A vulnerability zero-day by name "HTTP/2 Rapid Reset” was used by users to initiate larger distributed attacks denial services (DDoS from distributed denial-of-service) in Internet history.
One of the attacks recorded by Cloudflare it was three times larger than the record-breaking 71 million requests per second (RPS) attack reported by the company in February.
Specifically, the HTTP/2 Rapid Reset DDoS attack peaked at 201 million RPS, while Google observed a DDoS attack that peaked at 398 million RPS.
The new attack method uses a feature of HTTP/2 called 'stream cancellation', repeatedly sending a request and immediately canceling it.