server

HTTP/2 Bomb — Remote DoS Exploit Hits Nginx, Apache, IIS, Envoy, and Cloudflare Pingora

A newly disclosed remote denial-of-service (DoS) exploit called “HTTP/2 Bomb” targets default HTTP/2 configurations in widely used web servers including nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora, allowing an attacker to exhaust tens of gigabytes of server memory within seconds. The exploit combines an HPACK compression bomb with a Slowloris-style connection hold to amplify memory usage, leading to significant server resource exhaustion; patches and mitigations have been released for some servers, while others require disabling HTTP/2 or proxying to mitigate risk.

https://cybersecuritynews.com/http-2-bomb-remote-dos-exploit/

Critical Samba Vulnerability Enables Remote Code Execution Attacks

A critical vulnerability in Samba's printing subsystem (CVE-2026-4480) allows unauthenticated remote code execution due to improper sanitization of shell meta characters in the %J print command parameter. This flaw, with a maximum CVSS score of 10.0, affects Samba setups that use the vulnerable print command configuration, enabling attackers to inject malicious commands without authentication; patches have been released, and administrators are urged to update immediately or apply mitigations.

https://cybersecuritynews.com/samba-rce-vulnerability/

Critical 18-Year-Old NGINX Vulnerability Enables Remote Code Execution Attacks

A critical 18-year-old heap buffer overflow vulnerability (CVE-2026-42945) has been discovered in NGINX's ngx_http_rewrite_module, enabling unauthenticated remote code execution (RCE) attacks. The flaw, present since 2008 and affecting numerous NGINX products, arises from a mismatch in URL rewriting logic and has a CVSS score of 9.2; security updates have been released and urgent patching is recommended.

https://cybersecuritynews.com/18-year-old-nginx-rce-vulnerability/

cPanel, WHM Release Fixes for Three New Vulnerabilities

cPanel has released patches to fix three vulnerabilities in cPanel and Web Host Manager (WHM) that could allow privilege escalation, code execution, and denial-of-service attacks. Users are urged to update to the latest versions promptly to protect their systems, as these flaws affect multiple releases and include issues like arbitrary file read, Perl code execution, and unsafe symlink handling.

https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html

Dirty Frag Linux Vulnerability Let Attackers Gain Root Privileges – PoC Released

Dirty Frag is a newly disclosed Linux kernel local privilege escalation vulnerability that chains two separate page-cache write flaws, allowing attackers to gain root privileges on virtually all major Linux distributions. Discovered by security researcher Hyunwoo Kim, the exploit modifies page cache in RAM deterministically without requiring timing windows or crashing the kernel, with a public proof-of-concept released following an embargo breach on May 7, 2026. Immediate mitigation involves disabling affected kernel modules until distribution-level patches, which are partially merged upstream, become available.

https://cybersecuritynews.com/dirty-frag-linux-vulnerability/

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

The Apache Software Foundation has released updates to fix a critical vulnerability (CVE-2026-23918) in Apache HTTP Server 2.4.66 that allows denial-of-service (DoS) attacks and potential remote code execution (RCE) via a double-free bug in HTTP/2 protocol handling. The flaw can be exploited by sending specific HTTP/2 frames, with the RCE path particularly feasible on systems using the default Apache Portable Runtime mmap allocator, leading to high risk for widely deployed servers.

https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html

Critical Apache HTTP Server Flaw Exposes Millions of Servers to RCE Attacks

The Apache Software Foundation released version 2.4.67 of Apache HTTP Server to patch five vulnerabilities, including a critical double-free flaw (CVE-2026-23918) in version 2.4.66 that enables remote code execution via HTTP/2. Users are strongly urged to upgrade immediately to mitigate this high-severity risk affecting millions of servers worldwide.

https://cybersecuritynews.com/apache-http-server-rce/

cPanelSniper – PoC Exploit Disclosed for cPanel Vulnerability, 44,000 Servers Compromised

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM, exploited by a publicly released proof-of-concept tool named “cPanelSniper,” has compromised approximately 44,000 servers worldwide since at least February 2026. The flaw allows attackers to forge root sessions without valid credentials by injecting malicious session data, prompting emergency patches from cPanel, while security experts urge immediate updates and audits to prevent further exploitation.

https://cybersecuritynews.com/cpanelsniper-poc-exploit/

cPanel 0-Day Authentication Bypass Vulnerability Actively Exploited in the Wild

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM has been actively exploited in the wild, allowing unauthenticated attackers to gain root-level access to hosting control panels. With a public proof-of-concept exploit released, cPanel has issued emergency patches and urged administrators to update immediately to prevent widespread compromise across millions of hosting accounts globally.

https://cybersecuritynews.com/cpanel-0-day-authentication-bypass-vulnerability/

Chinese Hackers Exploiting Dell Zero-day Flaw Since Mid-2024

Chinese hackers have been exploiting a critical Dell security flaw, identified as CVE-2026-22769, in their RecoverPoint for Virtual Machines since mid-2024. The UNC6201 group uses hardcoded credentials for unauthorized access, deploying sophisticated malware like Grimbolt to infiltrate VMware networks. To mitigate these attacks, Dell advises affected customers to apply recommended remediations.

https://www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-dell-zero-day-flaw-since-mid-2024/

Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287

Microsoft released an out-of-band security update for a critical remote code execution vulnerability (CVE-2025-59287) affecting Windows Server Update Service. CISA urges organizations to identify vulnerable servers, apply the update, and reboot. If immediate application isn't possible, disable WSUS or block ports 8530/8531. The vulnerability is now in CISA's Known Exploited Vulnerabilities Catalog. Report incidents to CISA's Operations Center.

https://www.cisa.gov/news-events/alerts/2025/10/24/microsoft-releases-out-band-security-update-mitigate-windows-server-update-service-vulnerability-cve

Scroll to Top