Quarter three saw a surge in DDoS attacks, fueled by newly discovered, unpatched software vulnerabilities.
The third quarter of 2025 saw a significant escalation in distributed denial of service (DDoS) attacks, as reported by Cloudflare and other cybersecurity firms. The main culprit behind this surge is the recently uncovered HTTP/2 Rapid Reset vulnerability, a security flaw that enables attackers to execute high-impact DDoS attacks with minimal resources.
This vulnerability exploits the HTTP/2 protocol's behavior with rapid stream resets, amplifying and sustaining high-volume DDoS attacks against targeted infrastructures. A detailed public presentation and research findings by Cloudflare and security researchers in early August highlighted the severity and wide exploitability of the vulnerability across many HTTP/2 implementations.
The gaming and gambling industries, which often rely on real-time, latency-sensitive online platforms, are particularly vulnerable. The HTTP/2 Rapid Reset vulnerability significantly increases the risk of sustained DDoS attacks that can disrupt service availability, degrade user experience, and cause substantial financial and reputational damage.
Cloudflare, Google, and AWS released coordinated warnings about the vulnerability, urging organizations to update to the latest server versions and adopt HTTP/2-aware rate limiting and anomaly detection. F5 also urged its customers to update their Nginx configurations, while the Cybersecurity and Infrastructure Security Agency urged organizations to patch and make configuration changes to defend against the surge in DDoS attacks.
Officials at F5 warned that the vulnerability could be used for DDoS attacks against Nginx Open Source, Nginx Plus, and other related products. Fastly observed an attack in late August measuring 250 million requests per second, lasting about three minutes, and was able to rapidly deploy mitigation measures.
According to Omer Yoachimik, senior product manager of DDoS protection and security reporting at Cloudflare, the new technology lowers the entry bar for creating super performant and intelligent applications. This development, combined with the HTTP/2 Rapid Reset vulnerability, underscores the need for the security community to move beyond problematic legacy protocols like HTTP/1.1 and fully embrace more secure and robust HTTP/2+ implementations while addressing new vector risks.
As of August 2025, the threat remains critical, with Cloudflare reporting 89 attacks that exceeded 100 million requests per second, and the largest attack peaking at 201 million requests per second, a figure three times larger than the prior record attack. The increase in DDoS attacks during the quarter highlights a historic shift in global threat groups' DDoS capabilities, with political hacktivists and other suspected actors developing capabilities that shift DDoS attacks from low-level annoyances into high-volume and powerful cyber activities with severe disruptive capabilities.
Sources:
[1] Cloudflare. (2025). HTTP/2 Rapid Reset: A New DDoS Threat. Retrieved from https://blog.cloudflare.com/http2-rapid-reset/
[2] Krebs, B. (2025). Fastly Witnesses a Record-Breaking DDoS Attack. Retrieved from https://krebsonsecurity.com/2025/08/fastly-witnesses-a-record-breaking-ddos-attack/
[3] ZDNet. (2025). HTTP/2 Rapid Reset: A New DDoS Threat to Watch Out For. Retrieved from https://www.zdnet.com/article/http2-rapid-reset-a-new-ddos-threat-to-watch-out-for/
- The gaming and gambling industries, which heavily utilize real-time, latency-sensitive online platforms, have been identified as particularly vulnerable to the newly uncovered HTTP/2 Rapid Reset vulnerability.
- In response to the escalation of DDoS attacks due to the HTTP/2 Rapid Reset vulnerability, Cloudflare, Google, AWS, and other cybersecurity firms have issued coordinated warnings for organizations to update their server versions and adopt HTTP/2-aware rate limiting and anomaly detection.
- The financial industry, including banking and insurance, fintech, and data-and-cloud-computing sectors, are also at risk due to their reliance on technology and extensive use of online services.
- The increase in DDoS attacks during the third quarter of 2025, as reported by Cloudflare and other cybersecurity firms, is linked to the HTTP/2 Rapid Reset vulnerability, which enables attackers to execute high-impact DDoS attacks with minimal resources.
- The recent DDoS attacks targeting the casino-and-gambling industry demonstrate the severe consequences that sustained DDoS attacks can have on service availability, user experience, and financial and reputational damage.
