The Hacker News

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.
Hosted on MSN

An Apache HTTP server flaw lets attackers crash — or take over — millions of web servers with a single HTTP/2 request

A single malformed web request is all it takes. On May 4, 2026, the Apache Software Foundation quietly filed a vulnerability report with the National Vulnerability Database disclosing a critical flaw ...
Yahoo Finance

The Apache® Software Foundation Announces New Top-Level Project

Wilmington, DE, June 04, 2026 (GLOBE NEWSWIRE) -- The Apache Software Foundation (ASF), the global home of open source software the world relies on, today announced that Apachy Livy has become a ...
CSOonline

HTTP/2’s speed abused to slow webserver performance in DoS attack

Security researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in ...
ZDNet

Apache's new security update for HTTP Server fixes two flaws

The Apache Software Foundation has released an update to address a critical flaw in its hugely popular web server that allows remote attackers to take control of a vulnerable system. The first Apache ...
TheServerSide

How to install Apache's Web Server on Windows quickly

Community driven content discussing all aspects of software development from DevOps to design patterns. There are a variety of reasons why developer or DevOps professionals locally install the Apache ...