HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Every security team’s nightmare came true over the weekend: a ...

The large May patch package had fixed the vulnerability in Windows Netlogon, now attackers are exploiting it. Admins should ...

FortiClient EMS flaw CVE-2026-35616 enabled malware delivery via fake updates, risking credential theft across endpoints.

Microsoft Exchange Servers are under threat from a zero-day vulnerability, exploited via crafted emails. With no official patch, companies are urged to use mitigation services to protect their systems ...

During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat ...

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.

Threat actors, likely supported by the Russian government, hacked multiple high-value mail servers around the world by exploiting XSS vulnerabilities, a class of bug that was among the most commonly ...

Attackers exploited a critical GeoServer flaw to breach a US federal agency in July 2024 China Chopper web shell enabled remote access and lateral movement across compromised systems CISA urges timely ...