Tag: denial of service
19 articles

OpenSSL Servers Vulnerable to Memory-Bloating DDoS Attacks
Beware: a simple 11-byte malicious input can cripple OpenSSL servers with a devastating DDoS attack, leaving them permanently bloated and vulnerable. This sneaky exploit, dubbed HollowByte, takes advantage of a weakness in OpenSSL's TLS handshake to drain server resources.

U-Boot Flaws Expose Devices to Stealthy Firmware Attacks
Researchers uncovered six critical vulnerabilities in U-Boot's firmware signature verification code, leaving devices open to stealthy attacks that can execute malicious code at startup. These flaws, ranging from denial of service to arbitrary code execution, highlight a major security risk that needs to be addressed.

Citrix Fixes Flaws in NetScaler Software Exposing Users to File Reads and DoS Attacks
Citrix has patched six high-risk vulnerabilities in its NetScaler software, including flaws that could expose users to file reads and devastating denial-of-service attacks. These critical updates address issues with CVSS scores as high as 8.8, emphasizing the urgent need for users to apply the fixes.

F5 Dispatched Patches for Critical NGINX Flaws
F5 has urgently released patches to fix two critical vulnerabilities in NGINX modules that can be exploited by remote attackers to cause denial-of-service or even execute remote code. Admins are advised to install the updates ASAP to protect NGINX Plus, Open Source, Gateway Fabric, and Instance Manager from potential attacks.

Microsoft Patch Tuesday Disrupts 200 Vulnerabilities, Zero-Day Exploits
Microsoft's June Patch Tuesday update is a doozy, tackling a whopping 200 vulnerabilities, including three zero-day exploits and 33 critical flaws that could lead to remote code execution. This crucial update aims to prevent a range of issues, from denial-of-service attacks to elevation of privilege and information disclosure.

Protobuf.js Vulnerabilities Expose Node.js Apps to Code Execution, DoS
A single malicious protobuf schema could be all it takes to trigger crashes, corrupt runtimes, or even execute code in vulnerable Node.js apps, warns Cyera security researcher Assaf Morag. Six newly identified vulnerabilities in protobuf.js, known as Proto6, carry high severity scores and could put your app at risk.

CISA Flags SolarWinds Serv-U Flaw as Actively Exploited
A critical flaw in SolarWinds Serv-U is being actively exploited, allowing attackers to crash the service with a specially crafted POST request - no authentication required. This denial-of-service vulnerability, tracked as CVE-2026-28318, can be triggered by a simple HTTP POST request with a malicious Content-Encoding header.

Hackers Actively Exploit SolarWinds Serv-U Flaw to Crash Servers
SolarWinds has issued an emergency hotfix to address a critical flaw in its Serv-U file transfer product, which hackers are actively exploiting to crash servers with specially crafted POST requests. A denial-of-service vulnerability, tracked as CVE-2026-28318, can be triggered without authentication, posing a significant threat to users.

Codex Agent Uncovers Lethal HTTP/2 DoS Exploit
A home computer on a typical 100Mbps connection can cripple a vulnerable server in mere seconds with the HTTP/2 Bomb, a potent DoS exploit that combines two decade-old attack techniques. This devastating attack exhausts server memory by sending tiny, compressed HTTP/2 header fragments and holding connections open, taking the service offline.

HTTP/2 Bomb Attack Disrupts Web Servers in Seconds
A home computer on a typical 100Mbps connection can cripple a vulnerable server in mere seconds using a new technique called the HTTP/2 Bomb, which cleverly combines two known weaknesses in HTTP/2 server configurations. This potent attack can be unleashed quickly, leaving servers inaccessible.

HTTP/2 Bomb Vulnerability Targets Major Web Servers with Remote DoS Exploit
A newly discovered HTTP/2 Bomb vulnerability can be exploited to launch a remote Denial of Service (DoS) attack on major web servers, taking advantage of a weakness in the default HTTP/2 configuration. This flaw cleverly combines a compression bomb and a Slowloris-style hold to target HPACK, HTTP/2's header-compression scheme.

Microsoft Discloses Actively Exploited Defender Vulnerabilities
Microsoft warns of two critical vulnerabilities in its Defender software, one of which is being actively exploited by attackers to gain elevated privileges, and the other causing denial-of-service issues. These flaws, tracked as CVE-2026-41091 and CVE-2026-45498, highlight the need for urgent patching to prevent system compromise.

NGINX Vulnerability Exposes Servers to DoS, Potential Code Execution
A critical vulnerability, CVE-2026-42945, has been lurking in NGINX's code for 18 years, exposing servers to potential DoS attacks and code execution - and affecting a staggering third of the top-ranked websites. This heap buffer overflow flaw, rated 9.2 in severity, is a wake-up call for NGINX users to take immediate action.

Cisco Discloses High-Severity DoS Flaw Requiring Manual Reboot
Beware: a high-severity flaw in Cisco's system could allow attackers to overwhelm your network, causing a manual reboot to regain control. This vulnerability can be exploited remotely with ease, putting your connection resources at risk of exhaustion and leaving you vulnerable to a denial-of-service condition.

Apache HTTP Server Flaw Enables DoS and Potential RCE Attacks
A critical flaw in the Apache HTTP Server, known as CVE-2026-23918, can be exploited to launch devastating denial-of-service (DoS) and potential remote code execution (RCE) attacks, putting your online security at risk. This high-severity bug has been patched in Apache HTTP Server version 2.4.67, so updating is crucial to prevent attacks.

Critical F5 BIG-IP flaw sparks alarming surge in attacks
A critical vulnerability in F5's BIG-IP system is under active attack by hackers, posing a significant threat to the security of our digital infrastructure. With patches and mitigations urgently needed, what's at stake if this flaw isn't addressed?

Linux Kernel Vulnerability Poses Critical Threat
A critical vulnerability in the Linux kernel has been uncovered, putting users at risk of a denial of service attack, and experts are warning of potentially far-reaching consequences. This shocking flaw, found in the ATI Rage 128 driver, highlights the importance of staying vigilant in the face of evolving cybersecurity threats.

Expat Flaw Sparks Critical Vulnerability in XML Parsing
A critical vulnerability in a widely-used XML parsing library has been hiding in plain sight for over a decade, threatening to crash applications with a single, well-crafted attack. This buffer over-read issue, known as a ticking time bomb, can be exploited by context-dependent attackers to launch a devastating denial of service (DoS) attack.

Linux Kernel Flaw Poses Critical Risk
A critical flaw in the Linux kernel has been uncovered, posing a serious risk to systems worldwide by allowing local users to potentially gain elevated privileges or cause a denial of service. This vulnerability, affecting numerous Linux distributions, highlights the delicate balance between vulnerability and catastrophe in today's digital landscape.