All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

OpenAI Codex helps researchers discover HTTP/2 denial-of-service exploit affecting major web servers

By

Jessica Lyons

6d ago· 4 min readenNews
Bagel score 90 of 100
90/100
Golden Brown
Bagelometer

Hand-rolled, kettle-boiled, baked to perfection. Worth every minute at the bakery.

Score90TypenewsSentimentnegative

Summary

OpenAI's Codex AI agent helped security researchers discover a new HTTP/2 denial-of-service exploit called "HTTP/2 Bomb" that chains together decade-old DoS techniques. The attack can be launched from a single machine to render vulnerable web servers inaccessible within seconds. It affects default HTTP/2 configurations on major web servers including nginx, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora. As of the report date, Microsoft IIS and Cloudflare Pingora still lacked patches.

Key quotes

· 3 pulled
OpenAI's Codex agent helped uncover a remote denial-of-service (DoS) exploit that can be launched from a single machine to render vulnerable web servers inaccessible in seconds
The attack works on default HTTP/2 configurations of major web servers including nginx, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora
As of Thursday, Microsoft IIS and Cloudflare Pingora still don't have a patch
Snippet from the RSS feed
Codex drops an HTTP/2 Bomb

You might also wanna read

Early Exploitation of React2Shell Vulnerability (CVE-2025-55182) Targets Critical Infrastructure

The article details early exploitation activity following the public disclosure of the critical React2Shell vulnerability (CVE-2025-55182).

blog.cloudflare.com·6mo ago

Security Risks of OpenClaw's AI Agent Capabilities: How Powerful Features Become Attack Vectors

The article examines how OpenClaw's powerful AI agent capabilities, which provide access to files, tools, browsers, terminals, and long-term

1password.com·4mo ago

Proof-of-Concept Exploit Released for Critical NGINX Heap Buffer Overflow (CVE-2026-42945)

A proof-of-concept exploit for CVE-2026-42945, a critical heap buffer overflow vulnerability in NGINX's ngx_http_rewrite_module that has exi

github.com·1mo ago

Hacker Exploits AI Coding Agent Vulnerability to Install OpenClaw Malware

A hacker exploited a vulnerability in Cline, an open-source AI coding agent, to trick it into installing OpenClaw (a viral AI agent) on comp

The Verge·3mo ago

HTTPjail: Fine-grained HTTP Filtering for AI Coding Agents and Development Tools

The article introduces httpjail, a security tool designed to provide fine-grained HTTP filtering for AI coding agents and development tools.

ammar.io·8mo ago

Security Researchers Discover Indirect Prompt Injection Vulnerability in Perplexity Comet AI Browser

Brave security researchers discovered a critical vulnerability called "indirect prompt injection" in Perplexity Comet, an AI-powered browser

brave.com·9mo ago