Until today, taking down a web server required resources: a botnet, thousands of compromised machines, and coordinated high-volume traffic. A vulnerability disclosed today changes that equation. The HTTP/2 Bomb, published June 3, 2026 by security researcher Quang Luong, lets a single attacker exhaust the memory of nginx, Apache, and IIS servers from one connection until they … Continue reading HTTP/2 Bomb: One Connection Crashes Web Servers. nginx Is Patched, Apache Is Not.