AI Generated Content

This may include content generated using AI tools. Glance teams are making active and commercially reasonable efforts to moderate all AI generated content. Glance moderation processes are improving however our processes are carried out on a best-effort basis and may not be exhaustive in nature. Glance encourage our users to consume the content judiciously and rely on their own research for accuracy of facts. Glance maintains that all AI generated content here is for entertainment purposes only.

Rapid Read    •   7 min read

Researchers Identify 'MadeYouReset' HTTP2 Vulnerability Enabling Massive DDoS Attacks

WHAT'S THE STORY?

What's Happening?

Researchers from security firm Imperva and Tel Aviv University have identified a new vulnerability in HTTP2 implementations, named 'MadeYouReset', which can be exploited to launch large-scale distributed denial-of-service (DDoS) attacks. This vulnerability is similar to the 'Rapid Reset' attack vector that set records for requests per second in 2023. The flaw involves a design issue in HTTP2 where stream cancellation allows both client and server to close a stream at any time. However, many implementations continue processing the request even after cancellation, leading to a mismatch in active streams and actual HTTP requests being processed. Attackers can exploit this by sending malformed frames or flow control errors to reset streams, causing servers to handle an unbounded number of concurrent requests. The vulnerability, tracked as CVE-2025-8671, affects several projects and organizations, including Apache Tomcat, Mozilla, and others. Patches have been released by some affected parties, while others are still assessing the impact.
AD

Why It's Important?

The discovery of the 'MadeYouReset' vulnerability is significant as it highlights a critical flaw in HTTP2 implementations that could be used to disrupt internet services on a massive scale. DDoS attacks can severely impact businesses, government services, and other critical infrastructure by overwhelming servers with traffic, leading to downtime and potential data breaches. The vulnerability's ability to blend with normal traffic makes it difficult to detect and mitigate, posing a challenge for cybersecurity defenses. Organizations affected by this flaw need to act swiftly to apply patches and implement mitigations to protect their systems. The broader cybersecurity community must also remain vigilant to prevent potential exploitation of this vulnerability in the wild.

What's Next?

Affected organizations are expected to continue investigating the extent of the 'MadeYouReset' vulnerability and release necessary patches. Mozilla is working on updates for its services, although Firefox is not impacted. Security firms and IT departments will likely enhance their monitoring and defenses to detect and mitigate potential DDoS attacks exploiting this vulnerability. The cybersecurity community may also collaborate to develop more robust solutions to prevent similar vulnerabilities in future HTTP2 implementations.

AI Generated Content

AD
More Stories You Might Enjoy

Fortinet Faces Increased Threats Amid New Vulnerability Disclosures

Fortinet has disclosed a critical remote code execution vulnerability in its FortiSIEM platform, CVE-2025-25256, which is already being targeted by...

Story by Rapid Read
AD

Hackers Exploit Erlang/OTP Vulnerability to Breach OT Firewalls

A critical remote code execution (RCE) vulnerability in the SSH daemon of Erlang's Open Telecom Platform (OTP) has been actively exploited by hacke...

Story by Rapid Read

Xerox Patches Critical Vulnerabilities in FreeFlow Core Print Platform

Xerox has addressed two critical vulnerabilities in its FreeFlow Core print orchestration platform, which were discovered by Horizon3 researchers. ...

Story by Rapid Read

Fortinet Warns of Critical Vulnerability Amid Spike in Brute-Force Attacks on SSL VPNs

Fortinet has issued an advisory regarding a critical vulnerability in its FortiSIEM software, identified as CVE-2025-25256, which could allow attac...

Story by Rapid Read
AD

Intel Addresses High-Severity Vulnerabilities in Xeon Processors and Ethernet Drivers

Intel has released 34 new security advisories addressing high-severity vulnerabilities in various products, including Xeon processors and Ethernet ...

Story by Rapid Read

SquareX Researchers Demonstrate Passkey Login Vulnerability via WebAuthn Manipulation

Researchers at SquareX have identified a method to bypass passkey login security through manipulation of the WebAuthn process. Passkeys, which are ...

Story by Rapid Read

Fortinet and Ivanti Release Security Patches to Address Critical Vulnerabilities

Fortinet and Ivanti have released their August 2025 Patch Tuesday updates, addressing several critical and high-severity vulnerabilities in their p...

Story by Rapid Read
AD

Investigators Link Russia to Hack of U.S. Federal Court Filing System

Investigators have found evidence suggesting that Russia is partly responsible for a recent cyberattack on the U.S. federal court filing system. Th...

Story by Rapid Read

Researchers Uncover Win-DDoS Flaws in Windows Domain Controllers, Raising Security Concerns

Researchers from SafeBreach have identified a new attack technique, dubbed Win-DDoS, that exploits vulnerabilities in Windows domain controllers to...

Story by Rapid Read

CISA Orders Federal Agencies to Patch Microsoft Exchange Vulnerability Amid Widespread Risks

Over 29,000 Microsoft Exchange servers remain unpatched against a high-severity vulnerability, CVE-2025-53786, which poses significant risks to org...

Story by Rapid Read
AD