HTTP/2 Bomb Attacks Put Telcos, Healthcare Orgs at Risk
The denial-of-service (DoS) exploit takes advantage of two features in HTTP/2 that were designed to save Internet bandwith, not power massive amplification attacks.
Stay updated on DoS threats. Explore the latest news and insights on Denial of Service attacks, prevention tips, and cybersecurity strategies.
Search across headline titles and summaries.
Background for this topic.
Denial of service (DoS) is an attack that makes a system, network, or application unavailable by exhausting resources or triggering failure. Floods can consume bandwidth, connection state, CPU, memory, or request-processing capacity; a software defect may instead be exploited to crash a service. A distributed denial-of-service (DDoS) attack generates traffic from many systems, increasing volume and complicating source-based blocking. The material security impact is loss of availability for users and dependent services, including websites, APIs, DNS, and operational systems.
Mitigation should match the bottleneck. Rate limits, request validation, connection protections, caching, and service isolation can reduce application and state-exhaustion attacks; volumetric traffic generally needs filtering or absorption upstream of the network. Monitoring should distinguish abnormal request patterns from ordinary load and alert on saturation, while tested failover, traffic diversion, and restoration procedures limit outage duration. Vulnerability management and timely patching reduce DoS caused by remotely triggerable crashes, but do not replace capacity planning and resilience testing.
Weekly headline count for the current query.
The denial-of-service (DoS) exploit takes advantage of two features in HTTP/2 that were designed to save Internet bandwith, not power massive amplification attacks.
Security teams can't test distributed denial-of-service defenses in a vacuum. They need to test during periods of high demand, such as tax-filing deadlines.
CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous.
CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous.
Pro-Russian group NoName057(16) uses a custom denial-of-service tool to mobilize volunteers and disrupt government, media, and institutional sites tied to Ukraine and the West.
Initially though to be a DDoS attack, the incident was actually due to a routine change in permissions that caused widespread software failure.
The for-hire platform leverages legitimate cloud-native tools to make detection and disruption harder for defenders and SOC analysts.
It's the equivalent of watching more than 9,350 full-length HD movies or streaming 7,480 hours of high-def video nonstop in less than a minute.
A good chunk of all websites today have been affected by the biggest DDoS risk on the Web since 2023.
National authorities have issued seven arrest warrants in total relating to the cybercrime collective known as NoName057(16), which recruits followers to carry out DDoS attacks on perceived enemies of Russia.
A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data
These groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.
Four different countries, including the United States and Germany, were included in the latest international operation alongside Europol's support.
Global politics and a growing economy draw the wrong kind of attention to India, with denial-of-service and application attacks both on the rise.
In the battle against two-minute micro-attacks that can knock out critical communication services, the difference between success and failure can literally come down to seconds.
Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.
Two separate campaigns are targeting flaws in various IoT devices globally, with the goal of compromising them and propagating malware worldwide.
As organizations on the continent expand their use of digital technologies, they increasingly face many of the same threats that entities in other regions have had to deal with for years.
The security extensions for the Domain Name System aimed to make the Internet more reliable, but instead the technology has exchanged one set of problems for another.
The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target.