On 18 November 2025 at 11:20 UTC, Cloudflare's network began experiencing significant failures to deliver core network traffic. This showed up to Internet users trying to access its customers' sites as an error page indicating a failure within Cloudflare's network.
According to researchers Matthew Prince, the issue was not caused, directly or indirectly, by a cyber-attack or malicious activity of any kind. Instead, it was triggered by a change to one of its database systems' permissions which
Cloudflare has recently released their Q1 DDoS threat report [5]. Thus, this is a good point for a discussion on DDoS attacks and some of the newer techniques involved with them. First, we’ll get a little bit of a refresher on what DDoS attacks are, how they manifest and how things look when a service is being attacked, and how they can be detected. From there, we’ll go into the typical mechanics of how a DDoS attack takes place and what sort of techniques and methods tend to be involved. Th
In November 2022, FortiGuard analysts observed a unique botnet written in the Go language being distributed through IoT vulnerabilities. This botnet, known as Zerobot, contains several modules, including self-replication, attacks for different protocols, and self-propagation. It also communicates with its command-and-control server using the WebSocket protocol. Based on some IPS signatures trigger count (shown in Figure 1), this campaign started its distribution of the current version someti
The threat actor who recently breached Twilio systems also targeted Cloudflare, and a few of the web security company’s employees fell for the phishing messages. Twilio recently revealed that it became aware of unauthorized access to some of its systems on 04 August 2022. An investigation showed that the attackers had tricked some of its employees into providing their credentials, which they then used to access internal systems and obtain customer data.[1] The threat actor sent phishing tex
