HTTP/2 protocol pose a ...

HTTP/2-enabled DDoS attacks are the largest Cloudflare and Google have seen and were launched from a relatively small botnet. Over the past two months attackers have been abusing a feature of the HTTP ...

The long-awaited revision to the venerable (and aging) HTTP protocol is finally here. Here's what's most important, what's to expect, and what to brace for After more than 15 years, the HTTP protocol ...

In August and September, threat actors unleashed the biggest distributed denial-of-service attacks in Internet history by exploiting a previously unknown vulnerability in a key technical protocol.