Cloudflare employees were recently targeted by a “sophisticated” cyberattack, and even though some fell for the scheme, the DDoS protection company managed to successfully defend itself. 

In a blog post(opens in new tab), Cloudflare co-founder Matthew Prince, together with team members Daniel Stinson-Diess and Sourov Zaman, explained how the attack happened and what made the difference between success and failure.

The threat actor made a couple of key preparations ahead of the attack: they registered a domain that looked legitimate and would fool many victims: cloudflare-okta.com. Okta is Cloudflare’s identity provider. They also managed to somehow obtain the phone numbers of almost 80 Cloudflare employees, as well as family members for some.


More

The Hacker News: Microsoft Removes Password Management from Authenticator App Starting August 2025

Microsoft has said that it’s ending support for passwords in its Authenticator app starting August…

Read More →

PCmag: This Password Manager Now Lets You Create an Account Without a Password

Dashlane lets you open an account with a FIDO2-spec USB security key as your authentication.…

Read More →

ZDNET: Facebook’s new passkey support could soon let you ditch your password forever

For all of us who hate passwords, passkeys represent a simpler and safer way of authenticating online…

Read More →


123281 Next