Cloudflare WAF parsing change outage
Service Disruption
Summary
Hide ▲
Show ▼
Cloudflare suffered a temporary network outage after a Web Application Firewall parsing change caused availability problems for several minutes. The disruption mattered because it affected a major internet infrastructure provider and coincided with outages reported by Zoom, LinkedIn, Coinbase, DoorDash, and Canva. Cloudflare said the fix was rolled out quickly and that the event was not an attack.
Related Happenings
2025 DDoS surge targets telecommunications, service providers, and carriers
Target Trend
First: 05.02.2026 19:25
Last: 05.02.2026 19:25
Sources 1
About this happening:
**Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...
2025 DDoS surge targets telecommunications, service providers, and carriers
Target TrendAbout this happening: **Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...
AISURU/Kimwolf hyper-volumetric DDoS botnet activity
Malware Activity
First: 05.02.2026 19:25
Last: 05.02.2026 19:25
Sources 1
About this happening:
The **AISURU/Kimwolf** botnet is a **malware activity** cluster tied to **hyper-volumetric DDoS attacks** and large-scale device conscription. On **2025-12-04**, Cloudflare said i...
AISURU/Kimwolf hyper-volumetric DDoS botnet activity
Malware ActivityAbout this happening: The **AISURU/Kimwolf** botnet is a **malware activity** cluster tied to **hyper-volumetric DDoS attacks** and large-scale device conscription. On **2025-12-04**, Cloudflare said i...
Latest development: 20.03.2026 08:25
The U.S. Department of Justice disrupted command-and-control infrastructure used by AISURU, Kimwolf, JackSkid, and Mossad in a court-authorized law-enforcement operation, with support from Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, Lumen, Nokia, Okta, Oracle, PayPal, SpyCloud, Synthient, Team Cymru, Unit 221B, and QiAnXin XLab.
Aisuru/Kimwolf botnet record DDoS campaign against telecommunications and IT companies
Campaign
First: 29.01.2026 16:55
Last: 29.01.2026 16:55
Sources 1
About this happening:
The **Aisuru/Kimwolf botnet** campaign expanded in **late 2025** with **Kimwolf**, a **DDoS botnet** compiled using the **NDK**, and evidence linking it to **AISURU** through shar...
Aisuru/Kimwolf botnet record DDoS campaign against telecommunications and IT companies
CampaignAbout this happening: The **Aisuru/Kimwolf botnet** campaign expanded in **late 2025** with **Kimwolf**, a **DDoS botnet** compiled using the **NDK**, and evidence linking it to **AISURU** through shar...
Latest development: 20.03.2026 02:49
The U.S. Justice Department, with authorities in Canada and Germany, dismantled infrastructure behind Aisuru, Kimwolf, JackSkid and Mossad, seized U.S.-registered domains and virtual servers used in DDoS attacks against DoD Internet addresses, and said the action was intended to prevent further infections and future attacks.
Cloudflare BGP route leak from router policy misconfiguration disrupts IPv6 traffic
Service Disruption
First: 26.01.2026 19:50
Last: 26.01.2026 19:50
Sources 1
About this happening:
**Cloudflare** experienced a **25-minute BGP route leak** that disrupted **IPv6 traffic**, causing congestion, packet loss, and about **12 Gbps** of dropped traffic. The issue ext...
Cloudflare BGP route leak from router policy misconfiguration disrupts IPv6 traffic
Service DisruptionAbout this happening: **Cloudflare** experienced a **25-minute BGP route leak** that disrupted **IPv6 traffic**, causing congestion, packet loss, and about **12 Gbps** of dropped traffic. The issue ext...
Cloudflare ACME HTTP-01 WAF bypass security flaw
Vulnerability
First: 20.01.2026 13:12
Last: 20.01.2026 13:12
Sources 1
About this happening:
**Cloudflare's ACME HTTP-01 validation** flaw let requests to `/.well-known/acme-challenge/*` **bypass WAF protections** and reach **origin servers**. **Cloudflare** said it fixed...
Cloudflare ACME HTTP-01 WAF bypass security flaw
VulnerabilityAbout this happening: **Cloudflare's ACME HTTP-01 validation** flaw let requests to `/.well-known/acme-challenge/*` **bypass WAF protections** and reach **origin servers**. **Cloudflare** said it fixed...
Timeline
-
05.12.2025 17:12 2 articles · 5mo ago
Cloudflare WAF parsing change outage
Initial DisclosureCloudflare began investigating the outage on **December 5, 2025 at 08:56 UTC** after a **WAF parsing change** disrupted network availability. The disruption was brief but broad enough to produce reports from several major internet services.
Show sources
- Cloudflare Outage Caused by React2Shell Mitigations — www.securityweek.com — 05.12.2025 17:12
- Cloudflare Outage Caused by React2Shell Mitigations — www.securityweek.com — 05.12.2025 17:12