Cloudflare outage causes slow sites, login trouble and dashboard errors as users report problems even after the company says service is restored.

On the morning of November 18, 2025, web users around the world, including Hackread.com readers, began encountering error pages and inaccessible apps. The disruption originated with Cloudflare, Inc., a web-infrastructure company whose network handles an estimated 20% of global web traffic.

****What went wrong****

At about 6:40 a.m. ET (11:40 UTC), Cloudflare logged “internal service degradation” after an unusually large traffic event hit one of its services, causing elevated error rates across its network. The company’s **status page** listed “degraded performance” for core functions like Bot Management and Edge Network.

Later in the day, Cloudflare’s Chief Technology Officer, Dane Knecht, publicly addressed the disruption, stating: “I won’t mince words: earlier today we failed our customers and the broader Internet when a problem in @Cloudflare’s network impacted large amounts of traffic that rely on us.”

He clarified that the root cause was a **latent bug** triggered by a routine configuration change in a service underpinning Bot Mitigation. That bug then cascaded into broader traffic errors across the network. He stressed it was not an attack.

Cloudflare later confirmed that, “A fix has been implemented and we believe the incident is now resolved. We are continuing to monitor for errors to ensure all services are back to normal.”

****Who was affected****

Because Cloudflare serves as a content-delivery and security layer for a vast number of websites and platforms, the impact rippled widely:

*   Hackread.com, Canva, Uber, IKEA, Shopify, League of Legends, DoorDash, Discord, Patreon, Medium, Crunchyroll, GitLab, Udemy and many more.
*   Popular AI tools such as ChatGPT and other LLM services reported outages or high error rates.
*   Social-media platform X (formerly Twitter) experienced disruptions.
*   Other streaming or gaming services, large web-apps and corporate domains relying on Cloudflare’s network also reported errors.

Downdetector – a user-reported outage tracker – **showed** tens of thousands of reports at peak for affected services. However, the platform itself faced Clouflare-related issues.

Cloudflare is not a household brand in the way Apple or Google are, yet a major part of the internet’s functionality and security depends on it. When a service like this owns so much traffic, faults can escalate quickly from “one site down” to “large-scale service disruption.”

****Some Sites Still Facing Issues****

While Cloudflare’s CTO says the issue is resolved, users on X are **pointing out** that it is not fully back to normal. Many, including Hackread.com, are still dealing with slow loading, problems inside dashboards, redirects to a Cloudflare error window and trouble saving drafts or reaching the login page.

Some users also report that they cannot log in to Cloudflare or open the service properly on either computers or smartphones.

Nevertheless, it feels like the internet barely caught its breath from the last widespread disruption. Just a month ago, AWS went down and knocked countless services offline, as detailed in the **Hackread.com report**. Now Cloudflare is dealing with its own outage, turning this into the second major breakdown of core web infrastructure within a short span.

Cloudflare Outage Jolts the Internet – What Happened, and Who Was Hit

Austin, TX/USA, 18th November 2025, CyberNewsWire

**Austin, TX/USA, November 18th, 2025, CyberNewsWire**

**Forecast report highlights surge in identity-based threats, evolving threat actor tactics, and increased risk from AI and insider threats.**

SpyCloud, the leader in identity threat protection, today released its report, The Identity Security Reckoning: 2025 Lessons, 2026 Predictions, outlining 10 of the top trends that will shape the cyber threat landscape in the coming year. The predictions, based on observed and analyzed cybercrime activities from the past year and SpyCloud’s proprietary research and recaptured identity intelligence, shed light on the evolving tactics of cybercriminals and the identity-based threats security teams need to anticipate.

> “Identity misuse is threaded throughout nearly every trend outlined in the report, from malware-driven session hijacking to synthetic identities and exposed non-human credentials,” said Damon Fleury, SpyCloud’s Chief Product Officer. “As attackers exploit this expanding footprint, organizations will be forced to rethink how they detect, respond to, and prevent identity threats across their entire ecosystem.”

