Collecting Cyber-News from over 60 sources

Tag: dos

Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)

Jun 8, 2026 1:42 PM

Tags: cisa, cybersecurity, dos, exploit, update, vulnerability

A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/08/cisa-patch-actively-exploited-solarwinds-serv-u-dos-vulnerability-cve-2026-28318/
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

Jun 6, 2026 11:43 AM

Tags: cisa, cve, cybersecurity, dos, exploit, flaw, infrastructure, kev, service, software, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash First seen on thehackernews.com…
Six protobuf.js Vulnerabilities Expose RCE and DoS Risks

Jun 5, 2026 10:43 PM

Tags: attack, dos, rce, remote-code-execution, software, supply-chain, vulnerability

Six protobuf.js vulnerabilities could enable RCE, DoS attacks, and software supply chain compromise across enterprise environments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/six-protobuf-js-vulnerabilities-expose-rce-and-dos-risks/
New ‘HTTP/2 Bomb’ DoS attack crashes web servers in under a minute

Jun 3, 2026 9:42 PM

Tags: attack, dos, service

A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-http-2-bomb-dos-attack-crashes-web-servers-in-under-a-minute/
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Jun 3, 2026 12:43 PM

Tags: apache, cybersecurity, dos, exploit, microsoft, openai, service, vulnerability

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora.The vulnerability has been codenamed HTTP/2 Bomb by Calif.”The vulnerable behavior exists in each server’s default HTTP/2 configuration,” the company said, adding it was discovered by OpenAI Codex by chaining First seen on…
HTTP/2 Bomb Remote DoS Exploit Impacts nginx, Apache, IIS, Envoy, and Cloudflare Pingora

Jun 3, 2026 11:43 AM

Tags: apache, attack, cyber, dos, exploit, infrastructure, microsoft, service

A newly disclosed “HTTP/2 Bomb” attack is raising serious concerns across the web infrastructure ecosystem, enabling remote denial-of-service (DoS) conditions against widely deployed servers including nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. Overview of the HTTP/2 Bomb Attack Security researcher Quang Luong, working with the Codex team, uncovered a novel exploitation technique that…
Nginx-poolslip Flaw Exposes Servers to DoS and Code Execution Attacks

May 25, 2026 8:01 AM

Tags: attack, cve, cyber, dos, flaw, service, vulnerability

NGINX users are facing a critical security issue after F5 disclosed a new vulnerability, tracked as CVE-2026-9256, affecting the widely used ngx_http_rewrite_module. The flaw, dubbed “Nginx-poolslip,” can allow attackers to trigger denial-of-service (DoS) conditions and, under certain conditions, achieve remote code execution. Nginx-poolslip Flaw The issue originates from improper handling of overlapping PCRE (Perl-Compatible Regular…
CISA Issues Alert on Exploited Microsoft Defender Zero-Day Vulnerabilities

May 22, 2026 1:00 PM

Tags: cisa, cve, cyber, dos, exploit, kev, microsoft, service, vulnerability, zero-day

CISA has issued an urgent alert warning organizations about two newly disclosed zero-day vulnerabilities affecting Microsoft Defender, both added to the Known Exploited Vulnerabilities (KEV) catalog on May 20, 2026. CVE-2026-45498: Microsoft Defender DoS Vulnerability CVE-2026-45498 is a denial-of-service (DoS) vulnerability in Microsoft Defender that can cause the security service to stop functioning. An attacker…
Splunk Patches Multiple Vulnerabilities Enabling DoS Attacks and Data Exposure

May 22, 2026 11:00 AM

Tags: access, ai, attack, cloud, cyber, data, dos, flaw, service, update, vulnerability

Splunk has released security updates to fix three newly disclosed vulnerabilities that could allow low-privileged users to access sensitive data or disrupt Splunk Enterprise deployments through denial-of-service (DoS) conditions. The patches address issues in both Splunk Enterprise and the Splunk Cloud Platform, as well as the Splunk AI Toolkit app. The flaws include improper access…
AI agent finds 18-year-old remote code execution flaw in Nginx

