Bleeping Computer

Google Chrome to warn users before opening insecure HTTP sites

Google announced today that the Chrome web browser will load all public websites via secure HTTPS connections by default and ask for permission before connecting to public, insecure HTTP websites, ...
Bleeping Computer

Windows 11 updates break localhost (127.0.0.1) HTTP/2 connections

Update 10/17/25: Microsoft fixes the bug using a KIR (Known Issue Rollback) update. More information added to end of story. Microsoft's October Windows 11 updates have broken the "localhost" ...
The Hacker News

New HTTP/2 'MadeYouReset' Vulnerability Enables Large-Scale DoS Attacks

Multiple HTTP/2 implementations have been found susceptible to a new attack technique called MadeYouReset that could be explored to conduct powerful denial-of-service (DoS) attacks. "MadeYouReset ...
SecurityWeek

New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites

A desync attack method leveraging HTTP/1.1 vulnerabilities impacted many websites and earned researchers more than $200,000 in bug bounties. New variants of the HTTP request smuggling attack method ...