Skip to main content

Tag: denial of service

19 articles

Dimly lit server room with one server showing high memory usage.

OpenSSL Servers Vulnerable to Memory-Bloating DDoS Attacks

Beware: a simple 11-byte malicious input can cripple OpenSSL servers with a devastating DDoS attack, leaving them permanently bloated and vulnerable. This sneaky exploit, dubbed HollowByte, takes advantage of a weakness in OpenSSL's TLS handshake to drain server resources.

Analyst 207
Close-up of a circuit board with microcontroller and components, in a laboratory setting with a laptop in the background.

U-Boot Flaws Expose Devices to Stealthy Firmware Attacks

Researchers uncovered six critical vulnerabilities in U-Boot's firmware signature verification code, leaving devices open to stealthy attacks that can execute malicious code at startup. These flaws, ranging from denial of service to arbitrary code execution, highlight a major security risk that needs to be addressed.

Analyst 207
Network device sits on a neutral surface in a brightly-lit technology environment.

Citrix Fixes Flaws in NetScaler Software Exposing Users to File Reads and DoS Attacks

Citrix has patched six high-risk vulnerabilities in its NetScaler software, including flaws that could expose users to file reads and devastating denial-of-service attacks. These critical updates address issues with CVSS scores as high as 8.8, emphasizing the urgent need for users to apply the fixes.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit data center with technicians working in the background.

F5 Dispatched Patches for Critical NGINX Flaws

F5 has urgently released patches to fix two critical vulnerabilities in NGINX modules that can be exploited by remote attackers to cause denial-of-service or even execute remote code. Admins are advised to install the updates ASAP to protect NGINX Plus, Open Source, Gateway Fabric, and Instance Manager from potential attacks.

Analyst 207
Security team monitors display system health and vulnerability management dashboards in a bright tech operations room.

Microsoft Patch Tuesday Disrupts 200 Vulnerabilities, Zero-Day Exploits

Microsoft's June Patch Tuesday update is a doozy, tackling a whopping 200 vulnerabilities, including three zero-day exploits and 33 critical flaws that could lead to remote code execution. This crucial update aims to prevent a range of issues, from denial-of-service attacks to elevation of privilege and information disclosure.

Analyst 207
Node.js application running on a laptop in a developer's workspace with daylight in the background.

Protobuf.js Vulnerabilities Expose Node.js Apps to Code Execution, DoS

A single malicious protobuf schema could be all it takes to trigger crashes, corrupt runtimes, or even execute code in vulnerable Node.js apps, warns Cyera security researcher Assaf Morag. Six newly identified vulnerabilities in protobuf.js, known as Proto6, carry high severity scores and could put your app at risk.

Analyst 207
Networked server equipment and cabling in a brightly-lit data center with a blurred background.

CISA Flags SolarWinds Serv-U Flaw as Actively Exploited

A critical flaw in SolarWinds Serv-U is being actively exploited, allowing attackers to crash the service with a specially crafted POST request - no authentication required. This denial-of-service vulnerability, tracked as CVE-2026-28318, can be triggered by a simple HTTP POST request with a malicious Content-Encoding header.

Analyst 207
Server room with networked equipment and a single server in the foreground.

Hackers Actively Exploit SolarWinds Serv-U Flaw to Crash Servers

SolarWinds has issued an emergency hotfix to address a critical flaw in its Serv-U file transfer product, which hackers are actively exploiting to crash servers with specially crafted POST requests. A denial-of-service vulnerability, tracked as CVE-2026-28318, can be triggered without authentication, posing a significant threat to users.

Analyst 207
Rack of servers with one server highlighted, its indicators glowing neutrally.

Codex Agent Uncovers Lethal HTTP/2 DoS Exploit

A home computer on a typical 100Mbps connection can cripple a vulnerable server in mere seconds with the HTTP/2 Bomb, a potent DoS exploit that combines two decade-old attack techniques. This devastating attack exhausts server memory by sending tiny, compressed HTTP/2 header fragments and holding connections open, taking the service offline.

Analyst 207
Rows of computer servers and networking equipment in a brightly lit server room, conveying disruption and vulnerability.