May 15, 2026 5:00 AM

Tags: ai, api, application-security, cve, cvss, data, dos, endpoint, exploit, flaw, github, leak, mitigation, network, open-source, remote-code-execution, risk, service, technology, update, vulnerability, waf

ngx_http_rewrite_module, a component that handles URL rewrites, and impacts Nginx versions from 0.6.27 to 1.30.0. The issue has been given a 9.2 CVSS severity score and was patched in versions 1.31.0 and 1.30.1.The commercial product, Nginx Plus, owned and developed by network and application security firm F5, is also vulnerable, and received patches in versions…
18-year-old NGINX vulnerability allows DoS, potential RCE

May 14, 2026 7:00 PM

Tags: dos, exploit, flaw, open-source, rce, remote-code-execution, service, vulnerability

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/18-year-old-nginx-vulnerability-allows-dos-potential-rce/
GitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoS

May 14, 2026 12:01 PM

Tags: cyber, dos, exploit, flaw, gitlab, threat, update

GitLab has issued an urgent security update to neutralise a massive wave of vulnerabilities. Threat actors could exploit these newly disclosed flaws to silently hijack developer sessions or completely paralyze continuous integration pipelines with unauthenticated attacks. GitLab Security Flaw On May 13, 2026, GitLab released critical patch versions 18.11.3, 18.10.6, and 18.9.7 for both its…
New Cisco DoS flaw requires manual reboot to revive devices

May 6, 2026 8:48 PM

Tags: cisco, dos, flaw, network, service, vulnerability

Cisco patched a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requires manually rebooting targeted systems for recovery. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-cisco-dos-flaw-requires-manual-reboot-to-revive-devices/
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

May 5, 2026 7:48 PM

Tags: apache, cve, dos, flaw, rce, remote-code-execution, software, update, vulnerability

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE).The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of “double free and possible RCE” in the HTTP/2 protocol handling.…
SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws

Apr 14, 2026 10:52 AM

Tags: cyber, dos, flaw, injection, sap, service, sql, update, vulnerability

SAP released its monthly Security Patch Day updates, addressing 19 new security notes and one update to a previously released note. According to the official SAP Support Portal, these patches resolve severe vulnerabilities, including critical SQL injection, Denial of Service (DoS), and code injection flaws. SAP strongly advises all administrators to review these updates and…
New React Server Components Flaw Could Let Attackers Trigger DoS

Apr 10, 2026 10:51 AM

Tags: attack, cve, cyber, dos, exploit, flaw, risk, service, threat, vulnerability

A newly disclosed high-severity vulnerability in React Server Components could allow unauthenticated attackers to trigger a Denial of Service (DoS) condition. Tracked as CVE-2026-23869, this flaw poses a significant risk to web applications using specific server-side rendering packages. Because the exploit requires no privileges and involves low attack complexity, threat actors can easily target vulnerable…
GitLab Addresses Multiple Vulnerabilities Linked to DoS and Code Injection

Apr 9, 2026 7:50 AM

Tags: cloud, cyber, dos, gitlab, injection, service, update, vulnerability

GitLab has rolled out a crucial security update to fix multiple vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms. Organizations utilizing self-managed GitLab instances are strongly advised by GitLab security experts to apply these updates immediately to prevent potential exploitation. Customers utilizing GitLab Dedicated or the cloud-hosted GitLab.com services are already protected…
(g+) Windows: Der Update-Guide für Secure Boot

Apr 8, 2026 2:52 PM

Tags: dos, guide, update, windows

Die Secure-Boot-Zertifikate laufen bald aus und müssen getauscht werden. Unser Leitfaden zeigt, welche To-dos auf Admins zukommen. First seen on golem.de Jump to article: www.golem.de/news/windows-der-update-guide-fuer-secure-boot-2604-207330.html
Fuse und Undertow – Schwachstellen in Red Hat ermöglichen DoS, Remote Code und Datendiebstahl

Apr 8, 2026 7:52 AM

Tags: dos, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/red-hat-fuse-undertow-schwachstellen-dos-codeausfuehrung-a-d40b84bfce65f35d87287b9bb1b96fb6/
TP-Link Router Flaws Allowed Attackers to Launch DoS Attacks and Cause Crashes

Apr 3, 2026 9:51 AM

Tags: attack, business, cctv, cyber, dos, flaw, risk, router, threat, vulnerability

