CSOonline

Built-in weakness in HTTP/2 protocol exploited for massive DDoS attacks

HTTP/2-enabled DDoS attacks are the largest Cloudflare and Google have seen and were launched from a relatively small botnet. Over the past two months attackers have been abusing a feature of the HTTP ...
Infosecurity-magazine.com

Attackers Increase Use of HTTP Clients for Account Takeovers

Cybercriminals have been observed increasingly leveraging legitimate HTTP client tools to execute account takeover (ATO) attacks on Microsoft 365 environments. Recent findings from Proofpoint reveal ...
Dark Reading

New HTTP Request Smuggling Attacks Target Web Browsers

BLACK HAT USA – LAS VEGAS – A security researcher who previously demonstrated how attackers can abuse weaknesses in the way websites handle HTTP requests warned that the same issues can be used in ...