#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Salesforce Security Handbook

F5 | Breaking Cybersecurity News | The Hacker News

Category — F5
New HTTP/2 'MadeYouReset' Vulnerability Enables Large-Scale DoS Attacks

New HTTP/2 'MadeYouReset' Vulnerability Enables Large-Scale DoS Attacks

Aug 14, 2025 Server Security / Vulnerability
Multiple HTTP/2 implementations have been found susceptible to a new attack technique called MadeYouReset that could be explored to conduct powerful denial-of-service (DoS) attacks. "MadeYouReset bypasses the typical server-imposed limit of 100 concurrent HTTP/2 requests per TCP connection from a client. This limit is intended to mitigate DoS attacks by restricting the number of simultaneous requests a client can send," researchers Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel said . "With MadeYouReset, an attacker can send many thousands of requests, creating a denial-of-service condition for legitimate users and, in some vendor implementations, escalating into out-of-memory crashes." The vulnerability has been assigned the generic CVE identifier, CVE-2025-8671 (CVSS score: 7.5), although the issue impacts several products, including Apache Tomcat ( CVE-2025-48989 ), F5 BIG-IP ( CVE-2025-54500 ), and Netty ( CVE-2025-55163 ). MadeYouReset is the latest fl...
Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover

Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover

May 09, 2024 Firewall / Network Security
Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Central Manager," security firm Eclypsium  said  in a new report. A description of the two issues is as follows - CVE-2024-21793  (CVSS score: 7.5) - An OData injection vulnerability that could allow an unauthenticated attacker to execute malicious SQL statements through the BIG-IP NEXT Central Manager API CVE-2024-26026  (CVSS score: 7.5) - An SQL injection vulnerability that could allow an unauthenticated attacker to execute malicious SQL statements through the BIG-IP Next Central Manager API Both the flaws impact Next Central Manager versions from 20.0.1...
Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

Dec 10, 2022 Web App Firewall / Web Security
A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are a  key line of defense  to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection (SQLi). The generic bypass "involves appending  JSON syntax  to SQL injection payloads that a WAF is unable to parse," Claroty researcher Noam Moshe  said . "Most WAFs will easily detect SQLi attacks, but prepending JSON to SQL syntax left the WAF blind to these attacks." The industrial and IoT cybersecurity company said its technique successfully worked against WAFs from vendors like Amazon Web Services (AWS), Cloudflare, F5, Imperva, and Palo Alto Networks, all of whom have since released upd...
cyber security

CISO Best Practices Cheat Sheet: Cloud Edition

websiteWizCloud Security / Automation
Whether you're inheriting a cloud program, scaling multi-cloud or aligning with board goals, this cheat sheet helps drive measurable outcomes with proven frameworks & 90-day steps.
cyber security

Keeper Security recognized in the 2025 Gartner® Magic Quadrant™ for PAM

websiteKeeper SecurityPassword Security / Threat Detection
Access the full Magic Quadrant report and see how KeeperPAM compares to other leading PAM platforms.
Expert Insights Articles Videos
Cybersecurity Resources