New HTTP/2 'MadeYouReset' Vulnerability Enables Large-Scale DoS Attacks

Threat Score:
55
The Hacker News
17 hours ago

Overview

Multiple HTTP/2 implementations have been found susceptible to a new attack technique called MadeYouReset that could be explored to conduct powerful denial-of-service (DoS) attacks. "MadeYouReset bypasses the typical server-imposed limit of 100 concurrent HTTP/2 requests per TCP connection from a client. This limit is intended to mitigate DoS attacks by restricting the number of simultaneous requests a client can send," researchers Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel said. "With Ma...

Related Articles

5 articles
4

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

The Hacker News 2 hours ago

Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems. The vulnerability, assigned the CVE identifierCVE-2025-20265(CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. The networking equipment major said the issue

Score
82
Read more
5

CVE-2025-8088 – WinRAR 0-Day Path Traversal Vulnerability Exploited to Execute Malware

Cybersecurity News 1 hour ago

A zero-day vulnerability in WinRAR allows malware to be deployed on unsuspecting users’ systems, highlighting the ongoing threats to popular software. Tracked as CVE-2025-8088, this path traversal flaw affects the Windows version of the widely used file archiving tool, enabling attackers to execute arbitrary code through specially crafted archives. The vulnerability, discovered in mid-July 2025, […]

Score
81
Read more