Cloudflare outage causes slow sites, login trouble and dashboard errors as users report problems even after the company says service is restored.

On the morning of November 18, 2025, web users around the world, including Hackread.com readers, began encountering error pages and inaccessible apps. The disruption originated with Cloudflare, Inc., a web-infrastructure company whose network handles an estimated 20% of global web traffic.

****What went wrong****

At about 6:40 a.m. ET (11:40 UTC), Cloudflare logged “internal service degradation” after an unusually large traffic event hit one of its services, causing elevated error rates across its network. The company’s **status page** listed “degraded performance” for core functions like Bot Management and Edge Network.

Later in the day, Cloudflare’s Chief Technology Officer, Dane Knecht, publicly addressed the disruption, stating: “I won’t mince words: earlier today we failed our customers and the broader Internet when a problem in @Cloudflare’s network impacted large amounts of traffic that rely on us.”

He clarified that the root cause was a **latent bug** triggered by a routine configuration change in a service underpinning Bot Mitigation. That bug then cascaded into broader traffic errors across the network. He stressed it was not an attack.

Cloudflare later confirmed that, “A fix has been implemented and we believe the incident is now resolved. We are continuing to monitor for errors to ensure all services are back to normal.”

****Who was affected****

Because Cloudflare serves as a content-delivery and security layer for a vast number of websites and platforms, the impact rippled widely:

*   Hackread.com, Canva, Uber, IKEA, Shopify, League of Legends, DoorDash, Discord, Patreon, Medium, Crunchyroll, GitLab, Udemy and many more.
*   Popular AI tools such as ChatGPT and other LLM services reported outages or high error rates.
*   Social-media platform X (formerly Twitter) experienced disruptions.
*   Other streaming or gaming services, large web-apps and corporate domains relying on Cloudflare’s network also reported errors.

Downdetector – a user-reported outage tracker – **showed** tens of thousands of reports at peak for affected services. However, the platform itself faced Clouflare-related issues.

Cloudflare is not a household brand in the way Apple or Google are, yet a major part of the internet’s functionality and security depends on it. When a service like this owns so much traffic, faults can escalate quickly from “one site down” to “large-scale service disruption.”

****Some Sites Still Facing Issues****

While Cloudflare’s CTO says the issue is resolved, users on X are **pointing out** that it is not fully back to normal. Many, including Hackread.com, are still dealing with slow loading, problems inside dashboards, redirects to a Cloudflare error window and trouble saving drafts or reaching the login page.

Some users also report that they cannot log in to Cloudflare or open the service properly on either computers or smartphones.

Nevertheless, it feels like the internet barely caught its breath from the last widespread disruption. Just a month ago, AWS went down and knocked countless services offline, as detailed in the **Hackread.com report**. Now Cloudflare is dealing with its own outage, turning this into the second major breakdown of core web infrastructure within a short span.

Cloudflare Outage Jolts the Internet – What Happened, and Who Was Hit

Free the logs! Behind the scenes at InfluxData, which turned to its own in-house security monitoring platform, DiSCO, to protect its supply chain after its third-party tool was breached.

How We Ditched the SaaS Status Quo for Time-Series Telemetry

**What is the version information for this release?**

Microsoft Edge Version

Date Released

Based on Chromium Version

142.0.3595.90

11/18/2025

142.0.7444.176

CVE-2025-13224: Chromium: CVE-2025-13224 Type Confusion in V8

CVE-2025-13223: Chromium: CVE-2025-13223 Type Confusion in V8

A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade.

Malicious Npm Packages Abuse Adspect Cloaking in Crypto Scam

Bug bounty programs create formal channels for organizations to leverage external security expertise, offering researchers legal protection and financial incentives for ethical vulnerability disclosure.

Bug Bounty Programs Rise as Key Strategic Security Solutions

Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol.
The idea is to make it easier to delve into WhatsApp-specific technologies as the application continues to be a lucrative attack surface for state-sponsored actors and

Bug Bounty / Data Privacy

Meta on Tuesday said it has made available a tool called **WhatsApp Research Proxy** to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol.

The idea is to make it easier to delve into WhatsApp-specific technologies as the application continues to be a lucrative attack surface for state-sponsored actors and commercial spyware vendors.

The company also noted that it's setting up a pilot initiative where it's inviting research teams to focus on platform abuse with support for internal engineering and tooling. "Our goal is to lower the barrier of entry for academics and other researchers who might not be as familiar with bug bounties to join our program," it added.

The development comes as the social media giant said it has awarded more than $25 million in bug bounties to over 1,400 researchers from 88 countries in the last 15 years, out of which more than $4 million were paid out this year alone for almost 800 valid reports. In all, Meta said it received around 13,000 submissions.

