Cloudforce One

Cloudforce One has identified a fundamental shift in the threat landscape: the era of industrialized cyber threats. This era focuses on high-trust exploitation and prioritizes results at all costs. To help organizations counter these changes, today we are releasing the 2026 Cloudflare Threat Report. This report equips organizations with the intelligence they need to build a strategic 2026 roadmap. Get the report: cfl.re/4rbKvER

Cloudforce One has successfully disrupted the criminal enterprise known as Tycoon 2FA, one of the most popular Phishing-as-a-Service (PhaaS) kit providers, in coordination with industry partners. Read here: cloudflare.com/threat-intelli…

Cloudflare has released new WAF rules addressing the following CVEs to enhance customer protection. SmarterMail - Arbitrary File Upload (CVE-2025-52691) SmarterMail - Authentication Bypass (CVE-2026-23760) developers.cloudflare.com/changelog/post…

Why waste a zero-day when session tokens grant direct access? Why build a custom server when a reputation shield provides nearly untraceable infrastructure with a high delivery rate? Why attack the network when you can use deepfakes to embed insiders directly within your target?

The top metric? Measure of effectiveness. In 2026, the most dangerous actors aren’t the ones with the most advanced code; it’s the ones who can integrate intelligence and technology into a single, continuous system that achieves their mission in the shortest time possible.

Introducing the 2026 Cloudflare Threat Report. The top finding? Threat actors have industrialized, and they’re prioritizing ROI at all costs. cloudflare.com/lp/threat-repo…

Of particular note is the growth in hyper-volumetric DDoS attacks, increasing by over 700% compared to the large attacks we observed in late 2024

NEW: The total number of DDoS attacks more than doubled in 2025. And the world-record for largest DDoS attack observed by @Cloudflare was broken 19 times this year, with the current record-holder at 31.4 Tbps blog.cloudflare.com/ddos-threat-re…

Cloudflare has released new WAF rules to improve customer protection against the following vulnerability: React DoS (CVE-2026-23864)

We thank @Vercel for coordinating with us to protect Internet users worldwide.

Upon discovering this attack we worked with the Vercel Trust and Safety Team to ensure the threat was mitigated.

NEW: Threat actors are abusing Vercel to bypass email filters and deploy RMM tools. Our report details a sophisticated Telegram-gated delivery chain used to evade detection. cloudflare.com/cloudforce-one…

Iranian Protest Update: We have observed Iranian authorities targeting Instagram accounts with tools that perform bulk extraction of follower lists and account activity

NEW: Cloudflare detected the largest UDP DDoS attacks of the year—peaking at 29.7 Tbps. Aisuru's "short-burst" UDP carpet-bombing tactics are designed to maximize impact while evading traditional mitigation. cloudflare.com/threat-intelli…

.christmas at the top of the naughty list

React2Shell has surpassed 1 billion exploitation attempts in just 11 days. We are seeing sustained pressure averaging 4.35M hits per hour — with peaks more than tripling that volume.

Observed activity reflected a clear focus on strategically significant organizations. Highest-density probing occurred against networks in Taiwan, Xinjiang Uygur, Vietnam, Japan, and New Zealand—regions frequently associated with geopolitical intelligence collection.

The two new vulnerabilities affect specific RSC implementations. As of 2025-12-11 20:00UTC, our deployed WAF rules have seen a total of 620.64M hits, with an average of 3.65M hits per hour and a peak of 13.81M hits in a single hour.

UPDATE: Early activity indicates threat actors quickly integrated React2Shell into scanning routines, targeting critical infrastructure like nuclear fuel and uranium. React also disclosed two new vulnerabilities today—Cloudflare protects against all three. blog.cloudflare.com/react2shell-rs…