New HTTP/2 Bomb DoS Attack Hits Nginx, Apache, IIS, Envoy, and Pingora
A new HTTP/2 Bomb DoS attack can exhaust memory on major web servers, causing denial-of-service in seconds.
A new HTTP/2 Bomb DoS attack can exhaust memory on major web servers, causing denial-of-service in seconds.
Red Hat cloud services npm packages were compromised in a supply chain attack that used a preinstall script to steal developer and CI secrets.
The flaw affects the boundary between the Linux CIFS client and cifs-utils, allowing local root access on some systems.
ModuleJail is a new project that blacklists unused Linux kernel modules, helping reduce the attack surface exposed by recent local privilege escalation flaws.
WireGuard Easy 15.3 adds server-side Allowed IP enforcement, improving client access control for self-hosted WireGuard VPN setups.
Rocky Linux introduces an opt-in Security Repository for urgent fixes when critical vulnerabilities need patches before upstream updates arrive.
Parrot OS 7.2 is now available with Linux kernel 6.19, updated security tools, Debian package sync, and Copy Fail mitigation.
IPFire 2.29 Core Update 201 introduces DNS Firewall, replacing the old URL Filter with DNS-level domain blocking.
Bitwarden has confirmed a brief supply-chain compromise of its CLI 2026.4.0 npm package, with no evidence of vault data exposure.
OpenVPN 2.7.2 fixes two security flaws, adds long password support in the management interface, and includes several bugfixes for Windows users.