TP-Link has recently addressed a batch of severe vulnerabilities affecting the Tapo C520WS security camera system. Security cameras are critical pieces of equipment for home and business safety, making device stability a top priority. When vulnerabilities allow threat actors to knock these devices offline or change their settings without permission, it poses a direct risk…
TP-Link Router Flaws Allowed Attackers to Launch DoS Attacks and Cause Crashes

Apr 3, 2026 9:51 AM

Tags: attack, business, cctv, cyber, dos, flaw, risk, router, threat, vulnerability

TP-Link has recently addressed a batch of severe vulnerabilities affecting the Tapo C520WS security camera system. Security cameras are critical pieces of equipment for home and business safety, making device stability a top priority. When vulnerabilities allow threat actors to knock these devices offline or change their settings without permission, it poses a direct risk…
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild

Mar 31, 2026 10:30 PM

Tags: api, backup, data, dos, exploit, malicious, rce, remote-code-execution, threat, tool, update, vulnerability

/run/bigtlog.pipe and /run/bigstart.ltm and makes changes to system binaries, including /usr/bin/umount and /usr/sbin/httpd. Attackers have also been observed modifying the sys-eicheck utility, which relies on RPM integrity checks to verify on-disk executables.Log analysis can reveal patterns related to the attack. The user “f5hubblelcdadmin” accessing the iControl REST API from localhost, SELinux disable commands in auditd…
Node.js Fixes Critical Flaws, Patches DoS Risk in Latest Security Update

Mar 26, 2026 10:46 AM

Tags: cve, dos, flaw, risk, update, vulnerability

The Node.js project has issued a series of security updates addressing multiple vulnerabilities across its active release lines. The update covers versions in the 20.x, 22.x, 24.x, and 25.x branches, and includes fixes for several high, medium, and low severity issues. Among the most notable concerns is CVE-2026-21637, which appears prominently in the release due…
Node.js Releases Urgent Patches for Multiple Vulnerabilities Exposing Systems to DoS and Crashes

Mar 26, 2026 6:46 AM

Tags: authentication, control, cyber, dos, exploit, risk, update, vulnerability

The Node.js project issued a critical security update for its Long-Term Support (LTS) branch, marking version 20.20.2 ‘Iron’ as a security release. This urgent patch addresses seven distinct vulnerabilities impacting TLS error handling, HTTP/2 flow control, cryptographic timing, and permission models. Several of these issues can be exploited remotely without authentication, posing an immediate risk…
Fehler in Node.js-Projekten – IBM App Connect durch DoS-Angriffe gefährdet

Mar 25, 2026 7:47 AM

Tags: cyberattack, dos, ibm

First seen on security-insider.de Jump to article: www.security-insider.de/ibm-app-connect-enterprise-kritische-schwachstellen-dos-a-1f0050cd51875d8992057cfff1568d86/
CrackArmor Flaws Expose Linux Systems to Privilege Escalation

Mar 16, 2026 4:10 PM

Tags: attack, container, dos, flaw, linux

CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crackarmor-linux-privilege/
CrackArmor Flaws Expose Linux Systems to Privilege Escalation

Mar 16, 2026 4:10 PM

Tags: attack, container, dos, flaw, linux

CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crackarmor-linux-privilege/
China-nexus Threat Actor Targets Persian Gulf Region With PlugX

Mar 13, 2026 1:10 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, dns, dos, group, Hardware, injection, iran, malicious, malware, microsoft, middle-east, reverse-engineering, service, social-engineering, software, startup, threat, tool, update, windows

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the renewed conflict in the Middle East. The threat actor quickly weaponized the theme of the conflict, using an Arabic-language document lure depicting missile attacks for…
DR-DOS rises again rebuilt from scratch, not open source

Mar 12, 2026 11:10 AM

Tags: dos, open-source

Project claims legal clarity and zero legacy code, but offers binaries only First seen on theregister.com Jump to article: www.theregister.com/2026/03/11/drdos_9/
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)

Mar 10, 2026 10:48 PM

Tags: access, ai, attack, authentication, best-practice, cve, cyber, data, dos, exploit, flaw, identity, infrastructure, iot, linux, microsoft, mobile, office, rce, remote-code-execution, service, sql, tool, update, vulnerability, windows

8Critical 75Important 0Moderate 0Low Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub. This month’s update includes patches…