Paige Henley
Published on: October 3, 2025
Cloudflare has successfully mitigated the largest distributed denial-of-service (DDoS) attack ever recorded, showcasing a concerning escalation in the scale of cyber threats.
“Cloudflare just autonomously blocked hyper-volumetric DDoS attacks twice as large as anything seen on the Internet before — peaking at 22.2 Tbps & 10.6 Bpps,” the company said in a tweet.
The previous record was an 11.5 Tbps UDP flood attack, which lasted 35 seconds. In contrast, Cloudflare’s report indicates that the latest attack lasted only about 40 seconds, which is a “hit-and-run” tactic designed to overwhelm defenses before they can respond fully.
This record-breaking incident combined multiple attack techniques in a single, massive multi-vector assault. Experts say such attacks are typically launched from enormous botnets (networks of compromised computers and IoT devices) that flood servers with traffic, rendering online services inaccessible to legitimate users.
Crucially, Cloudflare’s systems detected and blocked the attack autonomously, without any human intervention. By neutralizing the traffic at the network edge, close to its source, Cloudflare ensured that the intended targets remained fully operational.
Cloudflare’s success proves the growing importance of automated, machine learning-powered defenses, as traditional DDoS “scrubbing” centers, which are often reliant on manual traffic analysis, are ill-equipped to respond at this speed and scale.
As cybercriminals continue to refine their methods and expand their botnets, industry experts warn that hyper-volumetric DDoS attacks will likely become more frequent and more intense.
