|
|
| FortiGuard Labs | FortiGuard Center - Outbreak Alerts |
HTTP/2 Bomb Denial-of-Service Vulnerability
Security researchers have disclosed a new denial-of-service (DoS) attack technique dubbed HTTP/2 Bomb, tracked as CVE-2026-49975, that affects multiple major HTTP/2 server implementations.
Unlike traditional volumetric DDoS attacks, HTTP/2 Bomb does not require a large botnet. Researchers demonstrated that a single attacker operating from a modest internet connection can generate sufficient resource exhaustion to disrupt vulnerable servers. |
Palo Alto Networks PAN-OS GlobalProtect Auth Bypass
Attackers are actively exploiting a PAN-OS GlobalProtect authentication bypass vulnerability to gain unauthorized VPN access to exposed Palo Alto Networks firewalls. An attacker who successfully exploits CVE-2026-0257 can:
- Establish unauthorized VPN sessions through affected GlobalProtect gateways.
- Bypass authentication controls without valid user credentials.
- Gain network-level access typically reserved for authenticated VPN users.
- Potentially facilitate further reconnaissance, lateral movement, or follow-on attacks within the victim environment. |
Citrix NetScaler Memory Overread Vulnerability
Exploitation activity targeting vulnerable Citrix NetScaler ADC and Gateway appliances remains persistent and widespread, with FortiGuard Labs telemetry continuously observing attack attempts from global sources probing exposed NetScaler SAML endpoints for vulnerable configurations.
Analysis from FortiGuard IPS sensors shows sustained targeting of internet-facing NetScaler deployments configured as SAML Identity Providers (IdP). Attackers continue using malformed authentication requests to exploit the memory overread condition associated with CVE-2026-3055, potentially exposing sensitive session data, authentication tokens, and credential material. |
| | Distributed by aarss.com. |
|
|
|
|
|
Joe's Cable Contact Site |
Joe's Cable is always looking for new clients. You may contact us
via Telephone, E-Mail, or by filling out the form on this page.
Telephone: 201-289-7613
E-Mail:
contact@joescable.com
Web Form: |
|
|
|
|