HTTP/2’s speed abused to slow webserver performance in DoS attack
CSO Online 04.06.2026 16:44
Security researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in Codex-assisted analysis.
A flaw in the handling of the HTTP/2 protocol made a denial-of-service (DoS) attack possible on web servers including nginx, Apache HTTP server, Microsoft IIS, Envoy, and Cloudflare’s Pingora, according to security consultancy Calif.
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Infosecurity Magazine 04.06.2026 16:15
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts
Datenklau per App: Unzählige Microsoft-Nutzer durch winzige Codepanne gefährdet
Golem 04.06.2026 12:15
Microsoft hat in mehreren seiner Android-Apps versäumt, ein Debugging-Flag zurückzusetzen. Angreifer konnten dadurch Nutzerkonten kapern. (Sicherheitslücke, Microsoft)
Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs
CSO Online 04.06.2026 12:01
A high severity vulnerability in Hugging Face Transformers enables attackers to compromise systems that use the popular Python library to test and run AI models. The flaw impacts library versions that continue to be actively downloaded and comes at a time when attackers are increasingly targeting the AI supply chain, including through malicious models hosted on the Hugging Face platform.
The exploit for this vulnerability involves adding an innocuous-looking parameter called _attn_implementation_internal to remote model configuration files on Hugging Face and bypasses the trust_remote_code=false flag that normally prevents the execution of remote code accompanying models.
Nur ein Client nötig: HTTP/2 Bomb legt Webserver in Sekunden lahm
Golem 04.06.2026 09:45
Bei gängigen Webservern wie Nginx, Apache HTTPD und Microsoft IIS lässt sich mit wenig Aufwand innerhalb von Sekunden der Speicher fluten. (Sicherheitslücke, Apache)
Malware: KI erzeugt kaum aufhaltbaren Wurm
Heise Security 04.06.2026 08:41
IT-Forscher haben getestet, ob KI Malware zur schlimmeren Bedrohung macht. Ein dabei entwickelter Wurm ist äußerst anpassungsfähig.
Cisco stopft kritische Lücke in Unified CM und mehr
Heise Security 04.06.2026 06:56
Cisco behandelt Sicherheitslücken in drei Produkten, darunter eine als kritisch eingestufte in Unified Communications Manager.
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The Hacker News 03.06.2026 16:30
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.
The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted