Risky Bulletin Risky Bulletin: HTTP2 flaw enables massive DDoS attacks
12 snips
Aug 15, 2025 A new HTTP2 vulnerability is lurking, empowering devastating DDoS attacks. Meanwhile, Russia takes a hard stance by blocking Telegram and WhatsApp voice calls. On the cybersecurity front, attackers are exploiting a zero-day flaw in N-able servers. Additionally, the US government is ramping up security by tracking chip shipments, raising eyebrows about surveillance. Tune in for a thrilling dive into the latest cyber threats and financial fraud schemes making waves!
AI Snips
Chapters
Transcript
Episode notes
HTTP/2 Race Enables Unlimited DDoS
- The Made You Reset flaw in HTTP/2 lets attackers cancel connections and spawn many more before resets complete.
- This race exhausts server resources and enables large-scale DDoS attacks.
Trackers Found In Server Chip Shipments
- US authorities reportedly hide tracking devices in server and chip shipments to detect diversion to adversaries.
- Vendors like NVIDIA and Dell deny involvement while trackers appeared in Supermicro and AMD equipment.
Russia Limits Foreign Messenger Calls
- Russia is restricting voice calls on WhatsApp and Telegram citing fraud and terrorism concerns while pushing officials to adopt a domestic app.
- The move follows telcos' pressure and points to tightening control over foreign messaging services.