Some of the notable bug discoveries included an incomplete validation bug in WhatsApp prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 that could have enabled a user to trigger processing of content retrieved from an arbitrary URL on another user's device. There is no evidence that the issue was exploited in the wild.

Also patched by Meta is a vulnerability tracked as CVE-2025-59489 (CVSS score: 8.4) that could have allowed malicious applications installed on Quest devices to manipulate Unity applications to achieve arbitrary code execution. Flatt Security researcher RyotaK has been acknowledged for discovering and reporting the flaw.

**Simple WhatsApp Security Flaw Exposes 3.5 Billion Phone Numbers**

Lastly, Meta said it added anti-scraping protections to WhatsApp following a report that detailed a novel method to enumerate WhatsApp accounts at scale across 245 countries and build a dataset containing every user, bypassing the service's rate-limiting restrictions. WhatsApp has about 3.5 billion active users.

The attack takes advantage of a legitimate WhatsApp contact discovery feature that requires users to first determine whether their contacts are registered on the platform. It essentially allows an attacker to compile basic publicly accessible information, along with their profile photos, About text, and timestamps associated with key updates related to the two attributes. Meta said it found no indications that this vector was ever abused in a malicious context.

Interestingly, the study found millions of phone numbers registered to WhatsApp in countries where it's officially banned, including 2.3 million in China and 1.6 million in Myanmar.

"Normally, a system shouldn't respond to such a high number of requests in such a short time – particularly when originating from a single source," Gabriel Gegenhuber, University of Vienna researcher and lead author of the study, said. "This behavior exposed the underlying flaw, which allowed us to issue an effectively unlimited requests to the server and, in doing so, map user data worldwide."

Earlier this year, Gegenhuber et al also demonstrated another research titled Careless Whisper that showed how delivery receipts can pose significant privacy risks to users, thereby allowing an attacker to send specifically crafted messages that can trigger delivery receipts without their knowledge or consent and extract their activity status.

"By using this technique at high frequency, we demonstrate how an attacker could extract private information, such as following a user across different companion devices, inferring their daily schedule, or deducing current activities," the researchers noted.

"Moreover, we can infer the number of currently active user sessions (i.e., main and companion devices) and their operating system, as well as launch resource exhaustion attacks, such as draining a user's battery or data allowance, all without generating any notification on the target side."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year

You’ve probably already moved some of your business to the cloud—or you’re planning to. That’s a smart move. It helps you work faster, serve your customers better, and stay ahead.
But as your cloud setup grows, it gets harder to control who can access what.
Even one small mistake—like the wrong person getting access—can lead to big problems. We're talking data leaks, legal trouble, and serious

Cloud Security / Compliance

You've probably already moved some of your business to the cloud—or you're planning to. That's a smart move. It helps you work faster, serve your customers better, and stay ahead.

But as your cloud setup grows, it gets harder to control who can access what.

Even one small mistake—like the wrong person getting access—can lead to big problems. We're talking data leaks, legal trouble, and serious damage. And with different rules in different regions like the US, UK, EU, APAC, and more, keeping up is tough.

Join our free webinar: "**Securing Cloud Workloads and Infrastructure: Balancing Innovation with Identity and Access Control**" with experts from CyberArk. You'll learn simple, practical ways to stay secure and move fast.

Cloud tools today aren't all the same. Most companies use several cloud platforms at once—each with its own setup, rules, and risks. You want your team to stay fast and flexible, but you also need to keep everything safe. That's a tricky balance.

That's why we're bringing in two top experts from CyberArk:

*   **Przemek Dybowski**, Global Solution Architect – Cloud Security
*   **Josh Kirkwood**, Senior Manager – Field Technology Office

They work with real companies every day and will share practical tips you can use right away.

You'll learn how to:

*   Limit damage if someone's login is stolen
*   Set strong access rules without slowing your team down
*   Stay in line with global security laws
*   See how financial companies stay both secure and flexible

**Sign up now** and take the next step in protecting your cloud, your team, and your business.

Using the cloud is now part of everyday business. But cyber attackers are getting smarter too. They find weak spots in identity and access settings—and they don't wait.

This webinar helps you fix those weak spots, protect your systems, and stay one step ahead. You don't have to slow down. You just need the right plan.