**SpyCloud’s Top 10 Identity-Driven Threats That Will Shape 2026:**

1.  **The cybercriminal supply chain continues to transform:** Malware-as-a-Service and Phishing-as-a-Service will remain core enablers of cybercrime, but 2026 will bring new “specialized roles” in the criminal economy that will make it easier for bad actors to operate at scale and with startup-like efficiency. These specialized roles include infrastructure providers, tool developers, access brokers, and even support services.
2.  **Threat actor communities will fragment, evolve, and get younger:** Law enforcement crackdowns and platform policy changes will continue pushing threat actors from darknet forums to mainstream apps. But perhaps more alarming is the influx of teen cybercriminals experimenting with plug-and-play attack kits for clout, profit, or curiosity. 2025 was also a big year for exposing Chinese cybercrime tactics, a trend expected to continue in 2026 alongside the rise of Latin America as a new hotbed for fraud and organized threat activity.
3.  **The non-human identity (NHI) explosion will fuel hidden risks:** Driven at least in part by the proliferation of AI tools and services, APIs, OAuth tokens, and service accounts, known as NHIs, are proliferating across cloud environments. These NHI’s often lack protections found more commonly in human-based credentials, like multi-factor authentication (MFA) and device fingerprinting. As these machine credentials quietly amass privileged access to critical systems, they create stealthy entry points for attackers and serious compliance gaps for enterprises.
4.  **Insider threats will be fueled by M&A, malware, and missteps:** In 2026, security teams will grapple with risks from compromised users, employment fraud from nation-state bad actors, and M&A activity that introduces inherited vulnerabilities and identity access sprawl. The “human element” will continue to be a weak point in proactive defense.
5.  **AI-enabled cybercrime has only just gotten started:** In 2026, AI will increasingly be used by bad actors to craft better malware, more believable phishing, and quickly triage vulnerable environments, increasing the overall risk to enterprises posed by this rapidly advancing technology
6.  **Attackers will find creative ways around MFA:** This year, SpyCloud found that 66% of malware infections bypassed endpoint protections. Expect to see more trending methods used to bypass MFA and other session defenses: residential proxies to spoof location authentication measures, anti-detect browsers to bypass device fingerprinting, Adversary-in-the-Middle (AitM) attacks used to phish credentials and steal valid cookies.
7.  **Vendors and contractors will test enterprise defenses:** Vendors and contractors continue to be a preferred attack vector to access enterprises. In 2026, organizations will need to treat third-party and contractor exposed identities with the same rigor as employee accounts – especially in tech, telecom, and software supply chains where threats are most acute and have a broader impact.
8.  **Synthetic identities will get smarter and harder to spot:** Criminals are assembling fake identities from real, stolen data and then enhancing them with AI-generated personas and deepfakes to defeat verification checks. With banks already flagging synthetic identity fraud as a top concern, expect this to become a front-page issue in 2026.
9.  **Distractions like combolists and “megabreaches” will obscure real threats:** Expect more viral headlines touting “billions of records leaked” even as many stem from recycled data found in combolists or infostealer logs – collections of already-exposed records repackaged by criminals to generate hype, fear, and clout. While older, unremediated data can still cause risk for organizations, these events often trigger widespread concern and divert attention away from more immediate, actionable threats.
10.  **Cybersecurity teams will restructure to tackle new threat realities:** As identity security becomes the common denominator across fraud, cyber, and risk workflows, teams will prioritize cross-functional collaboration, automation, and holistic identity intelligence to drive faster, more accurate decisions.

> “With the speed that technology moves, cybercrime evolves in lockstep and it’s equal parts fascinating to watch and challenging to keep up with,” said Trevor Hilligoss, SpyCloud’s Head of Security Research. “The commoditization and influence of the dark web will continue to complicate things, making 2026 another nonstop year for defenders. Understanding the TTPs of these cybercriminals and gaining insights into the data they find most valuable will help these defenders continue to stay one step ahead and positively impact these efforts in years to come. But you can be sure we’ll track these shifts in real time and enable our customers and partners to effectively combat identity misuse in all of its forms.”

To explore the full report and see how SpyCloud’s holistic identity threat protection solutions help security teams prevent identity-based attacks like ransomware, account takeover, and fraud, users can click here.

