A newly disclosed flaw in Apache Tomcat’s Coyote engine—tracked as CVE-2025-53506—has surfaced in the latest round of HTTP/2 security advisories.
First noted in the National Vulnerability Database five days ago, the weakness stems from Coyote’s failure to enforce a hard cap on concurrent streams when an HTTP/2 client never acknowledges the server’s initialSETTINGSframe.
By repeatedly initiating streams that are never closed, aremote attackercan exhaust the server’s thread pool and force the cont...
SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware
BleepingComputer
4 hours ago
SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware Ionut Ilascu July 16, 2025 11:33 AM 0 A threat actor has been deploying a previously unseen malware called OVERSTEP that modifies ...