**Save your spot today**. Protect your cloud. Keep your business safe and strong.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Learn How Leading Companies Secure Cloud Workloads and Infrastructure at Scale

Austin, TX/USA, 18th November 2025, CyberNewsWire

**Austin, TX/USA, November 18th, 2025, CyberNewsWire**

**Forecast report highlights surge in identity-based threats, evolving threat actor tactics, and increased risk from AI and insider threats.**

SpyCloud, the leader in identity threat protection, today released its report, The Identity Security Reckoning: 2025 Lessons, 2026 Predictions, outlining 10 of the top trends that will shape the cyber threat landscape in the coming year. The predictions, based on observed and analyzed cybercrime activities from the past year and SpyCloud’s proprietary research and recaptured identity intelligence, shed light on the evolving tactics of cybercriminals and the identity-based threats security teams need to anticipate.

> “Identity misuse is threaded throughout nearly every trend outlined in the report, from malware-driven session hijacking to synthetic identities and exposed non-human credentials,” said Damon Fleury, SpyCloud’s Chief Product Officer. “As attackers exploit this expanding footprint, organizations will be forced to rethink how they detect, respond to, and prevent identity threats across their entire ecosystem.”

**SpyCloud’s Top 10 Identity-Driven Threats That Will Shape 2026:**

1.  **The cybercriminal supply chain continues to transform:** Malware-as-a-Service and Phishing-as-a-Service will remain core enablers of cybercrime, but 2026 will bring new “specialized roles” in the criminal economy that will make it easier for bad actors to operate at scale and with startup-like efficiency. These specialized roles include infrastructure providers, tool developers, access brokers, and even support services.
2.  **Threat actor communities will fragment, evolve, and get younger:** Law enforcement crackdowns and platform policy changes will continue pushing threat actors from darknet forums to mainstream apps. But perhaps more alarming is the influx of teen cybercriminals experimenting with plug-and-play attack kits for clout, profit, or curiosity. 2025 was also a big year for exposing Chinese cybercrime tactics, a trend expected to continue in 2026 alongside the rise of Latin America as a new hotbed for fraud and organized threat activity.
3.  **The non-human identity (NHI) explosion will fuel hidden risks:** Driven at least in part by the proliferation of AI tools and services, APIs, OAuth tokens, and service accounts, known as NHIs, are proliferating across cloud environments. These NHI’s often lack protections found more commonly in human-based credentials, like multi-factor authentication (MFA) and device fingerprinting. As these machine credentials quietly amass privileged access to critical systems, they create stealthy entry points for attackers and serious compliance gaps for enterprises.
4.  **Insider threats will be fueled by M&A, malware, and missteps:** In 2026, security teams will grapple with risks from compromised users, employment fraud from nation-state bad actors, and M&A activity that introduces inherited vulnerabilities and identity access sprawl. The “human element” will continue to be a weak point in proactive defense.
5.  **AI-enabled cybercrime has only just gotten started:** In 2026, AI will increasingly be used by bad actors to craft better malware, more believable phishing, and quickly triage vulnerable environments, increasing the overall risk to enterprises posed by this rapidly advancing technology
6.  **Attackers will find creative ways around MFA:** This year, SpyCloud found that 66% of malware infections bypassed endpoint protections. Expect to see more trending methods used to bypass MFA and other session defenses: residential proxies to spoof location authentication measures, anti-detect browsers to bypass device fingerprinting, Adversary-in-the-Middle (AitM) attacks used to phish credentials and steal valid cookies.
7.  **Vendors and contractors will test enterprise defenses:** Vendors and contractors continue to be a preferred attack vector to access enterprises. In 2026, organizations will need to treat third-party and contractor exposed identities with the same rigor as employee accounts – especially in tech, telecom, and software supply chains where threats are most acute and have a broader impact.
8.  **Synthetic identities will get smarter and harder to spot:** Criminals are assembling fake identities from real, stolen data and then enhancing them with AI-generated personas and deepfakes to defeat verification checks. With banks already flagging synthetic identity fraud as a top concern, expect this to become a front-page issue in 2026.
9.  **Distractions like combolists and “megabreaches” will obscure real threats:** Expect more viral headlines touting “billions of records leaked” even as many stem from recycled data found in combolists or infostealer logs – collections of already-exposed records repackaged by criminals to generate hype, fear, and clout. While older, unremediated data can still cause risk for organizations, these events often trigger widespread concern and divert attention away from more immediate, actionable threats.
10.  **Cybersecurity teams will restructure to tackle new threat realities:** As identity security becomes the common denominator across fraud, cyber, and risk workflows, teams will prioritize cross-functional collaboration, automation, and holistic identity intelligence to drive faster, more accurate decisions.