**About SpyCloud**

SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics and AI to proactively prevent ransomware and account takeover, detect insider threats, safeguard employee and consumer identities, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.

To learn more and see insights on your company’s exposed data, users can visit spycloud.com.

**Contact**

**Account Director**  
**Emily Brown**  
**REQ on behalf of SpyCloud**  
**\[email protected\]**

SpyCloud Unveils Top 10 Cybersecurity Predictions Poised to Disrupt Identity Security in 2026

Microsoft Azure halted a record 15.72 Tbps DDoS attack from the Aisuru botnet exposing risks created by exposed home devices exploited in large-scale cyber attacks.

On October 24, 2025, Microsoft Azure weathered the largest Distributed-Denial-of-Service (DDoS) attack ever recorded in the cloud. This massive digital assault, peaking at 15.72 Terabits per second (Tbps) and nearly 3.64 billion packets per second (pps), targeted a single endpoint in Australia.

Fortunately, according to Microsoft, its Azure global protection system automatically caught and filtered out the flood, keeping the customer’s services fully operational.

****The Growing Aisuru Threat****

The attack originated from the Aisuru botnet, which security firm Netscout calls a “Turbo Mirai-class” threat, which means the botnet can generate multi-TB/sec and -gpps direct-path DDoS attacks.

Aisuru, first spotted in August 2024, has since infected at least 700,000 IoT systems, such as home routers and security cameras. Its scale is stunning: besides the Microsoft incident, Aisuru was also linked to a huge 22.2 Tbps DDoS attack that Cloudflare mitigated in September 2025 and a 6.3 Tbps attack targeting investigative journalist Brian Krebs’s cybersecurity blogsite KrebsOnSecurity in May. Attacks of this magnitude were simply unheard of until recently.

Furthermore, it has been disruptive for US-based Internet Service Providers (ISPs) like AT&T, Comcast and Verizon. Attacks launched from infected customer devices have caused outbound traffic surges over 1.5 Tbps, which can be so extreme that they degrade service for other customers and even cause physical hardware failure in routers.

It’s worth noting that Aisuru’s operators, according to Netscout, restrict their targets, avoiding governmental, military, and law enforcement properties. This self-imposed rule is likely a way to stay under the radar and preserve the service’s criminal viability.

****The Botnet’s Lucrative New Business****

Cybercriminals behind the Aisuru botnet have moved past just offering simple DDoS-for-hire services for things like game servers, as it recently targeted Minecraft servers. They’ve updated their malware to focus on a more sustainable, hidden income stream: renting out the infected devices as ‘residential proxies.’

For your information, a residential proxy lets paying clients, often cybercriminals, hide their malicious activity by channelling it through a regular person’s home internet device. This makes the bad traffic look legitimate, which is much harder to block.

This shady business now heavily supports aggressive data harvesting for AI projects and content scraping. This activity is so widespread that on October 22, social media giant Reddit sued proxy providers, including Oxylabs, alleging they allowed mass-scraping of user data. Other botnets, like BADBOX 2.0, are adding to this growing problem.

The way these devices are infected sometimes involves Software Development Kits (SDKs), which refer to code bundled into other apps that silently turn a user’s device into a traffic relay, with their operators earning a commission.

The DDoS attack and spread of the Aisuru botnet go on to show that the poorly secured IoT devices in our homes are increasingly being turned into malicious tools, threatening not only the internet but even the unsuspecting users around the world.

Microsoft Azure Blocks 15.72 Tbps Aisuru Botnet DDoS Attack

Power vs Practicality in Crypto Automation

Crypto trading automation has transformed how traders approach the market. Instead of watching charts all day, they now rely on trading bots to handle entries, exits, and risk control. Among the top platforms, HaasOnline and Bitsgap take very different routes. 

Among the top AI trading platforms, HaasOnline and Bitsgap stand out but for very different reasons. HaasOnline is a powerhouse for professionals who love deep customisation and scripting. Bitsgap focuses on smart simplicity, a powerful AI trading solution that’s easy for anyone to use. 

