The Hacker News

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.
CSO Online

Flowise’s MCP implementation can run ghost commands

A 9.9-severity vulnerability in Flowise’s MCP stdio implementation can allow attackers to achieve remote code execution in ...
InfoQ

DuckDB Quack: Client/Server Protocol over HTTP for Multi-User Analytics

DuckDB has recently announced Quack, a new remote protocol over HTTP that lets multiple DuckDB instances connect to and work ...
CSOonline

HTTP/2’s speed abused to slow webserver performance in DoS attack

Security researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in ...
Hackaday

Revisiting Making Your Own Internet Router In 2026

After my recent misadventures setting up an OpenWrt installation on a scruffy e-waste-level x86 PC, quite a few people chimed ...