> “With the speed that technology moves, cybercrime evolves in lockstep and it’s equal parts fascinating to watch and challenging to keep up with,” said Trevor Hilligoss, SpyCloud’s Head of Security Research. “The commoditization and influence of the dark web will continue to complicate things, making 2026 another nonstop year for defenders. Understanding the TTPs of these cybercriminals and gaining insights into the data they find most valuable will help these defenders continue to stay one step ahead and positively impact these efforts in years to come. But you can be sure we’ll track these shifts in real time and enable our customers and partners to effectively combat identity misuse in all of its forms.”

To explore the full report and see how SpyCloud’s holistic identity threat protection solutions help security teams prevent identity-based attacks like ransomware, account takeover, and fraud, users can click here.

**About SpyCloud**

SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics and AI to proactively prevent ransomware and account takeover, detect insider threats, safeguard employee and consumer identities, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.

To learn more and see insights on your company’s exposed data, users can visit spycloud.com.

**Contact**

**Account Director**  
**Emily Brown**  
**REQ on behalf of SpyCloud**  
**\[email protected\]**

SpyCloud Unveils Top 10 Cybersecurity Predictions Poised to Disrupt Identity Security in 2026

It was the way DoorDash handled the communication of the breach, as much as the data leaked, that has angered customers.

DoorDash is known for delivering takeout food, but last month the company accidentally served up a tasty plate of personal data, too. It disclosed a breach on October 25, 2025, where an employee fell for a social engineering attack that allowed attackers to gain account access.

Breaches like these are sadly common, but it’s how DoorDash handled this breach, along with another security issue, that have given some cause for concern.

Information stolen during the breach varied by user, according to DoorDash, which connects gig economy delivery drivers with people wanting food bought to their door. It said that **names**, **phone numbers**, **email addresses**, and **physical addresses** were stolen.

DoorDash said that as well as telling law enforcement, it has added more employee training and awareness, hired a third party company to help with the investigation, and deployed unspecified improvements to its security systems to help stop similar breaches from happening again. It cooed:

> “At DoorDash, we believe in continuous improvement and getting 1% better every day.”

However, it might want to get a little better at disclosing breaches, warn experts. It left almost three weeks in between the discovery of the event on October 25 and notifying customers on November 13, angering some customers.

Just as irksome for some was the company’s insistence that “no sensitive information was accessed”. It classifies this as Social Security numbers or other government-issued identification numbers, driver’s license information, or bank or payment card information. While that data wasn’t taken, names, addresses, phone numbers, and emails are pretty sensitive.

One Canadian user on X was angry enough to claim a violation of Canadian breach law, and promised further action:

> “I should have been notified immediately (on Oct 25) of the leak and its scope, and told they would investigate to determine if my account was affected—that way I could take the necessary precautions to protect my privacy and security. \[…\] This process violates Canadian data breach law. I’ll be filing a case against DoorDash in provincial small claims court and making a complaint to the Office of the Privacy Commissioner of Canada.”

**How soon should breach notifications happen?**

How long is too long when it comes to breach notification? From an ethical standpoint, companies should tell customers as quickly as possible to ensure that individuals can protect themselves—but they also need time to understand what has happened. Some of these attacks can be complex, involving bad actors that have been inside networks for months and have established footholds in the system.

In some jurisdictions, privacy law dictates notification within a certain period, while others are vague. Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) simply requires notification as soon as is feasible. In the US, disclosure laws are currently set on a per-state level. For example, California recently passed Senate Bill 446, which mandates reporting breaches to consumers within 30 days as of January 1, 2026. That would still leave DoorDash’s latest breach report in compliance though.

**Another disclosure spat**

This isn’t the only disclosure controversy currently surrounding DoorDash. Security researcher doublezero7 discovered an email spoofing flaw in DoorDash for Business, its platform for companies to handle meal deliveries.

The flaw allowed anyone to create a free account, add fake employees, and send branded emails from DoorDash servers. Those mails would pass various email client security tests and land without a spam message in email inboxes, the researcher said.

The researcher filed a report with bug bounty program HackerOne in July 2024, but it was closed as “Informative”. DoorDash didn’t fix it until this month, after the researcher complained.

However, all might not be as it seems. DoorDash has complained that the researcher made financial demands around disclosure timelines that felt extortionate, according to Bleeping Computer.

**What actions can you take?**

Back to the data breach issue. What can you do to protect yourself against events like these? The Canadian X user explains that they used a fake name and forwarded email address for their account, but that didn’t stop their real phone number and physical address being leaked.

You can’t avoid using your real credit card number, either—although many ecommerce sites will make saving credit card details optional.

Perhaps the best way to stay safe is to use a credit monitoring service, and to watch news sites like this one for information about breaches… whenever companies decide to disclose them.

**We don’t just report on data privacy—we help you remove your personal information**

Cybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.

Latest News