On November 18, 2025, at 11:20 UTC , a significant portion of Cloudflare’s global infrastructure suddenly ceased to properly route Internet traffic, displaying an HTTP error page to millions of users worldwide reporting an internal malfunction in the company’s network. The outage affected a wide range of services—from the CDN to the Access authentication systems —generating a wave of 5xx errors. According to Cloudflare, which is extremely transparent, the cause was not a cyber attack but an internal technical error , triggered by a change to the permissions of a database cluster. Cloudflare immediately clarified that no malicious activity, direct or indirect,

November 18, 2025 – After hours of widespread disruptions , the incident affecting Cloudflare’s global network finally appears to be nearing resolution. The company announced it has implemented a fix and is now actively monitoring the situation, following a day of outages, intermittent errors, and issues with application and security services. The incident, which began at 11:48 UTC , affected multiple components of Cloudflare’s infrastructure, causing slowdowns, timeouts, and crashes globally, also impacting the CDN, API, authentication, and management dashboard. Below is the complete reconstruction of the day. Cloudflare Incident Timeline 11:48 UTC – Start of the incident Cloudflare reports an internal

The morning of November 18, 2025, will be remembered as one of the most anomalous and widespread outages on the Cloudflare network in recent months. The CDN—the beating heart of millions of websites, applications, and API services—began experiencing cascading outages across several geographic areas, significantly impacting our site, Red Hot Cyber , which uses Cloudflare infrastructure for CDN, caching, and DDoS protection. The following notice has been posted on the Cloudflare System Status portal: 11:48 UTC: “Cloudflare is aware of, and investigating an issue which potentially impacts multiple customers.” 12:03 UTC: “We are continuing to investigate this issue.” Downdetector also down One

Two serious vulnerabilities in IBM’s AIX operating system could allow remote attackers to execute arbitrary commands on affected systems, prompting the company to issue important security updates. Both vulnerabilities represent attack vectors for previously addressed bugs in CVE-2024-56347 and CVE-2024-56346. This unfortunately indicates that IBM’s previous patches may not have completely eliminated all exploitation paths, making these additional security updates necessary. The most severe bug, tracked as CVE-2025-36250, affects the NIM server service (nimesis), formerly known as NIM master. This flaw is even more critical, having achieved a perfect CVSS score of 10.0. The other identified critical flaw, tracked under CVE-2025-36251, affects

The story of the global Twitter hack in the summer of 2020 has had a sequel: British prosecutors have obtained the seizure of cryptocurrency mined by a key participant in the attack. The court ordered 26-year-old Joseph James O’Connor to return assets worth £4.1 million (approximately $5.4 million). This means the state has gained access to 42 bitcoins and related digital assets discovered during the multi-year investigation. The chain of events began with an unusually brazen attack , in which a criminal managed to gain control of the accounts of world leaders and entrepreneurs to defraud cryptocurrency users and intimidate celebrities. The

The room is the same: dim lights, chairs in a circle, thermoses of herbal teas now cold from all the talking and venting. We are Shakerati Anonimi , a group of people who never imagined we’d end up here, united by one thing: having been shaken, tricked, robbed by those who, behind the keyboard, have nothing to lose. After Pasquale, Simone, and Gianni, a woman takes a breath, adjusts her scarf, and stands up. It’s his turn. “Hi… I’m Nicoletta” “Hi everyone, my name is Nicoletta,” she says with a tight half-smile. “I’m 42 years old, I work as an administrative clerk

Masimo, an American company that develops medical monitoring technologies, has won another round of litigation with Apple . A federal jury awarded it $634 million for infringing a patent on blood oxygen-sensing technology. According to Reuters, a jury found that the Apple Watch’s workout mode and heart rate notifications infringed on Masimo’s patented technology. The court estimated that the pulse oximetry features were implemented in approximately 43 million devices. The jury rejected Apple’s request to limit damages to between $3 million and $6 million. Masimo sought damages between $634 million and $749 million , and the court ultimately awarded the lower of

A massive DDoS attack was neutralized by Microsoft Azure on October 24. A single endpoint located in Australia was targeted by the attack, which reached a maximum speed of 15.72 terabits per second (Tbps) and involved handling nearly 3.64 billion packets per second. Azure’s automated DDoS defense system quickly responded, ensuring zero downtime for affected customer workloads thanks to its ability to filter malicious traffic. The attack, which lasted several hours, was launched by the notorious Aisuru botnet, a variant of the Mirai malware that has become a common element in the DDoS attack arsenal. Recall that Cloudflare recently neutralized a massive

Spyware (also known as spy apps) represent one of the most insidious and dangerous threats of the digital age. These are malicious programs designed to infiltrate a user’s device, collecting personal information and monitoring their activities without the victim’s knowledge. Their main characteristic is their ability to operate unnoticed, often for extended periods, allowing attackers to obtain enormous amounts of sensitive data , such as login credentials, private messages, browsing history, and even financial details. This makes them particularly insidious, as many people only discover they’ve been affected when it’s too late. Worrying about spyware isn’t an exaggeration: the consequences can be

Asus has released an emergency firmware update for several DSL router models. The patch addresses a critical vulnerability that allows attackers to take complete control of devices without authentication. The vulnerability, identified as CVE-2025-59367, affects DSL-AC51, DSL-N16, and DSL-AC750 routers. The issue allows remote attackers to access unprotected devices accessible over the internet. The attack requires no preparation or user interaction; all that is needed is knowledge of the vulnerable router’s IP address. “An authentication bypass vulnerability has been discovered in certain DSL routers that could allow remote attackers to gain unauthorized access to the device,” Asus developers warn . The company