cloudflare
-
Phishing campaign targets TikTok for Business accounts with bot-blocking pages
A phishing campaign is targeting TikTok for Business accounts with bot-blocking pages that redirect through Google Storage and use a Cloudflare Turnstile check, then present fake login pages designed to capture credentials and session cookies.
-
Cloudflare patches ACME HTTP-01 validation bug that could bypass WAF
Cloudflare said in a blog post it fixed an ACME HTTP-01 validation bug on October 27, 2025 that could disable WAF rules and allow requests to reach origin servers.
-
CISA sets Dec. 12 deadline to patch React2Shell RSC flaw amid widespread exploitation
CISA has set a December 12 deadline for federal agencies to patch the critical React2Shell RSC vulnerability CVE-2025-55182 after widespread exploitation was observed; security firms report rapid, opportunistic scans and attacks against Next.js and other internet-facing services.
-
Cloudflare says emergency React2Shell patch caused brief network outage
Cloudflare said an emergency change to its Web Application Firewall to mitigate the critical React2Shell vulnerability briefly made its network unavailable, causing widespread 500 errors. The React flaw can allow unauthenticated remote code execution and researchers report active exploitation and circulating proof-of-concept exploits.
-
Cloudflare mitigates 29.7 Tbps DDoS attack linked to AISURU botnet
Cloudflare said it mitigated a 29.7 Tbps DDoS attack linked to the AISURU botnet; the UDP “carpet-bombing” assault lasted 69 seconds, the target was not disclosed, and the company flagged a rise in large, sophisticated attacks in 2025.
-
Cloudflare investigates global outage causing widespread 500 errors
Cloudflare is investigating a global outage that caused widespread 500 errors and dashboard/API failures; multiple European nodes and tens of thousands of user reports were affected while Cloudflare works on mitigation and some services show signs of recovery.
-
Microsoft: Aisuru botnet launched 15.72 Tbps DDoS attack against Azure
Microsoft said the Aisuru botnet launched a 15.72 Tbps UDP flood against a public Azure IP in Australia from over 500,000 IPs, reaching nearly 3.64 billion packets per second; researchers and firms including Qi’anxin and Cloudflare have linked Aisuru to multiple large-scale DDoS campaigns that exploit vulnerable IoT devices and routers.
-
Israel agency says Iran-linked APT42 ran espionage campaign targeting officials and family members
Israel’s National Digital Agency says an Iran-linked threat actor known as APT42 has been running a campaign called SpearSpecter since early September 2025 that uses personalised social engineering to target senior officials and their family members and deploys a PowerShell backdoor for persistent access.
-
ESET: Gamaredon and Turla Coordinating Campaign Targets Ukrainian Institutions, Deploying Kazuar Backdoor
Security researchers have identified a coordinated campaign between Gamaredon and Turla targeting Ukrainian entities, with Kazuar backdoor deployments signaling active collaboration and evolving tactics across multiple campaigns in early 2025.
-
Microsoft, Cloudflare Lead Disruption of RaccoonO365 Phishing Network, Seizing 338 Domains
Microsoft and Cloudflare led a coordinated takedown of the RaccoonO365 phishing-as-a-service network, seizing 338 domains and disrupting a campaign that had targeted thousands of Microsoft 365 credentials across dozens of countries. The operation highlights how criminal networks leverage legitimate internet infrastructure to facilitate credential theft, with law enforcement pursuing principal operators and affiliates alike.