Both platforms aim to simplify trading, but their methods couldn’t be more different. 

****Setup & Ease of Use** **

When it comes to getting started, Bitsgap is the clear winner in simplicity. There’s no software to download or configure; everything runs in the cloud. You sign up, connect your exchange API, and can start trading in just a few clicks. Even new users can launch a Bitsgap trading bot within minutes using ready-made templates. 

HaasOnline, by contrast, requires local installation. You must download the software, activate your license, and configure it on your own machine. For new traders, this setup can feel complex and time-consuming. While this extra control appeals to tech-savvy users, the steep learning curve can discourage beginners. 

****Trading Bots & Strategies** **

Both platforms provide a wide range of automation tools, but again, they serve different audiences. 

Bitsgap offers several ready-to-use bots designed for various market conditions: 

*   **DCA Bot** – ideal for dollar-cost averaging 

*   **GRID Bot** – great for sideways markets 

*   **COMBO Bot** – combines futures trading and grid logic 

*   **Smart Orders** – manage take-profit, stop-loss, and trailing functions in one place 

These bots require no coding and can be launched instantly with pre-built strategies. 

HaasOnline, meanwhile, takes a more advanced approach. It features HaasScript, a scripting language that lets you create your own algorithms from scratch. This flexibility is unmatched, but it also means more setup time and testing before you see results. 

So, if you’re a developer or a technically skilled trader, HaasOnline might feel like home. But for traders who want fast, effective automation without coding, Bitsgap’s pre-configured bots are far more practical. 

****Interface & User Experience** **

The difference in platform design is immediately clear. 

Bitsgap runs entirely in the cloud, giving users access from any device, desktop, tablet, or phone. The clean dashboard allows easy monitoring of open trades, performance stats, and portfolio value. You can pause, edit, or restart bots anytime without delay. 

HaasOnline relies on a local terminal, meaning you need to manage your own hardware and system resources. While this provides deep control, it limits flexibility when switching devices or trading on the go. 

Bitsgap’s interface is designed for traders who value transparency and smooth navigation. HaasOnline feels more like a developer’s workspace, powerful but less intuitive. 

****Backtesting & Analytics** **

Testing strategies before live trading is key to long-term success. Both services offer backtesting, but the experience is very different. 

With Bitsgap, users can backtest instantly using historical data directly from the dashboard. Results are displayed clearly, showing profit, drawdown, and trade count within seconds. It’s a visual, beginner-friendly process that helps users learn fast. 

HaasOnline also includes advanced backtesting and paper trading options, but the setup can be complex. You often need to configure parameters manually or write scripts to test specific logic. It’s powerful but not effortless. 

In short, HaasOnline offers depth, while Bitsgap delivers speed and clarity. 

****Security, Infrastructure & Support** **

Security is a top priority for any crypto trader. Bitsgap operates in the cloud with encrypted API connections, ensuring your funds remain on the exchange and are never stored by the platform. Its infrastructure guarantees over 99.9% uptime, with automatic updates and maintenance handled server-side. 

HaasOnline’s local hosting approach gives users complete control of their data but also adds responsibility: security depends on your own computer setup, network, and maintenance. 

When it comes to support and documentation, Bitsgap offers responsive live chat, email help, and an extensive knowledge base with tutorials and video guides. HaasOnline provides documentation and forums, but is more oriented toward developers. 

For most traders, Bitsgap’s managed cloud-based setup means fewer risks and less technical hassle. 

****Pricing Comparison** **

Here’s where philosophy meets price. 

Bitsgap uses a subscription model, allowing you to choose a monthly or annual plan with access to all major tools, support, and regular updates. A free trial is available, perfect for testing before committing. 

HaasOnline follows a license-based model. You pay for a license that unlocks specific features for a set period. It’s a fair system for professionals who know exactly what they need, but it can feel restrictive for casual users who just want to experiment. 

Both offer solid value, but Bitsgap’s flexible subscription and free trial make it more accessible to a wider audience. 

****Final Verdict: Choose Your Weapon** **

Both HaasOnline and Bitsgap deliver powerful trading automation, but they represent two very different philosophies. 

