CyberSecurity news
FlagThis - #cloudflare
|
Bill Toulas@BleepingComputer
//
Cloudflare has released its 2025 Q1 DDoS Threat Report, revealing a staggering increase in Distributed Denial of Service (DDoS) attacks. The report highlights that Cloudflare mitigated 20.5 million DDoS attacks in the first quarter of 2025 alone. This represents a massive 358% year-over-year and 198% quarter-over-quarter increase, nearly matching the total number of attacks recorded throughout all of 2024. The escalating threat landscape underscores the critical need for robust and adaptive cybersecurity measures to protect online infrastructure from malicious actors.
One of the most significant incidents during this period was the mitigation of a record-breaking DDoS attack peaking at 4.8 billion packets per second (Bpps). This hyper-volumetric attack, part of a late-April campaign, presented a substantial technical challenge due to its immense scale and short duration, typically lasting between 35 and 45 seconds. Cloudflare also neutralized a 6.5 terabit-per-second (Tbps) UDP flood. Overall, the company recorded over 700 hyper-volumetric DDoS attacks, each exceeding either 1 Tbps or 1 Bpps, demonstrating the growing sophistication and intensity of these threats. Network-layer DDoS attacks fueled much of this increase, totaling 16.8 million incidents between January and March 2025. A notable 6.6 million of these attacks targeted Cloudflare's own infrastructure. Attackers are increasingly deploying sophisticated multi-vector campaigns, leveraging tactics such as SYN floods, Mirai-botnet assaults, and SSDP amplification to overwhelm targets from multiple angles. Cloudflare identified two emerging threats: Connectionless Lightweight Directory Access Protocol (CLDAP) attacks, which saw a 3,488% quarter-over-quarter increase, and Encapsulating Security Payload (ESP) attacks, growing by 2,301% in the same period.
Share:
References :
Classification:
@aithority.com
//
Cloudflare is significantly enhancing its platform for AI agent development, introducing new tools and features aimed at accelerating the creation and deployment of these autonomous systems. The company's Developer Week kicked off with the announcement of several advancements building upon the Agents SDK JavaScript framework released in February. These include industry-first remote Model Context Protocol (MCP) server, generally available access to durable Workflows, and a free tier for Durable Objects. These advancements are designed to drastically reduce the time it takes to build sophisticated AI agents, making the technology more accessible and affordable for developers.
Cloudflare's focus centers around the Model Context Protocol (MCP), an open standard that enables AI agents to directly interact with external services, shifting them from merely providing instructions to actively completing tasks. The newly introduced remote MCP server eliminates the previous limitation of running MCP locally, opening doors for wider adoption. Furthermore, Cloudflare is providing new Agents SDK capabilities to build remote MCP clients, with transport and authentication built-in, to allow AI agents to connect to external services. This also included integrations with Stytch, Auth0, and WorkOS to add authentication and authorization to your remote MCP server The company's new tools address key challenges in AI agent development by simplifying integrations, managing client lifecycles, and assigning granular permissions. Stytch and Cloudflare have also partnered to secure Remote MCP servers with OAuth. This partnership solves the challenge of robust authorization for AI agents, enabling Remote MCP authorization via OAuth. By addressing these challenges, Cloudflare is positioning itself as a leading platform for building and scaling agentic AI, lowering the barrier to entry for developers and unlocking new possibilities for AI-driven automation.
Share:
References :
Classification:
Mandvi@Cyber Security News
//
Netskope Threat Labs has uncovered a new evasive campaign that uses fake CAPTCHAs and CloudFlare Turnstile to deliver the LegionLoader malware. This sophisticated attack targets individuals searching for PDF documents online, tricking them into downloading malware that installs a malicious browser extension. This extension is designed to steal sensitive user data. The campaign has been active since February 2025 and has impacted over 140 customers.
The attack begins when victims are lured to malicious websites after searching for specific PDF documents. These sites present fake CAPTCHAs. Interacting with the fake CAPTCHA redirects the victim through a Cloudflare Turnstile page to a notification prompt. If the user enables browser notifications, they are directed to download what they believe is their intended document. However, this process executes a command that downloads a malicious MSI installer. Upon execution, the MSI file installs a program named "Kilo Verfair Tools" which sideloads a malicious DLL, initiating the LegionLoader infection. The LegionLoader payload uses a custom algorithm to deobfuscate shellcode and then injects the payload into an "explorer.exe" process. This ultimately leads to the installation of a malicious browser extension, often masquerading as "Save to Google Drive". This extension steals sensitive information like clipboard data, cookies, and browsing history. The affected sectors include technology and business services, retail, and telecommunications.
Share:
References :
Classification:
|