NASA’s Fermi telescope may have finally uncovered the magnetic powerhouse behind the universe’s brightest supernovae.
Get the latest international news and world events from around the world.
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
Debug flag disabled Microsoft 365 Android token checks, letting untrusted apps access accounts; patches issued May 12 to reduce risk
New ‘HTTP/2 Bomb’ DoS attack crashes web servers in under a minute
A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds.
The technique works on default HTTP/2 configurations of major web servers, including NGINX, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora.
Discovered by OpenAI’s Codex software agent under the guidance of researchers at offensive security firm Calif, HTTP/2 Bomb combines two previously known HTTP/2 DoS methods: the HPACK compression amplification and Slowloris-style resource retention via HTTP/2 flow-control stalling.
Acer working to patch max severity zero-days in Wave 7 routers
Acer confirmed that it’s working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers.
According to a Friday security advisory, the two security flaws were reported by security researcher Gergo Pap and affect Wave 7 routers running firmware version T7c_GBL_1.01.000055 or earlier.
The first zero-day, a broken access control vulnerability tracked as CVE-2026–49200, can allow unauthenticated attackers to remotely access plaintext credentials stored in log archives.
Google adds Android protection against AI deepfake scam calls
Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user’s personal contacts.
Called “fake call detection,” the feature is rolling out globally this month to Android 12 and later devices, starting with Pixel devices, and will be enabled by default.
Once activated, it works automatically when both a caller and recipient are using Phone by Google: when a contact places a call, their device sends a silent, encrypted confirmation signal to the recipient’s device in real time.