**Feature** 

**Bitsgap** 

**HaasOnline** 

**Setup** 

Instant, no installation 

Local setup required 

**Ease of Use** 

Beginner-friendly 

Advanced, steep learning curve 

**Bots** 

DCA, GRID, COMBO, Smart Orders 

HaasScript custom bots 

**Hosting** 

Cloud-based 

Local machine 

**Analytics** 

Built-in, visual 

Manual, script-driven 

**Support** 

Live chat, guides 

Forums and docs 

**Pricing** 

Subscription + Free Trial 

License-based 

If you want automation without the pain, Bitsgap is your go-to platform. It combines smart tools, simplicity, and reliability, perfect for anyone who wants to trade confidently without dealing with code or complex setups. HaasOnline remains a solid choice for users who crave full customisation, control, and don’t mind spending extra time tuning every detail. 

(Photo by fabio on Unsplash)

Bitsgap vs HaasOnline: Advanced Features vs Smart Simplicity 

Menlo Park, CA, November 17th, 2025, CyberNewsWire.

AccuKnox, a global leader in Zero Trust Cloud-Native Application Protection Platforms (CNAPP), today announced its partnership with Alice Blue India, a prominent brokerage and financial services firm, to strengthen its security and compliance frameworks across on-prem and cloud workloads.

The partnership was executed through channel partner Airowire. Leveraging AccuKnox’s security capabilities, Alice Blue aims to achieve enhanced visibility, automated compliance, and continuous protection within its infrastructure.

The customer’s Chief Information Security Officer (CISO), Navneethan, expressed strong confidence in the platform following a detailed proof-of-concept evaluation.

**Alice Blue’s Decision to Partner with AccuKnox**

Key differentiators include:

*   Agentless Zero Trust CNAPP architecture ensuring low operational overhead.
*   Rapid deployment with measurable visibility and compliance outcomes
*   Alignment with India’s key regulatory frameworks – RBI, SEBI, PCI-DSS, ISO, and SOC 2

“Financial institutions like Alice Blue require robust, scalable, and compliant security frameworks. AccuKnox’s Zero Trust CNAPP platform provides end-to-end protection from code to cognition, enabling Alice Blue to reduce risk, automate compliance, and focus on domain innovation,” said Rahul Jadhav, CTO at AccuKnox.

“At Alice Blue, securing our trading infrastructure and maintaining regulatory compliance are top priorities, said Navneethan, CISO, Alice Blue India. “Partnering with AccuKnox allows us to leverage world-class Zero Trust CNAPP capabilities while automating compliance across multi-cloud workloads, and this collaboration strengthens both our internal security posture and the services we deliver to our customers._“_

“We are thrilled to support Alice Blue India in deploying AccuKnox’s Zero Trust CNAPP platform. This partnership demonstrates how channel collaboration can accelerate security adoption in regulated industries, delivering measurable outcomes in compliance, visibility, and threat protection,” said Hemath Raj, Account Manager, Airowire Networks.

****About Airowire****

Airowire Networks is a network and cybersecurity solutions provider specializing in infrastructure modernization, cloud security, and managed detection services. With a strong regional presence and a focus on delivering secure digital transformation.

****About Alice Blue****

Alice Blue is a leading brokerage and financial services company offering advanced trading platforms, real-time analytics, and customer-centric solutions. With a strong commitment to innovation and regulatory compliance.

****About AccuKnox****

AccuKnox is a Zero Trust CNAPP platform that delivers runtime protection, agentless risk assessment, and comprehensive visibility across cloud, container, and AI workloads. A core contributor to CNCF open-source projects KubeArmor and ModelArmor.

****Contact****

PMM  
Syed Hadi  
AccuKnox  
\[email protected\].

Alice Blue Partners with AccuKnox for Regulatory Compliance

Everest ransomware claims to have breached Under Armour, stealing 343GB of data, including customer info, product records, and internal company files.

Everest ransomware gang is claiming to have breached Under Armour, Inc., the American sportswear giant, and stolen 343 GB of internal company data, employee information, along with personal data of millions from various countries. The claims were published earlier today on the group’s official dark web leak site.

