Microsoft

Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know

On October 14, 2025, Microsoft released a security update addressing CVE-2025-55315, a vulnerability in ASP.NET Core that allows HTTP request smuggling. While request smuggling is a known technique, ...
GitHub

Provide some mechanism for HTTP errors to fall back to global ErrorHandler when withFetch / FetchBackend is enabled

My team just attempted to enable withFetch() in our application and encountered a pretty major footgun - because the FetchBackend runs outside the Angular zone, any HTTP errors, JSON parsing errors, ...
The Hacker News

New HTTP/2 'MadeYouReset' Vulnerability Enables Large-Scale DoS Attacks

Multiple HTTP/2 implementations have been found susceptible to a new attack technique called MadeYouReset that could be explored to conduct powerful denial-of-service (DoS) attacks. "MadeYouReset ...
SecurityWeek

New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites

A desync attack method leveraging HTTP/1.1 vulnerabilities impacted many websites and earned researchers more than $200,000 in bug bounties. New variants of the HTTP request smuggling attack method ...
Microsoft

Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol ...
GitHub

CORS pre-flight requests return HTTP 404 on custom-webpack

When using custom-webpack devserver, CORS pre-flight requests for assets fail. This is usually not an issue since most of the time your app and assets are served from the same origin (thus there are ...