A cluster of major websites (including X and ChatGPT) went down for large parts of Tuesday after Cloudflare, the backbone beneath much of the modern web, tripped over its own wiring.
Shortly after 11:30 GMT, reports began to stack up on Downdetector. Thousands of users. Dozens of services. A quiet drumbeat turning into a roar. Pages froze. Apps hung. Routine clicks suddenly felt like walking through mud.
Cloudflare later admitted the fault was theirs. A configuration file meant to sift hostile traffic misbehaved, triggering a crash in the software that keeps its wider network flowing. In the company’s words, it was a “significant outage.”
In a statement, the company said: “We apologise to our customers and the Internet in general for letting you down today.”
Any failure, they added, was unacceptable, especially at their scale.
Engineers rolled out fixes. Systems began to return. However the web doesn’t snap back in an instant. Some services are still wobbling as caches refresh and traffic routes settle.
The blast radius was broad. Spotify, Perplexity, Zoom, Canva, each took its hit. For a few hours, the fragility of the internet was on full display. One misfire and a small file behaving badly was the culprit.
A Strike by the Aisuru Botnet?
While the official explanation cites a “configuration error,” Ted Miracco, CEO of Approov, believes this narrative ignores the precipitating event: a calculated retaliatory strike by the Aisuru botnet.
He argued that the “spike in unusual traffic” Cloudflare admitted to wasn’t random, it was a hyper-specific surge designed to weaponize Cloudflare’s own automated defenses against them.
“This attack this bears all the hallmarks of a revenge attack by those behind the massive Aisuru botnet,” he said. “Today’s Cloudflare outage has been ascribed to a ‘configuration error,’ but it’s well worth looking at precursor events to the ‘spike in unusual traffic’ that have occurred over the last few weeks.
Miracco added: “In late October and early November, domains associated with botnet have repeatedly edged out Amazon, Apple, Google and Microsoft in Cloudflare’s most frequently requested websites rankings. Cloudflare responded by scrubbing Aisuru domain names from their top websites list. Cloudflare CEO Matthew Price said Aisuru’s overlords are using the botnet to boost their malicious domain rankings, while simultaneously attacking the company’s domain name system (DNS) service.”
He said the incident was likely the botnet’s response to Cloudflare’s actions to suppress Aisuru’s infrastructure, a surge designed to both flood the network and trigger a logic failure in the very automated defenses designed to stop it.
“It’s telling that a ‘defensive’ file grew large enough to crash the system, indicating that the attackers knew precisely how to weaponize Cloudflare’s own protection mechanisms against them. This likely wasn’t merely a glitch; the botnet’s overlords were likely signaling that the cost of suppression is escalation.”
Cloudflare’s latest update says the service is fully back to normal. “Cloudflare services are currently operating normally. We are no longer observing elevated errors or latency across the network.”
This is just one more major outage, hot on the heels of similar disruptions at Amazon Web Services and Microsoft Azure in the past month.
You Don’t Need an Attacker
Chad Cragle, Chief Information Security Officer at Deepwatch, has a different perspective and said that the outage is another reminder that you don’t need an attacker to take down the Internet.
“Sometimes, all it takes is a bug or a routine change. While this can happen to any company, the larger the provider and the broader their dependency footprint, the more critical a strong business continuity discipline becomes. At this scale, you need airtight change control, multi-step peer review, redundancy designed to handle failure, and clear backup plans that limit the impact. A single misconfiguration shouldn’t be able to ripple across the entire global web.”
For the industry, Cragle said the future must involve building architectures that anticipate third-party failure. “Companies depend on these third parties, and their customers do too, so when a major provider goes dark, it creates downstream trust issues, even if your own product is perfectly healthy. If the customer relationship is already strained, an outage like this can directly threaten revenue.”
Moving forward, he said organizations need deeper dependency mapping, multi-path redundancy, realistic disaster recovery simulations, and vendor transparency that keeps customers informed in real time. “These events will happen, but the key lesson is that resilience can’t be optional. We must plan for the fragile parts of the ecosystem and ensure that the blast radius of any single provider never results in an industry-wide outage, as we have now witnessed three times in just a few months.
Fragile Chokepoints
Misbah Rehman, Vice President of Product Management and Compliance, at Alkira, added that the Cloudflare outage is a reminder that the internet still has fragile chokepoints. “When a major global service provider stumbles, downstream applications across the industry feel it — no matter how modern or well-architected their own platforms are.
Rehman said: “As AI-driven applications demand real-time reliability, networks must move beyond fragile, single cloud-dependent footprints to a resilient, provider-agnostic fabric. That means building resilient-by-design infrastructure that never assumes any single provider, cloud, or network layer will always be available — decoupling control planes from underlying infrastructure, enforcing consistent policy everywhere, and giving enterprises the ability to route, fail over, or isolate issues instantly across clouds, regions, and partners.”
“When core infrastructure providers like Cloudflare experience a disruption, it isn’t just websites that go down, entire machine-to-machine workflows stall. In an internet increasingly run by APIs and automation, resilience isn’t just about uptime, it’s about knowing when critical services are degrading,” commented Mayur Upadhyaya, CEO at APIContext.
“The outage highlights why regulators like the EU and UK are doubling down on frameworks like DORA and Cyber Security and Resilience Bill, which demand observability across the full delivery chain, from DNS to CDN to application logic. Enterprises need to move beyond internal logs and embrace outside-in testing to baseline normal behaviour and catch anomalies before users, or machines, feel the impact.”
Everyone Feels it at Once
Graeme Stewart, head of public sector at Check Point Software, added: “Cloudflare going down today sits in the same pattern we saw with the recent AWS and Azure outages. These platforms are vast, efficient, and used by almost every part of modern life. The upside is obvious. Their scale keeps costs low, makes security tools more accessible, and gives even small organizations the kind of performance that would once have been impossible. The downside is just as clear. When a platform of this size slips, the impact spreads far and fast, and everyone feels it at once.
“During today’s outage, news sites, payments, public information pages, and community services all froze. That was not because each organisation failed on its own. It was because a single layer they all rely on stopped responding. People saw a simple error page, but the disruption reached into the systems that hold up essential services.”
“From a cybersecurity view, this is the part that matters,” Stewart explained. “Any platform that carries this much of the world’s traffic becomes a target. Even an accidental outage creates noise and uncertainty that attackers know how to use. If an incident of this scale were deliberately triggered, the disruption would spread across countries that use these platforms to communicate with the public and deliver essential services.
“Many organizations still run everything through one route with no meaningful backup. When that route fails, there is no fallback. That is the weakness we keep seeing play out. The internet was meant to be resilient through distribution, yet we have ended up concentrating huge amounts of global traffic into a handful of cloud providers.
“Large platforms bring benefits, but events like today show the cost of that decision. Until there is real diversity and redundancy in the system, each outage will hit people harder than it should.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.