****Sample Data Includes Sensitive Customer and Product Information****

As seen by Hackread.com, the group has also published sample data to prove the authenticity of their claims. The sample data contains customer information and their shopping history, along with other details, including email addresses, phone numbers, purchase timestamps, product identifiers, prices, quantities, store preference records, location data for cities and regions, marketing campaign logs, deep link tracking entries, and identifiers tied to user accounts and transactions.

The leaked data also includes detailed product catalogue records linked with customer information, indicating it may originate from a marketing, personalisation, or product registration system. Each entry contains product details such as SKU, name, type, category, size, colour, prices, availability, ratings, localised descriptions, and multiple regional links.

In addition to this, the records expose customer data, including email addresses, first names, consent status, language preference, and request timestamps. This combination of commercial and personal information reveals both product-level business intelligence and individual user behaviour, making it a serious data exposure if verified by Under Armour.

Screenshot from the Everest ransomware gang’s dark web leak site showing breach claims and sample data related to Under Armour

****7 Day Deadline to Under Armour****

Everest ransomware group has given Under Armour a seven-day deadline to make contact via Tox messenger, warning that the opportunity to respond is limited. In their message, they instructed a company representative to follow the contact steps “before time runs out,” accompanied by a countdown timer.

The group has a history of leaking data when companies refuse to engage or reject ransom demands. Previous incidents linked to Everest include the AT&T carrier website database with over half a million users’ data, 1.5 million Dublin Airport passenger records, and internal Coca-Cola employee data.

****What’s Next for Under Armour Customers****

Hackread.com has reached out to Under Armour for comment. The breach claims made by the Everest ransomware group should be treated as allegations until the company either confirms or denies them.

In the meantime, customers are advised to monitor their accounts and banking activity, change all associated passwords, enable two-factor authentication on any accounts linked to Under Armour, and remain cautious of emails claiming to be from the company. Attackers often exploit such incidents to launch phishing campaigns disguised as breach alerts.

(Photo by Kyle Bushnell on Unsplash)

Everest Ransomware Says It Stole Data of Millions of Under Armour Users

Menlo Park, California, USA, 17th November 2025, CyberNewsWire

**Menlo Park, California, USA, November 17th, 2025, CyberNewsWire**

**AccuKnox**, a global leader in Zero Trust Cloud-Native Application Protection Platforms (CNAPP), today announced its distributor partnership with Frentree, **a leading cybersecurity solutions provider in South Korea.** The collaboration aims to strengthen cloud, container, and AI workload security for enterprises across the region by combining Frentree’s strong market presence with AccuKnox’s advanced Zero Trust security capabilities.

The partnership was finalized after detailed technical and strategic discussions, during which **Frentree expressed strong confidence in AccuKnox’s architecture, runtime protection depth, and alignment with Korean enterprise security needs.**

**Frentree’s Decision to Partner with AccuKnox**

As cloud adoption accelerates across financial and enterprise sectors in Korea, Frentree sought a platform that could deliver comprehensive visibility, scalable runtime protection, and automated compliance across complex, hybrid environments. AccuKnox emerged as the ideal partner based on its engineering sophistication and its alignment with Zero Trust security models.

**Leadership Comments**

> “At Frentree, we aim to introduce world-class cybersecurity technologies to Korean enterprises,” said **CY Jang, CEO, Frentree**. “AccuKnox’s platform stands out for its depth and scalability with advanced AI security. 

> “South Korea is a highly sophisticated and discerning market,” said **Nat Natraj, CEO, AccuKnox.** “Frentree has immense expertise in Cloud Security, we are very excited about our partnership with Frentree and serving clients and partners in South Korea. 

> “Our distributor partnership with Frentree is a significant step in expanding our global partner ecosystem,” **added Syed Hadi, Senior Marketing Manager, AccuKnox.**“Frentree’s strong regional presence and long-standing trust with large financial and enterprise customers make them an ideal partner for accelerating Zero Trust adoption in South Korea.”

