Bleeping Computer

New HTTP/2 DoS attack can crash web servers with a single connection

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.
VentureBeat

Google adds full HTTP/2 support to latest Chrome build

Google today added HTTP/2 support to the latest Chrome Canary release. This is the final draft (referred to as “h2”). HTTP is an application protocol that forms the foundation of data communication ...
Bleeping Computer

New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS records

A new DDoS (distributed denial of service) technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since August, breaking all previous records in magnitude. News of the zero-day ...
TechRepublic

New DDoS Attack is Record Breaking: HTTP/2 Rapid Reset Zero-Day Reported by Google, AWS & Cloudflare

New DDoS Attack is Record Breaking: HTTP/2 Rapid Reset Zero-Day Reported by Google, AWS & Cloudflare Your email has been sent A vulnerability in the HTTP/2 network protocol is currently being ...
CSOonline

Built-in weakness in HTTP/2 protocol exploited for massive DDoS attacks

HTTP/2-enabled DDoS attacks are the largest Cloudflare and Google have seen and were launched from a relatively small botnet. Over the past two months attackers have been abusing a feature of the HTTP ...