November 18, 2025 – Cloudflare Global Outage (not a DDoS)

• Time: Started ~11:20 UTC, major issues until ~14:30 UTC, full recovery by ~17:06 UTC.
• Scope: Affected a huge portion of the internet — thousands of sites and services behind Cloudflare (X/Twitter, OpenAI/ChatGPT, Spotify, Claude.ai, Discord, Crunchyroll, etc.).
• Symptoms: 500 Internal Server errors, endless CAPTCHA loops, sites completely unreachable.
• Initial suspicion: Cloudflare briefly thought it was a “hyper-volumetric” DDoS attack because of the sudden global spike in errors.
  • “When the issue first started, the symptoms looked very similar to a hyper-volumetric DDoS attack. We initially wrongly suspected the symptoms we were seeing were caused by a hyper-scale DDoS attack. As we dug deeper, we correctly identified the core issue was not an attack…”
• Root cause (confirmed):
  • ML feature configuration file in Bot Management grew too large (>100 MB in some cases).
  • This caused crashes in Cloudflare’s edge proxy processes worldwide.
  • No customer data was lost or compromised.
  • Cloudflare’s official statement: “There is no evidence that this was the result of an attack or caused by malicious activity.”
• Official Source: https://blog.cloudflare.com/18-november-2025-outage/

The timing and Cloudflare’s brief initial misdiagnosis caused widespread confusion, with many people incorrectly believing Cloudflare had been DDoSed. Some reports even mentioned that the Cloudflare Incident was linked to an earlier DDoS incident towards Microsoft Azure. In reality, the two events were unrelated.

October 24, 2025 – The Microsoft Azure DDoS Incident – Record Breaking 15Tbps

• Size: 15.72 Tbps (terabits per second) – the largest publicly disclosed DDoS attack ever recorded.
• Target: Primarily Microsoft Azure infrastructure and customers.
• Attack type: Multi-vector Layer 3/4 flood (UDP reflection/amplification + other protocols), launched from over 500,000 source IPs across various regions.
• Botnet involved: The attack originated from Aisuru botnet. Aisuru is a Turbo Mirai-class IoT botnet that exploiting compromised home routers and cameras, mainly in residential ISPs in the United States and other countries.
• This attack did not involve or affect Cloudflare.
• Source: https://techcommunity.microsoft.com/blog/azureinfrastructureblog/defending-the-cloud-azure-neutralized-a-record-breaking-15-tbps-ddos-attack/4470422

NSFOCUS Hybrid DDoS Solution

The combination of NSFOCUS On-Premises DDoS Defenses combined with NSFOCUS Cloud DDoS Defenses eliminates all DDoS attacks targeting both customers and infrastructure. The combination enables providers to deliver Managed DDoS Services with a multi-tenant Platform that produces the lowest operating costs in the industry. NSFOCUS Cloud DDoS Protection brings you with a standalone service with global POPs and high availability, dedicated bandwidth for DDoS traffic absorption only, and simple yet robust structure designed mainly for mitigating massive DDoS attack traffic.

This makes you stay away from potential chaos from biggest cloud service platforms as complex structure and services may make it difficult to manage and thus could bring massive outage incidents. Staying away from the most targeted tenants/services hosted in biggest cloud service platforms who may attract record breaking DDoS traffic will also help you to avoid possible outages.

The post Record-Breaking Cloud Incident Brings Outage Through the Internet appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

*** This is a Security Bloggers Network syndicated blog from NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. authored by NSFOCUS. Read the original post at: https://nsfocusglobal.com/record-breaking-cloud-incident-brings-outage-through-the-internet/