**About Frentree**

Founded in 2013, Frentree is a cybersecurity solutions provider based in Seoul specializing in cloud security, privacy, and compliance. With partnerships across leading global security vendors, Frentree serves major financial institutions and enterprise customers in Korea.

**About AccuKnox**

AccuKnox is a Zero Trust CNAPP platform that delivers runtime protection, agentless risk assessment, and deep visibility across cloud, container, API and AI workloads. As a core contributor to CNCF open-source projects KubeArmor and ModelArmor, AccuKnox empowers enterprises to achieve measurable risk reduction and automated compliance.

**Contact**

**PMM**  
**Syed Hadi**  
**AccuKnox**  
**\[email protected\]**

Frentree Partners with AccuKnox to Expand Zero Trust CNAPP Security in South Korea

HiddenLayer reveals the EchoGram vulnerability, which bypasses safety guardrails on GPT-5.1 and other major LLMs, giving security teams just a 3-month head start.

New research from the AI security firm HiddenLayer has exposed a vulnerability in the safety systems of today’s most popular Large Language Models (LLMs) like GPT-5.1, Claude, and Gemini. This flaw, discovered in early 2025 and dubbed EchoGram, allows simple, specially chosen words or code sequences to completely trick the automated defences, or guardrails, meant to keep the AI safe.

****What is EchoGram and How Does it Work?****

For your information, LLMs are protected by guardrails, which are basically filter systems designed to spot and block harmful requests, like asking the AI to give out secret information (Alignment Bypasses) or forcing it to ignore its rules (Task Redirection, also called Prompt Injection). These guardrails usually work in one of these two ways: a separate AI model judging the request (LLM-as-a-judge) or a simple text-checking system (classification model).

EchoGram targets Guardrails

The EchoGram attack works by taking advantage of how both types of guardrail models are trained. Both learn what’s safe and unsafe from large collections of past data. The technique starts by creating a wordlist, a specific collection of words and symbols, which is then used to find sequences (which the researchers call flip tokens) that are missing or unbalanced in the training data.

These flip tokens are often nonsensical, i-e, they pass through the defence layer without changing the original malicious request the main AI sees. By using a flip token, an attacker can make the defence system change its mind, or ‘flip the verdict.’

For example, when HiddenLayer researchers were testing an older version of their own defence system, a malicious command was approved when a random string “=coffee” was simply added to the end.

EchoGram prompt working on gpt-4o (Image credit: HiddenLayer)

****More Than Just Letting Malicious Requests Through****

Further probing revealed that this technique can be used in two damaging ways. First, an attacker can slip a truly malicious request past the defences. Second, they can do the opposite: they can take a completely harmless request and craft it so the guardrail incorrectly flags it as dangerous.

This ability to cause false alarms can be just as harmful. If security teams are constantly flooded with incorrect warnings, they could lose faith in the system’s accuracy, a problem HiddenLayer researchers Kasimir Schulz and Kenneth Yeung refer to as “alert fatigue,” in the blog post shared with Hackread.com.

 It is worth noting that combining multiple flip tokens can make an attack even stronger. The team estimates developers have only a ~3-month defensive head start before attackers can copy this method, making immediate changes critical as AI integration into fields like finance and healthcare becomes faster.

(Photo by Mohamed Nohassi on Unsplash)

EchoGram Flaw Bypasses Guardrails in Major LLMs

AIPAC reports data breach after external system access, hundreds affected, investigation ongoing with added security steps.

AIPAC (American Israel Public Affairs Committee) has announced a data breach linked to an external system breach that involved an unknown third-party company. The disclosure appeared in a notification submitted to the Maine attorney general’s office on November 14 2025.

****4 Months of Access****

The filing states that the data breach was identified on August 28, 2025, when files stored on AIPAC systems were accessed without authorisation from October 20 2024, to February 6 2025. The review of those files showed that names, along with other personal identifiers, were taken.

A total of 810 people were affected, including one resident of Maine. Although AIPAC did not specify which data types were present in the personal identifiers, it is important to note that such identifiers, also known as PII, can cover Social Security Number or Taxpayer ID Number, driver license number, state ID number, passport number, home address, contact details, email address, payment card data and banking information.

