Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Welcome to the 22nd edition of the Cloudflare DDoS Threat Report. Published quarterly, this report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the second quarter of 2025. June was the busiest month for DDoS attacks in 2025 Q2, accounting for nearly 38% of all observed activity.

We are thrilled to announce that Cloudflare has been named a Visionary in the 2025 Gartner Magic Quadrant for Secure Access Service Edge (SASE) Platforms1 report. We view this evaluation as a significant recognition of our strategy to help connect and secure workspace security and coffee shop networking through our unique connectivity cloud approach. You can read more about our position in the report here.

HIPAA violations don’t always come from malicious attacks or headline-making data breaches. More often, they stem from everyday mistakes, like misdirected emails and vendors that aren’t as secure as they seem. Even small slip-ups can expose protected health information (PHI) and invite major consequences. ‍ In today’s complex compliance landscape, those mistakes are alarmingly common.

Security maturity means different things to different organizations, but the one constant is that it needs to be structured. By consistently assessing where you stand and where you need to go against a solid framework, you're able to take what seems like an impossible goal and break it down into achievable and actionable checkpoints that actually move the needle. ‍ The key to making this work isn't just having the right framework but making sure the right stakeholders are involved in the process.

As generative AI revolutionizes how we write software, it’s also reshaping how we secure it. Tools like GitHub Copilot and ChatGPT now allow developers to write functional applications with just a few prompts. This growing trend, dubbed “vibe coding,” represents a fundamental shift in development philosophy: developers rely on AI-generated code and focus more on ideas than implementation. This unlocks speed and creativity, but it also exposes new and serious security risks.

Rolling out 1Password across your company should be fast, simple, and secure. But if you’re an IT admin deploying to thousands of employees, it can quickly become tedious. That changes today. We’re excited to launch two powerful improvements to help enterprise teams roll out 1Password faster, more securely, and with more control: Let’s take a closer look.

Microsoft has now launched the public preview of the Azure DevOps Model Context Provider (MCP) Server in a brave attempt to change developer productivity. With this newly introduced capability, GitHub Copilot in Agent Mode can directly access a developer’s Azure DevOps project data and allow the developer to interact with its data and functions via the natural language commands provided by the Copilot, within the developer’s coding environment, such as Visual Studio Code or Visual Studio.

Empower your developers with GitGuardian's new MCP Server. Embed AI-driven secrets security directly into your IDE, streamline incident remediation, and secure code in real time.

‍

IoT and unmanaged devices are some of the toughest blind spots for security teams today, and attackers know it. That’s why we’re excited to team up with Armis — an expert in device discovery and risk assessment — to bring its real-time device data right into Elastic Security. By combining Armis’s rich telemetry with Elastic Security’s analytics, ES|QL querying, and Elastic AI Assistant, analysts get the full picture of their device landscape.