Description: Cloudflare was disclosing a lot of private data, including login passwords and authentication cookies. Uber, Fitbit, 1Password, and OKCupid are just a few of the big names affected by the Cloudbleed security flaw in Cloudflare servers. Because mobile apps are created with the same backends as browsers for HTTPS (SSL/TLS) termination and content delivery, they are likewise impacted by Cloudbleed. The fact that Cloudflare directed Ormandy to the company's bug bounty programme and offered the expert a t-shirt as payment in lieu of cash is highly unusual.

Description: Internet infrastructure company Cloudflare suffered one of the largest volumetric distributed denials of service (DDoS) attacks. The attack lasted less than 15 seconds and was launched from a botnet of approximately 6,000 unique bots and originated from 112 countries around the world. The company immediately detected and mitigated a 15.3 million request-per-second (rps) DDoS attack. The attack was aimed at a “crypto launchpad” which is “used to surface Decentralized Finance projects to potential investors.”

Description: On October 7, 2023, amid a real-world conflict, Israeli websites providing critical information and alerts to civilians on rocket attacks were hit by a series of DDoS attacks. Cloudflare systems detected and mitigated these attacks, which were as intense as 1M requests per second. Pro-Palestinian hacktivist groups also targeted various Israeli websites and apps, including compromising an app alerting civilians about incoming rockets by sending fake alerts. Cloudflare's Threat Operations team discovered malicious mobile applications impersonating legitimate alert apps, which could access sensitive user data. These cyberattacks occurred alongside physical threats, creating a complex situation for Cloudflare and the affected organizations to manage, emphasizing the intersection of physical and cybersecurity domains during times of conflict.

Description: In 2024 Cloudflare mitigated a staggering 21.3 million DDoS attacks—a 358% year-over-year jump—and in Q1 2025 alone it already repelled 20.5 million assaults, including 6.6 million aimed directly at its own infrastructure during an 18-day multi-vector campaign. The surge was driven by a 509% increase in network-layer attacks, while hyper-volumetric floods exploded: over 700 events surpassed 1 Tbps or 1 billion packets per second, averaging eight daily in Q1. Emerging threats like CLDAP reflection attacks rose 3,488% quarter-over-quarter and ESP amplification attacks grew 2,301%. Even specialized gaming servers faced hyper-volumetric onslaughts up to 1.5 billion packets per second. Most alarmingly, Cloudflare disclosed it withstood a record-breaking 5.8 Tbps DDoS blast lasting 45 seconds, eclipsing its previous 5.6 Tbps record. Although fully mitigated, these figures underscore unprecedented scale and sophistication that threaten service availability and corporate stability across industries.

Description: La firme de sécurité réseau signale une attaque DDoS d’une vitesse de 7,3 térabits par seconde. Il s’agirait de la plus importante attaque jamais enregistrée sur la plateforme Cloudflare. L’attaque a eu lieu en mai et visait un hébergeur utilisant Magic Transit de Cloudflare pour protéger son réseau IP. Elle a dépassé le précédent record de 5,6 Tbit/s. L’attaque DDoS a transféré quelque 37,4 téraoctets de données en 45 secondes. Ces données provenaient de 122.145 adresses IP disséminées dans 161 pays. Les hébergeurs et les infrastructures internet clés sont souvent la cible d’attaques DDoS. Cloudflare même publie régulièrement des analyses à ce sujet. Elle a notifié que plus de 13,5 millions d’attaques DDoS ont été lancées en janvier et février 2025 contre son infrastructure et ses hébergeurs protégés par Cloudflare. Le précédent pic mesuré par Cloudflare était une attaque DDoS remontant à octobre dernier.

Description: Cybersecurity researchers have identified a growing trend among ransomware affiliates and advanced persistent threat actors who are leveraging Cloudflare’s legitimate tunneling service, Cloudflared, to establish covert access channels into compromised networks. This sophisticated technique allows attackers to maintain persistent access while evading traditional network security controls that typically flag suspicious outbound connections. The exploitation of Cloudflared tunnels has emerged as a preferred persistence mechanism due to the service’s inherent design, which encapsulates data in additional protocols that only the tunnel endpoints can decrypt. This creates a secure communication channel that appears as legitimate traffic to security monitoring systems, effectively providing attackers with what amounts to local network access from remote locations.