> _“We are writing to notify you that American Israel Public Affairs Committee (“AIPAC” or the “Organization”) was the subject of a criminal cyberattack (the “Incident”)._
> 
> _(…)_
> 
> _“Through its extensive investigation, AIPAC determined that the Incident resulted in unauthorized access to certain files stored on its information systems. The Organization then undertook the time- and resource-intensive steps of determining whether those files contained personally identifiable information (“PII”) and to identify the data subjects to whom that PII related.”_
> 
> Snippet from AIPAC Notification

AIPAC began notifying those affected on November 13, 2025, through email. The notice sent to individuals reports that the group has not found signs of misuse. It is worth noting that no group has claimed responsibility for the hack, and no AIPAC-linked data has appeared on hacker forums so far.

The organisation says it is providing identity protection through IDX for twelve months. The package includes credit and CyberScan monitoring, an insurance reimbursement policy and identity recovery support.

AIPAC states that it has added new security controls after the incident, including posture controls, non-human identity controls, email data loss prevention, Microsoft 365 access controls, privilege alerts, geolocation restrictions, audit functions and increased monitoring.

****What is AIPAC?****

AIPAC is a United States-based political organisation that works to influence policy related to Israel. It focuses on building support in Congress and guiding lawmakers on issues linked to US-Israel relations.

The organisation also raises funds, builds networks and pushes for legislation that aligns with its policy goals. It is one of the most active groups in Washington and often engages with elected officials, staff and donors to advance its agenda.

AIPAC Discloses Data Breach, Says Hundreds Affected

Food delivery giant DoorDash confirms a data breach on Oct 25, 2025, where an employee fell for a social engineering scam. User names, emails, and home addresses were stolen.

DoorDash, the popular food delivery company, is once again dealing with a public relations issue following a data breach where an unauthorised person, reportedly, stole key contact details from users, delivery drivers, and merchants.

The company’s internal security team first detected the issue on October 25, 2025. Upon further investigation, the team found that the security lapse happened after one of their employees was tricked in a social engineering scam.

For your information, social engineering is simply a trick where criminals manipulate a person into giving up private information or allowing access to systems, which helps them bypass technical security measures. In this case, the attacker gained access before DoorDash’s response team could stop them.

****What Information Was Taken?****

DoorDash has confirmed that the information stolen includes full names, physical addresses, email addresses, and phone numbers. This incident affected people across the company’s operating regions, including the US, Canada, Australia, and New Zealand. DoorDash has also assured recipients that, currently, they have no evidence that the stolen data has been used for fraud or identity theft.

While the company was quick to state that no sensitive information, like credit card numbers, Social Security numbers, or driver’s license details, was taken, this claim has met with criticism. As we know it, having a person’s name, email, and phone number together is often enough for criminals to launch very believable phishing and smishing attacks. Users are also concerned that their home addresses were accessed.

****Delay in Notification****

It is worth noting that while the breach was found on October 25, customers only started receiving email warnings on November 13. This delay in telling affected users has led to frustration, with some questioning if the company followed data breach laws and even threatening to take legal action. Affected users have taken to platforms like X (formerly Twitter) to share the email notices they received.

> Just in: DoorDash breached…
> 
> “unauthorized third party gaining access to and taking certain user contact information…but may have included first and last name, phone number, email address and physical address”
> 
> Next paragraph:
> 
> “No sensitive information was accessed”
> 
> 🤦‍♂️ pic.twitter.com/1xOXtjnOfT
> 
> — Kostas (@Kostastsale) November 13, 2025

DoorDash has responded by saying they are improving their security systems, increasing employee training on scams like phishing and social engineering, and have hired a leading third-party cybersecurity forensics firm to help with their investigation. They also referred the matter to law enforcement.

This is the third major security failure for the delivery company since 2019. Previously, Hackread.com covered a similar attack in August 2022 that affected customer and Dasher data after a different third-party vendor was compromised.

(Photo by Marques Thomas on Unsplash)

Source

HackRead