HTTP/2 Bomb Attack Disrupts Web Servers in Seconds

A home computer on a typical 100Mbps connection can cripple a vulnerable server in mere seconds using a new technique called the HTTP/2 Bomb, which cleverly combines two known weaknesses in HTTP/2 server configurations. This potent attack can be unleashed quickly, leaving servers inaccessible.

Analyst 207
Server room with equipment and cables, highlighting a generic server rack in the foreground.

HTTP/2 Bomb Vulnerability Targets Major Web Servers with Remote DoS Exploit

A newly discovered HTTP/2 Bomb vulnerability can be exploited to launch a remote Denial of Service (DoS) attack on major web servers, taking advantage of a weakness in the default HTTP/2 configuration. This flaw cleverly combines a compression bomb and a Slowloris-style hold to target HPACK, HTTP/2's header-compression scheme.

Analyst 207
Windows Defender workstation in office setting with blurred laptop screen and cityscape view.

Microsoft Discloses Actively Exploited Defender Vulnerabilities

Microsoft warns of two critical vulnerabilities in its Defender software, one of which is being actively exploited by attackers to gain elevated privileges, and the other causing denial-of-service issues. These flaws, tracked as CVE-2026-41091 and CVE-2026-45498, highlight the need for urgent patching to prevent system compromise.

Analyst 207
Generic computer server or network equipment rack in a data center setting.

NGINX Vulnerability Exposes Servers to DoS, Potential Code Execution

A critical vulnerability, CVE-2026-42945, has been lurking in NGINX's code for 18 years, exposing servers to potential DoS attacks and code execution - and affecting a staggering third of the top-ranked websites. This heap buffer overflow flaw, rated 9.2 in severity, is a wake-up call for NGINX users to take immediate action.

Analyst 207
Network equipment setup with a large router or switch on a rack, surrounded by cables and gear.

Cisco Discloses High-Severity DoS Flaw Requiring Manual Reboot

Beware: a high-severity flaw in Cisco's system could allow attackers to overwhelm your network, causing a manual reboot to regain control. This vulnerability can be exploited remotely with ease, putting your connection resources at risk of exhaustion and leaving you vulnerable to a denial-of-service condition.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit server room with a subtle hint of a web server…

Apache HTTP Server Flaw Enables DoS and Potential RCE Attacks

A critical flaw in the Apache HTTP Server, known as CVE-2026-23918, can be exploited to launch devastating denial-of-service (DoS) and potential remote code execution (RCE) attacks, putting your online security at risk. This high-severity bug has been patched in Apache HTTP Server version 2.4.67, so updating is crucial to prevent attacks.

Analyst 207
Critical F5 BIG-IP flaw sparks alarming surge in attacks

Critical F5 BIG-IP flaw sparks alarming surge in attacks

A critical vulnerability in F5's BIG-IP system is under active attack by hackers, posing a significant threat to the security of our digital infrastructure. With patches and mitigations urgently needed, what's at stake if this flaw isn't addressed?

Analyst 207
Linux Kernel Vulnerability Poses Critical Threat

Linux Kernel Vulnerability Poses Critical Threat

A critical vulnerability in the Linux kernel has been uncovered, putting users at risk of a denial of service attack, and experts are warning of potentially far-reaching consequences. This shocking flaw, found in the ATI Rage 128 driver, highlights the importance of staying vigilant in the face of evolving cybersecurity threats.

Analyst 207
Expat Flaw Sparks Critical Vulnerability in XML Parsing

Expat Flaw Sparks Critical Vulnerability in XML Parsing

A critical vulnerability in a widely-used XML parsing library has been hiding in plain sight for over a decade, threatening to crash applications with a single, well-crafted attack. This buffer over-read issue, known as a ticking time bomb, can be exploited by context-dependent attackers to launch a devastating denial of service (DoS) attack.

Analyst 207
Linux Kernel Flaw Poses Critical Risk

Linux Kernel Flaw Poses Critical Risk

A critical flaw in the Linux kernel has been uncovered, posing a serious risk to systems worldwide by allowing local users to potentially gain elevated privileges or cause a denial of service. This vulnerability, affecting numerous Linux distributions, highlights the delicate balance between vulnerability and catastrophe in today's digital landscape.

Analyst 207