Penta Security Inc. > Blog > New DoS Attack ‘HTTP/2 Bomb’ Takes Down Web Servers Within Seconds

New DoS Attack ‘HTTP/2 Bomb’ Takes Down Web Servers Within Seconds

2026-06-04 Blog
HTTP/2 Bomb weekly cybersecurity news

New DoS Attack ‘HTTP/2 Bomb’ Takes Down Web Servers Within Seconds

A new DoS attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. The attack combines HPACK compression amplification with Slowloris-style flow-control stalling to force massive server memory allocation without letting it free. Default configurations for NGINX, Apache, IIS, and Envoy are vulnerable. While NGINX and Apache have released patches, unpatched systems are recommended to disable HTTP/2 where feasible, and place a proxy/firewall in front that enforces hard header-count limits.

Source: Bleeping Computer

 

Instagram Accounts Hijacked by Hackers Through Tricking AI Chatbot

Hackers hijacked multiple high-profile Instagram accounts by exploiting Meta’s AI support chatbot. Attackers bypassed security by using a VPN to spoof locations and asking Meta AI Support Assistant to add a new email address to target accounts. The chatbot sent a verification code to the attacker’s email, enabling a password reset without compromising the victim’s original email. Meta has since resolved the vulnerability.

Source: Techcrunch

 

Anthropic Expanded Claude Mythos to 150 New Organizations

Anthropic has expanded Project Glasswing by granting Claude Mythos Preview access to 150 new organizations across 15 countries. These partners, primarily in critical infrastructure like power and healthcare, will use the model for vulnerability detection and defensive tasks. The expansion follows an initial phase where 50 partners identified over 10,000 severe flaws, highlighting the model’s raw detection power.

Source: Cyber Security News

 

OWASP Will Formally Launch Agentic Research Council

At Infosecurity Europe 2026, the OWASP will formally launch the Agentic Research Council. Born out of the Agentic Security Initiative, this global collaboration bridges academia, industry, and government to accelerate security research for fast-evolving agentic AI systems. To combat machine-speed risks and multi-agent vulnerabilities, the council will sponsor research, align academic roadmaps, and deliver real-world runtime governance controls and compliance workflows for defenders.

Source: Infosecurity Magazine

 

Carnival Cruise Confirms Data Breach Impacting Nearly 6 Million

Carnival Corporation has confirmed a data breach affecting nearly 6 million people claimed by the ShinyHunters extortion gang in April 2026. The company started notifying 5,995,277 affected customers. While Carnival has yet to attribute the attack, the ShinyHunters cybercrime group claimed responsibility for the breach, saying they stole documents containing over 8.7 million records.

Source: Bleeping Computer

 

Click here to subscribe our Newsletter

Tags: