Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cloudflare BGP route leak from router policy misconfiguration disrupts IPv6 traffic

Service Disruption
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

Cloudflare experienced a 25-minute BGP route leak that disrupted IPv6 traffic, causing congestion, packet loss, and about 12 Gbps of dropped traffic. The issue extended beyond Cloudflare customers and briefly altered traffic routing across external networks. Engineers manually reverted the configuration, paused automation, and contained the impact.

Related Happenings

2025 DDoS surge targets telecommunications, service providers, and carriers

Target Trend
First: 05.02.2026 19:25 Last: 05.02.2026 19:25 Sources 1

About this happening: **Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...

Open Happening

IPIDEA ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 29.01.2026 19:15 Last: 29.01.2026 19:15 Sources 1

About this happening: **IPIDEA**'s residential proxy ecosystem was **coordinatedly disrupted**, reducing malicious access to a large proxy infrastructure and weakening abuse routes across cybercrime an...

Open Happening

Aisuru/Kimwolf botnet record DDoS campaign against telecommunications and IT companies

Campaign
First: 29.01.2026 16:55 Last: 29.01.2026 16:55 Sources 1

About this happening: The **Aisuru/Kimwolf botnet** campaign expanded in **late 2025** with **Kimwolf**, a **DDoS botnet** compiled using the **NDK**, and evidence linking it to **AISURU** through shar...

Latest development: 20.03.2026 02:49

The U.S. Justice Department, with authorities in Canada and Germany, dismantled infrastructure behind Aisuru, Kimwolf, JackSkid and Mossad, seized U.S.-registered domains and virtual servers used in DDoS attacks against DoD Internet addresses, and said the action was intended to prevent further infections and future attacks.

Open Happening

Publicly exposed training apps as recurring cloud-entry risk across security vendors

Target Trend
First: 21.01.2026 16:00 Last: 21.01.2026 16:00 Sources 1

About this happening: **Cybersecurity training apps** left exposed on the public Internet are creating a recurring **cloud-entry risk** for **security vendors and enterprise users**. A scan identified...

Open Happening

Exposed security-training web apps exploitation wave

Exploitation Wave
First: 21.01.2026 16:00 Last: 21.01.2026 16:00 Sources 1

About this happening: **DVWA**, **OWASP Juice Shop**, **Hackazon**, and **bWAPP** instances exposed in cloud environments are being **actively exploited**, putting **Fortune 500 companies** and securit...

Open Happening

Timeline

  1. 26.01.2026 19:50 2 articles · 4mo ago

    Cloudflare IPv6 route leak causes congestion and packet loss

    Victim Impact Update

    On January 22, a router policy misconfiguration at Cloudflare triggered a 25-minute BGP route leak that redistributed IPv6 prefixes to BGP neighbors in Miami and affected external networks beyond Cloudflare customers, producing measurable congestion, packet loss, and about 12 Gbps of dropped traffic.

    Show sources
    Open in new tab
  2. 26.01.2026 19:50 1 articles · 4mo ago

    Cloudflare explains permissive export policy and rollback

    Technical Analysis Update

    Cloudflare later explained that a policy change meant to stop Miami from advertising Bogotá IPv6 prefixes made the export policy overly permissive, so internally redistributed IPv6 routes were accepted and advertised externally; engineers detected the issue shortly after it appeared, manually reverted the configuration, paused automation, and later re-enabled it.

    Show sources
    Open in new tab