DDoS Attacks Hit Record 31.4 Tbps While Basic Security Gaps Keep Growing

Page content

DDoS Attacks Hit Record 31.4 Tbps While Basic Security Gaps Keep Growing

I’ve been watching the security news this week, and honestly, it feels like we’re living in two different worlds. On one hand, we’re seeing absolutely massive technical achievements in attacks—like the AISURU/Kimwolf botnet that just broke DDoS records with a 31.4 Tbps attack. On the other hand, we’re still dealing with the same fundamental security mistakes that have plagued us for years.

Let me walk you through what caught my attention this week and what it means for those of us trying to keep systems secure.

When Botnets Break Physics (Almost)

That 31.4 Tbps DDoS attack is genuinely mind-blowing. For context, that’s enough bandwidth to saturate most major internet backbones. What’s particularly interesting is that it only lasted 35 seconds—this wasn’t some sustained campaign, but more like a proof-of-concept showing just how much firepower the AISURU/Kimwolf botnet can bring to bear.

Cloudflare managed to detect and mitigate it automatically, which is reassuring, but it raises an uncomfortable question: what happens when these attackers decide to sustain an attack like this for minutes or hours instead of seconds? The fact that this was part of a series of “hyper-volumetric” attacks in Q4 2025 suggests they’re testing capabilities and learning what works.

For those of us running smaller operations without Cloudflare’s infrastructure, this is a wake-up call about the scale of threats we might face. Traditional DDoS mitigation strategies simply can’t handle attacks of this magnitude.

The Basics Still Matter More Than Ever

While we’re dealing with record-breaking attacks, CISA just had to issue a binding directive telling federal agencies to replace end-of-life edge devices. Think about that for a moment—in 2026, we still need to force government agencies to stop using network equipment that doesn’t receive security updates.

This isn’t some exotic zero-day problem. This is basic infrastructure hygiene, and apparently it’s still not happening consistently across federal networks. If agencies with dedicated cybersecurity budgets and CISA oversight are struggling with this, what does that say about the state of security in smaller organizations?

The edge device problem is particularly concerning because these devices often sit at the network perimeter with elevated privileges and direct internet exposure. An unpatched edge device is essentially an open door with a welcome mat.

When AI Builds Itself Into Trouble

Speaking of basic security mistakes, the Moltbook incident is almost comical if it weren’t so predictable. Someone used AI to build an entire web platform, and—surprise—it exposed all its data through a publicly accessible API.

This is exactly what we’ve been warning about with AI-generated code. The AI can write functional code quickly, but it doesn’t understand security context or threat modeling. It’s like having a really fast developer who’s never heard of OWASP and doesn’t know what authentication means.

What worries me is that we’re probably going to see a lot more of these incidents as AI coding tools become more prevalent. We need to start thinking seriously about how to integrate security reviews into AI-assisted development workflows.

The Persistent Threat of Sophisticated Actors

The DKnife implant story is another reminder that while we’re dealing with basic security hygiene issues, sophisticated threat actors are operating with tools that have been in the wild since 2019. This malware targets desktop, mobile, and IoT devices for adversary-in-the-middle attacks, and it’s been quietly doing its work for years.

The longevity of this campaign is what strikes me most. Seven years of operations suggests a level of sophistication and operational security that most organizations struggle to defend against. While we’re arguing about patching edge devices, these actors are running multi-year campaigns across multiple device types.

Development Platforms Under Fire

The GitHub Codespaces vulnerability adds another layer to our security concerns. The ability to achieve remote code execution through crafted repositories or pull requests means that even our development environments aren’t safe from attack.

This is particularly troubling because it attacks the trust model that makes collaborative development possible. When developers can’t safely review pull requests or clone repositories without risk of compromise, it fundamentally changes how we need to approach development security.

What This Means for Us

Looking at these stories together, I see a few key themes. First, the scale and sophistication of attacks continue to grow exponentially. That 31.4 Tbps attack would have been science fiction a few years ago.

Second, we’re still failing at the fundamentals. End-of-life devices on federal networks and AI-generated platforms with no security controls show that basic security practices aren’t being consistently applied.

Third, the attack surface keeps expanding. From development platforms to AI-generated code to IoT devices, we have more potential entry points than ever before.

The good news is that many of these problems are solvable with existing tools and practices. The bad news is that solving them requires consistent execution across entire organizations, which remains our biggest challenge.

Sources